[prev in list] [next in list] [prev in thread] [next in thread]
List: amavis-user
Subject: Re: [AMaViS-user] AUTH parameter to MAIL FROM
From: Mark Martinec <Mark.Martinec+amavis () ijs ! si>
Date: 2007-06-18 16:19:42
Message-ID: 200706181819.42988.Mark.Martinec+amavis () ijs ! si
[Download RAW message or body]
Leo,
> I'm using amavisd-new as a postfix smtpd_proxy_filter.
> I've noticed that some mailers (some sendmail configurations) include an
> AUTH parameter to the MAIL FROM command, which apparently postfix passes
> to amavisd. However, amavisd rejects those mails because I have not
> defined @auth_mech_avail.
>
> Jun 12 14:25:37 strike postfix/smtpd[611]: warning: proxy
> 127.0.0.1:10024 rejected "MAIL From:<xxx@yyy> SIZE=1841 AUTH=<>": "503
> 5.7.4 Error: authentication disabled".
>
> I've read Marks post on this topic some years ago:
> http://thread.gmane.org/gmane.mail.virus.amavis.user/15970/focus=16013
> ... in which he argued that amavisd should not accept the AUTH parameter
> if it isn't configured for authentication.
I know, a postfix proxy smtp server is supposed to cut a few corners,
deviating from RFC2821 in some details.
Try the patch below (for 2.5.1), it will turn a fatal
503 5.7.4 Error: authentication disabled
into an informative log entry and ignore the AUTH parameter.
> However, will simply enabling authentication by adding
> @auth_mech_avail = qw(PLAIN LOGIN);
> fix the problem for me? This will cause amavis accept the AUTH parameter
> in "MAIL TO" commands. But amavisd will then also handle the AUTH
> command.
It used to achieve the effect I think, although since the use
of Net::SMTP (= libnet) was dropped in 2.5.0, the authentication
in amavisd is even more crippled than it used to be.
Luckily noone depends on it I believe.
> Will postfix still block SMTP sessions using authentication
> with wrong credentials before the mail is passed to amavis? (I believe,
> amavis will reply with a positive "235 2.7.1 Authentication successful"
> to every (supported and syntactically correct) authentication attempt
> without checking the credentials if @auth_mech_avail is not empty.)
Yes, it would reply with Authentication successful, it has no way
to check credentials.
> As the SMTPD_PROXY_README says "Postfix sends no other SMTP commands.",
> postfix most likely won't pass an AUTH command to amavis anyway. So I'm
> just looking for a confirmation in order to be able to put my mind at rest.
I believe it is so.
--- amavisd.orig Thu May 31 14:10:01 2007
+++ amavisd Mon Jun 18 18:04:06 2007
@@ -13629,11 +13629,17 @@
if (!defined($dsn_envid)) { $dsn_envid = $val }
else { $msg = "501 5.5.4 Syntax error in MAIL parameter: $name" }
- } elsif ($name eq 'AUTH' && @{ca('auth_mech_avail')} &&
- !defined($submitter) ) { # rfc2554
- $submitter = xtext_decode($val); # encoded as xtext: rfc3461
- do_log(5, "MAIL command, %s, submitter: %s",
- $authenticated,$submitter);
- } elsif ($name eq 'AUTH' && !@{ca('auth_mech_avail')}) {
- $msg = "503 5.7.4 Error: authentication disabled";
+ } elsif ($name eq 'AUTH') { # rfc2554
+ my($s) = xtext_decode($val); # encoded as xtext: rfc3461
+ do_log(5, "MAIL command, %s, submitter: %s", $authenticated,$s);
+ if (defined $submitter) {
+ $msg = "504 5.5.4 MAIL command duplicate param.: $name=$val";
+ } elsif (!@{ca('auth_mech_avail')}) {
+ # $msg = "503 5.7.4 Error: authentication disabled";
+ do_log(3, "MAIL command parameter AUTH supplied, ".
+ "but authentication is disabled, ignored");
+ $submitter = '<>';
+ } else {
+ $submitter = $s;
+ }
} else {
$msg = "504 5.5.4 MAIL command parameter error: $name=$val";
Mark
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic