On 2013-09-28 at 16:08 +0200, Thomas Morper wrote: > On Sat, 28 Sep 2013, Jeremy Harris wrote: > > > Thanks for testing the RC. I don't see that behaviour here; > > could you share the definition of the PLAIN authenticator config > > you're using? > > It's plain (no pun intended) and simple: > > begin authenticators > auth_plain: > driver = dovecot > public_name = PLAIN > server_socket = /var/run/dovecot/auth-client
> I'm using Dovecot 2.2.6, OS is Slackware 14.0 64-bit. I knew changes to Dovecot auth sounded familiar: commit 3f1df0e341c4ddc4add38fa97d9d34972655a6c7 Author: Phil Pennock <[email protected]> Date: Mon Nov 19 23:44:33 2012 -0500 And indeed, I can reproduce the NULL with a fresh build of Exim. Reverting the above commit removes the NULL from the output, so this is definitely the cause. Apparently, the testing I did at the time did not include PLAIN and an empty Dovecot CONT line. My testing was against Dovecot 2.1.10 and that's still what I have installed. Without the commit above: ----------------------------8< cut here >8------------------------------ 76689 SMTP<< AUTH PLAIN 76689 dovecot authentication 76689 received: VERSION 1 1 76689 received: MECH PLAIN plaintext 76689 received: MECH LOGIN plaintext 76689 received: MECH DIGEST-MD5 dictionary active mutual-auth 76689 received: MECH CRAM-MD5 dictionary active 76689 received: MECH GSSAPI 76689 received: SPID 76690 76689 received: CUID 1 76689 received: COOKIE fe1bb46441b187f3d8435c36906ac067 76689 received: DONE 76689 sent: VERSION 1 0 76689 CPID 76689 76689 AUTH 1 PLAIN service=smtp secured rip=::1 lip=::1 nologin resp= 76689 received: CONT 1 76689 SMTP>> 334 76689 tls_do_write(0x803130000, 6) 76689 SSL_write(SSL, 0x803130000, 6) 76689 outbytes=6 error=0 76689 Calling SSL_read(0x803108000, 0x8031a7000, 4096) 76689 received: OK 1 user=frederic 76689 auth_plain authenticator server_condition: 76689 $auth1 = frederic 76689 $1 = frederic 76689 SMTP>> 235 Authentication succeeded 76689 tls_do_write(0x803130000, 30) ----------------------------8< cut here >8------------------------------ With the commit above: ----------------------------8< cut here >8------------------------------ 76430 SMTP<< AUTH PLAIN 76430 dovecot authentication 76430 received: VERSION 1 1 76430 received: MECH PLAIN plaintext 76430 received: MECH LOGIN plaintext 76430 received: MECH DIGEST-MD5 dictionary active mutual-auth 76430 received: MECH CRAM-MD5 dictionary active 76430 received: MECH GSSAPI 76430 received: SPID 76433 76430 received: CUID 1 76430 received: COOKIE 0290a68f32d3aa12b869914ae61dab6e 76430 received: DONE 76430 sent: VERSION 1 0 76430 CPID 76430 76430 AUTH 1 PLAIN service=smtp secured rip=::1 lip=::1 nologin resp= 76430 received: CONT 1 76430 dovecot: warning: ignoring trailing tab 76430 SMTP>> 334 NULL 76430 tls_do_write(0x803130000, 10) 76430 SSL_write(SSL, 0x803130000, 10) 76430 outbytes=10 error=0 76430 Calling SSL_read(0x803108000, 0x8031a7000, 4096) 76430 received: OK 1 user=frederic 76430 auth_plain authenticator server_condition: 76430 $auth1 = frederic 76430 $1 = frederic 76430 SMTP>> 235 Authentication succeeded 76430 tls_do_write(0x803130000, 30) ----------------------------8< cut here >8------------------------------ The clue is that "ignoring trailing tab" line. I have pushed 970ba64 to fix this: ----------------------------8< cut here >8------------------------------ commit 970ba64f07bf5523c7098235664f2ce02962a128 Author: Phil Pennock <[email protected]> Date: Mon Sep 30 00:57:07 2013 -0400 Fix dovecot with empty 334 challenge. Thomas Morper reported, with 4.82RC1, that he saw "334 NULL" as the challenge when using AUTH PLAIN to Dovecot when the client does not send an initial response. I could replicate. This was caused by commit 3f1df0e3 on 2012-11-19 (PP/13 of 4.82); I was too cautious in the robustness fixes; the clue came in this line of debug output: 76430 dovecot: warning: ignoring trailing tab This change removes that check, and documents in a comment that this input is acceptable protocol-wise, and why. With this fix: AUTH PLAIN 334 AGZyZWRlcmljAGh1bXB0eS1kdW1wdHk= 235 Authentication succeeded ----------------------------8< cut here >8------------------------------ Regards, -Phil
pgpgCXPLtfXWL.pgp
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
