I ran across exactly the same issue mentioned in
http://twister.fastxs.net/pipermail/dbmail-dev/2004-May/003852.html
recently, while setting up an openwebmail installation,
so I did a bit of looking into it.
>From rfc 1734:
If the requested
authentication mechanism is not supported, the server
should reject the AUTH command by sending a negative
response.
dbmail-pop3d doesn't support any AUTH mechanisms, so any requested
should return some -ERR (which 2.0.x and 2.1.x do, but not 1.2.x).
Nowhere does it allow an "AUTH" command without naming a mechanism,
so doing so should also return an -ERR. So in pop3.c, this section:
case POP3_AUTH:
{
if (session->state != POP3_AUTHORIZATION_STATE)
return pop3_error(session, stream,
"-ERR wrong command mode,
sir\r\n");
/* if we get anything but the naked "auth" command,
* we return an error */
if (value != NULL)
return pop3_error(session, stream,
"-ERR unknown authorization
mechanism\r\n");
fprintf((FILE *) stream,
"+OK List of supported mechanisms\r\n"
"X-NONE-SO-USE-APOP\r\n.\r\n");
return 1;
}
should change to something more like:
case POP3_AUTH:
{
if (session->state != POP3_AUTHORIZATION_STATE)
return pop3_error(session, stream,
"-ERR wrong command mode,
sir\r\n");
fprintf((FILE *) stream,
"-ERR AUTH command not supported.\r\n");
return 1;
}
1.2.x source is almost that already, just need to change the
+OK message to the above -ERR message. That should fix
openwebmail and probably some others.
--
Jesse Norell - [EMAIL PROTECTED]
Kentec Communications, Inc.
