> Fritz bounced this to me as the originator of listenport2.
>
> The original theory was to connect the link to an auth-only port already
> supported by the MTA eg 587/tcp aka submit, and of course the disconnect
> code would be built in to the MTA... Such an MTA behaves by responding
>
> 530 5.7.0 Authentication required
>
> to MAIL FROM before AUTH, so this is where to intercept. We also want to
> do it immediatly without possibly changing the state of the system
> otherwise, so that the whole system behaves respectiong our rejection of
> the Mail From command, and ASSP does not need to abort the link, as it
> will
> all happen within the protocol.
Agreed. I had some difficulty reading through the code / states, and
determining exactly where to patch the additional functionality, so it isn't
impossible that I am trapping it too far down in the sequence. It
definitely does makes sense to verify that the user has been authenticated
when receiving the MAIL FROM command.
> [EnforceAuth,"Enforce AUTH before MAIL FROM when connecting to second SMTP
> port",0,checkbox,0,'(.*)',undef,
> 'Handle AUTH before MAIL From on the submit port for MTAs which fail to
> enforce the requirement. Requires "Another Listen Port" and "SMTP Auth
> Destination". Otherwise does nothing.'],
Agreed - it sounds much better. I have no issues with your rewording &
clarifying of it. :) You are just missing it in the patch, however. You
need to include it in the if statement:
if($enforceAuth && ( $this->{localport} == $listenPort2 && $smtpAuthServer
ne '' && !($this->{relayok}) ) ){
> You still need an MTA that's going to reply 235 to your AUTH request
> though
Absolutely. The reason I brought this whole topic up, however, is that I
can't seem to configure my MTA to require AUTH connections on a particular
port (such as 587), and hence, would allow non-auth connections the ability
to deliver local mail, thereby bypassing ASSP.
The only thing I noticed missing in the patch is the removal of the
$smtpAuthServerAuthConnectionsOnly code that I submitted that Fritz has
already included in build 39 & 40.
Thanks for the corrections!
Eric
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
