One little more patch to the Auth.pm
$loginas/$user could be a string, and != is for numbers
diff -Naur qpsmtpd.ORIG/lib/Qpsmtpd/Auth.pm qpsmtpd/lib/Qpsmtpd/Auth.pm
--- qpsmtpd.ORIG/lib/Qpsmtpd/Auth.pm Mon Apr 24 14:50:48 2006
+++ qpsmtpd/lib/Qpsmtpd/Auth.pm Wed Apr 26 12:03:32 2006
@@ -29,7 +29,7 @@
# Authorization ID must not be different from
# Authentication ID
- if ( $loginas ne '' && $loginas != $user ) {
+ if ( $loginas ne '' && $loginas ne $user ) {
$session->respond(535, "Authentication invalid");
return DECLINED;
}
On Mon, Apr 24, 2006 at 08:25:29PM +0200, Michael Holzt wrote:
> > I think your patch is correct with regard to AUTH LOGIN in that ESMTP
> > would normally allow the username (the first term) to be included with
> > the initial command (AUTH LOGIN), but I cannot find an authoritative
> > source for this.
>
> Now, as i said, AUTH LOGIN is nowhere specified, but RFC2222 which
> specified the AUTH mechanism in SMTP in general provides that the
> first response in SMTP Auth might be provided together with "AUTH
> <method>". So this holds true für AUTH LOGIN as well.
>
>
> Regards
> Michael
>
> --
> It's an insane world, but i'm proud to be a part of it. -- Bill Hicks
--
Leonardo Helman
Pert Consultores
Argentina
