Microsoft Exchange sends non-empty string which postfix interprets as
non-empty initial challenge while it is clearly not.
Fix compatibility by ignoring the irrelevant data.
Trace of failed connection:
220 exchange.example.org Microsoft ESMTP MAIL Service ready at ...
EHLO test.localdomain
250-exchange.example.org Hello [...]
250-SIZE 37748736
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8
AUTH GSSAPI
334 GSSAPI supported
QUIT
535 5.7.3 Authentication unsuccessful
Signed-off-by: Michael Braun <michael-...@fami-braun.de>
--- a/src/smtp/smtp_sasl_glue.c
+++ b/src/smtp/smtp_sasl_glue.c
@@ -420,13 +420,14 @@
* Deferred initial response, the server challenge must be empty.
* Cleared after actual transmission to the server.
*/
- if (*line) {
- dsb_update(why, "4.7.0", DSB_DEF_ACTION,
- DSB_SKIP_RMTA, DSB_DTYPE_SASL, "protocol error",
- "SASL authentication failed; non-empty initial "
- "%s challenge from server %s: %s", mechanism,
- session->namaddr, STR(session->sasl_reply));
- return (-1);
+ if (*line && msg_verbose) {
+ /*
+ * Microsoft Exchange sends "334 GSSAPI supported" instead of
+ * empty challenge, so ignore any non-empty data and warn
+ * about it
+ */
+ msg_info("%s: %s: SASL ignore non-empty initial challenge:
%s",
+ myname, session->namaddrport, line);
}
} else {
result = xsasl_client_next(session->sasl_client, line,
_______________________________________________
Postfix-devel mailing list -- postfix-devel@postfix.org
To unsubscribe send an email to postfix-devel-le...@postfix.org
