[exim] Opposing RFCs ? - Case In/Sensitive AUTH SASL Methode

Sat, 27 Sep 2008 01:04:33 -0700 

Hi

We have trouble with a program that uses a microsoft mail routine. It  
sends the SASL auth Parameter in lower case but  exim only allow upper  
case

        AUTH login
        503 AUTH LOGIN or AUTH PLAIN OR AUTH CRAM-MD5 OR AUTH MSN is REQUIRED

        AUTH LOGIN
        334 VXNlcm5hbWU6

Exim refer to RFC 2222 (Manual: "33.1. Generic options for  
authenticators" / "public_name") but it seems RFC 2222 and RFC 2554  
are opposite at this point.

RFC 2554 says the SASL auth_type has to be case insensitive ("ALPHA/ 
DIGIT"). But RFC 2222 says the SASL mechanism is named only upper-case.

The customer insists that exim has to perform RFC 2554 and he says  
other MTAs like sendmail do so.

Who is right? And is there a possibility to configure exim to except  
the AUTH mechanism case-insensitive ?

---------------------
RFC2554 - SMTP Service Extension for Authentication

3. The Authentication service extension
...
    (3) The AUTH EHLO keyword contains as a parameter a space separated
        list of the names of supported SASL mechanisms.


7. Formal Syntax
...
    Except as noted otherwise, all alphabetic characters are case-
    insensitive.  The use of upper or lower case characters to define
    token strings is for editorial clarity only.  Implementations MUST
    accept these strings in a case-insensitive fashion.

    UPALPHA         = %x41-5A            ;; Uppercase: A-Z
    LOALPHA         = %x61-7A            ;; Lowercase: a-z
    ALPHA           = UPALPHA / LOALPHA  ;; case insensitive
    DIGIT           = %x30-39            ;; Digits 0-9
...
    AUTH_CHAR       = ALPHA / DIGIT / "-" / "_"
    auth_type       = 1*20AUTH_CHAR
    auth_command    = "AUTH" SPACE auth_type [SPACE (base64 / "=")]
                      *(CRLF [base64]) CRLF

    auth_param      = "AUTH=" xtext
                        ;; The decoded form of the xtext MUST be either
                        ;; an addr-spec or the two characters "<>"

...
---------------------

RFC2222 - Simple Authentication and Security Layer (SASL)

3.    Introduction and Overview
...
    The command has a required argument identifying a SASL mechanism.
    SASL mechanisms are named by strings, from 1 to 20 characters in
    length, consisting of upper-case letters, digits, hyphens, and/or
    underscores.  SASL mechanism names must be registered with the IANA.
    Procedures for registering new SASL mechanisms are given in the
    section "Registration procedures"


---------------------

Nicola

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to