Hello!
In SMTP.pm around line 204 there is a regular expression that checks
what authentication methods should be displayed after a EHLO command. If
the register hook is called "auth" (with nothing after, like auth-plain
or auth-login) it displays all authentication methods, considering it a
"polymorphous auth provider".
In tls plugin, the last line ("*hook_helo = *hook_data = *hook_rcpt
= *hook_mail = *hook_auth = \&bad_ssl_hook;") connects the funtion
bad_ssl_hook to the "auth" hook unconditionally, trying to follow
RFC2487 secn 5.1, turning on all authentication methods. It caused some
strange behavior when working with other authentication plugin. Patch
attached.
BTW, we are returning a 550 error after TLS negotiation fails, while
RFC2487 suggests a 554 return code. Should I describe this return code
at Constants.pm?
Thanks.
--
Atenciosamente,
Marco Aurelio Monteiro
Analista de suporte
[EMAIL PROTECTED]
--------------------------------
Viaconnect - Conectividade Total
Fone: +55 (54) 2101-5500
--- tls.orig Wed Aug 3 13:54:10 2005
+++ tls Wed Aug 3 14:34:49 2005
@@ -107,6 +107,11 @@
# SSL setup failed. Now we must respond to every command with 5XX
warn("TLS failed: [EMAIL PROTECTED]");
$transaction->notes('ssl_failed', 1);
+ $self->register_hook('helo', 'bad_ssl_hook');
+ $self->register_hook('data', 'bad_ssl_hook');
+ $self->register_hook('rcpt', 'bad_ssl_hook');
+ $self->register_hook('mail', 'bad_ssl_hook');
+ $self->register_hook('auth', 'bad_ssl_hook');
return DENY, "TLS Negotiation Failed";
}
@@ -140,7 +145,5 @@
# Fulfill RFC 2487 secn 5.1
sub bad_ssl_hook {
my ($self, $transaction) = @_;
- return DENY, "Command refused due to lack of security" if
$transaction->notes('ssl_failed');
- return DECLINED;
+ return DENY, "Command refused due to lack of security";
}
-*hook_helo = *hook_data = *hook_rcpt = *hook_mail = *hook_auth =
\&bad_ssl_hook;
