Hi there;
I have qmail-ldap-control-smtp-auth-tls working happily on linux, but
right now users are able to log in using LOGIN PLAIN without TLS. I'm
not keen on getting SASL going at the moment because it would be a 4th
authentication system to maintain. Eventually, but not right now, so
using CRAM-MD5 is not really an option (at least as far as I know).
What I'd really like to do is have the SMTP-AUTH work only if a TLS
session has been negotiated (or if the connection is over a secure
port, but I suppose that's a bit more complicated because of the
involvement of stunnel. I can think of a few hacks, but the TLS case is
really what I'm concerned about right now). I don't know too much about
the RFCs concerning SMTP, and don't often do TLS connections by hand,
so I don't know if it's standard to do a post-TLS EHLO to check for the
availability of login, or even possible. This complicates matters
somewhat for writing a patch, because where exactly you make the offer
for LOGIN is a bit confusing.
I suspect it would be fairly easy to add a check for a flag of some
sort that says "SSL/TLS-enabled, go ahead with LOGIN", or throw out an
error and disconnect the socket before the client gets a chance to send
the username/password (I wouldn't trust the client to properly
acknowledge an error and stop the login process). The question is, has
anyone done something similar to this? If so, I'd love to hear from
you. Otherwise, can anyone give me pointers on what a TLS-only LOGIN
negotiation would look like so that I'm not so much in the dark when I
try to write a patch?
Thanks,
blaine.
