Felix created JAMES-4207:
----------------------------
Summary: ManageSieve sends AUTHENTICATE
Key: JAMES-4207
URL: https://issues.apache.org/jira/browse/JAMES-4207
Project: James Server
Issue Type: Bug
Affects Versions: master
Reporter: Felix
James sends ManageSieve capabilities after every successful AUTHENTICATE
command.
This was introduced with
https://github.com/apache/james-project/commit/1819fddf13c88476a0766ccc91c81d66d14da682.
However, the relevant RFC (5804, section 4) states:
response-authenticate = *(string CRLF)
((response-ok [response-capability]) /
response-nobye)
;; <response-capability> is REQUIRED if a
;; SASL security layer was negotiated and
;; MUST be omitted otherwise.
I think that all authentication mechanisms supported by James (PLAIN, LOGIN,
XOAUTH2, OAUTHBEARER) do not negotiate a SASL layer.
The server must therefore omit the capabilities.
There was a similar discussion here: [https://github.com/thsmi/sieve/issues/480]
I can confirm that the Roundcube webmail client does not expect capabilities
and fails to use managesieve with James.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
