Loading ...
Sorry, an error occurred while loading the content.

Re: SASL forward problem

Expand Messages
  • Wietse Venema
    ... This SMTP server has an interesting way to report errors. ... Postfix cannot ignore 555 after RCPT TO. And we already know that the server would not accept
    Message 1 of 5 , Nov 2, 2011
    View Source
    • 0 Attachment
      kapetr:
      > 220 mailout1.t-email.cz ESMTP
      > EHLO 251-43-13-46.tmcz.cz
      > 250-mailout1.t-email.cz
      > 250-PIPELINING
      > 250-SIZE 15360000
      > 250-VRFY
      > 250-ETRN
      > 250-AUTH LOGIN PLAIN
      > 250-ENHANCEDSTATUSCODES
      > 250-8BITMIME
      > 250 DSN
      > AUTH LOGIN
      > 334 xxxxxxxxxx
      > yyyyyyy
      > 334 xxxxxxxxxxxx
      > yyyyyyy
      > 235 2.7.0 Authentication successful
      > MAIL FROM:<jiri.panek@...> SIZE=519 AUTH=<>
      > 250 2.1.0 Ok
      > RCPT TO:<jipan@...> ORCPT=rfc822;jipan@...
      > 555 5.5.4 Unsupported option: AUTH=<>

      This SMTP server has an interesting way to report errors.

      > I thing, my Postfix should ignore the "555 5.5.4 Unsupported option:
      > AUTH=<>" and continue.

      Postfix cannot ignore 555 after RCPT TO. And we already know that
      the server would not accept the mail (in your earlier email it
      replied with "554 5.5.1 Error: no valid recipients" to the DATA
      command).

      > Or better do not send it at all - what is it at all?

      Postfix is not written by imitation. It is written by implementing
      mail standards. The AUTH command and the AUTH= option are defined
      in RFC 2554 which was written many years ago.

      Unfortunately, not sending AUTH= involves editing Postfix source
      code or using a proxy that removes the AUTH= option. There is no
      feature to filter the commands that Postfix sends, like there is
      for the replies that Postfix receives.

      A third option is to edit the Postfix smtp executable file. Look
      for the string " AUTH=<>" and replace the space with a null byte.

      As for editing source code, this is in src/smtp/smtp_proto.c.
      Just delete the portion with:

      /*
      * We authenticate the local MTA only, but not the sender.
      */
      #ifdef USE_SASL_AUTH
      if (var_smtp_sasl_enable
      && (session->features & SMTP_FEATURE_AUTH))
      vstring_strcat(next_command, " AUTH=<>");
      #endif

      > As you wrote: "If that is the case, then the server
      > mis-implements SMTP command
      > pipelining."
      >
      > Did you mean my server (my postfix) or ISPs server ?

      Your machine is the SMTP client. The ISP is the SMTP server.

      Wietse
    • kapetr
      Hello, I didn t thing, that my Postfix is the bad guy, but if the client is Evolution (in SSL+SASL connection with the ISPs server), the messages goes out
      Message 2 of 5 , Nov 5, 2011
      View Source
      • 0 Attachment
        Hello,

        I didn't thing, that my Postfix is the bad guy, but if the client is
        Evolution (in SSL+SASL connection with the ISPs server), the
        messages goes out without problem.

        The problem is only if Postfix is the client ?!
        Why ?

        I have try yours "to modify executable" way.

        The "AUTH=<>" is in /usr/lib/postfix/smtp - I had edit it in "mc"
        and have replaced it with " " and left the "^@" (this is probably
        the NULL byte).

        But it just give an error in log:
        Nov 5 11:24:05 zly-hugo postfix/master[1418]: warning:
        /usr/lib/postfix/smtp: bad command startup -- throttling
        Nov 5 11:25:05 zly-hugo postfix/master[1418]: warning: process
        /usr/lib/postfix/smtp pid 2633 killed by signal 11

        Thank you

        --kapetr



        -------------------------
        >Date: Wed, 2 Nov 2011 15:41:04 -0400 (EDT)
        >From: Wietse Venema <wietse@...>
        >Subject: Re: SASL forward problem
        >
        >kapetr:
        >> 220 mailout1.t-email.cz ESMTP
        >> EHLO 251-43-13-46.tmcz.cz
        >> 250-mailout1.t-email.cz
        >> 250-PIPELINING
        >> 250-SIZE 15360000
        >> 250-VRFY
        >> 250-ETRN
        >> 250-AUTH LOGIN PLAIN
        >> 250-ENHANCEDSTATUSCODES
        >> 250-8BITMIME
        >> 250 DSN
        >> AUTH LOGIN
        >> 334 xxxxxxxxxx
        >> yyyyyyy
        >> 334 xxxxxxxxxxxx
        >> yyyyyyy
        >> 235 2.7.0 Authentication successful
        >> MAIL FROM:<jiri.panek@...> SIZE=519 AUTH=<>
        >> 250 2.1.0 Ok
        >> RCPT TO:<jipan@...> ORCPT=rfc822;jipan@...
        >> 555 5.5.4 Unsupported option: AUTH=<>
        >
        >This SMTP server has an interesting way to report errors.
        >
        >> I thing, my Postfix should ignore the "555 5.5.4 Unsupported
        >> option:
        >> >> AUTH=<>" and continue.
        >
        >Postfix cannot ignore 555 after RCPT TO. And we already know that
        >the server would not accept the mail (in your earlier email it
        >replied with "554 5.5.1 Error: no valid recipients" to the DATA
        >command).
        >
        >> Or better do not send it at all - what is it at all?
        >
        >Postfix is not written by imitation. It is written by implementing
        >mail standards. The AUTH command and the AUTH= option are defined
        >in RFC 2554 which was written many years ago.
        >
        >Unfortunately, not sending AUTH= involves editing Postfix source
        >code or using a proxy that removes the AUTH= option. There is no
        >feature to filter the commands that Postfix sends, like there is
        >for the replies that Postfix receives.
        >
        >A third option is to edit the Postfix smtp executable file. Look
        >for the string " AUTH=<>" and replace the space with a null byte.
        >
        >As for editing source code, this is in src/smtp/smtp_proto.c.
        >Just delete the portion with:
        >
        >/*
        >* We authenticate the local MTA only, but not the sender.
        >*/
        >#ifdef USE_SASL_AUTH
        >if (var_smtp_sasl_enable
        >&& (session->features & SMTP_FEATURE_AUTH))
        >vstring_strcat(next_command, " AUTH=<>");
        >#endif
        >
        >> As you wrote: "If that is the case, then the server
        >> mis-implements SMTP command
        >> pipelining."
        >>
        >> Did you mean my server (my postfix) or ISPs server ?
        >
        >Your machine is the SMTP client. The ISP is the SMTP server.
        >
        >Wietse



        --
        Jak co nejlépe přichystat automobil na provoz v nadcházející zimní
        sezóně? Čtěte speciál Příprava auta na zimu na
        http://web.volny.cz/data/click.php?id=1292
      • kapetr
        Hello, I didn t thing, that my Postfix is the bad guy, but I have to say - if the client is Evolution (in SSL+SASL connection with the ISPs server), the
        Message 3 of 5 , Nov 12, 2011
        View Source
        • 0 Attachment
          Hello,

          I didn't thing, that my Postfix is the bad guy, but I have to say -
          if the client is
          Evolution (in SSL+SASL connection with the ISPs server), the
          messages goes out without problem.

          The problem is only if Postfix is the client ?!
          Why ?

          I have try yours "to modify executable" way.

          The "AUTH=<>" is in /usr/lib/postfix/smtp - I had edit it in "mc"
          and have replaced it with " " and left the "^@" (this is probably
          the NULL byte).

          But it just give an error in log:
          Nov 5 11:24:05 zly-hugo postfix/master[1418]: warning:
          /usr/lib/postfix/smtp: bad command startup -- throttling
          Nov 5 11:25:05 zly-hugo postfix/master[1418]: warning: process
          /usr/lib/postfix/smtp pid 2633 killed by signal 11

          Thank you

          --kapetr



          -------------------------
          >Date: Wed, 2 Nov 2011 15:41:04 -0400 (EDT)
          >From: Wietse Venema <wietse@...>
          >Subject: Re: SASL forward problem
          >
          >kapetr:
          >> 220 mailout1.t-email.cz ESMTP
          >> EHLO 251-43-13-46.tmcz.cz
          >> 250-mailout1.t-email.cz
          >> 250-PIPELINING
          >> 250-SIZE 15360000
          >> 250-VRFY
          >> 250-ETRN
          >> 250-AUTH LOGIN PLAIN
          >> 250-ENHANCEDSTATUSCODES
          >> 250-8BITMIME
          >> 250 DSN
          >> AUTH LOGIN
          >> 334 xxxxxxxxxx
          >> yyyyyyy
          >> 334 xxxxxxxxxxxx
          >> yyyyyyy
          >> 235 2.7.0 Authentication successful
          >> MAIL FROM:<jiri.panek@...> SIZE=519 AUTH=<>
          >> 250 2.1.0 Ok
          >> RCPT TO:<jipan@...> ORCPT=rfc822;jipan@...
          >> 555 5.5.4 Unsupported option: AUTH=<>
          >
          >This SMTP server has an interesting way to report errors.
          >
          >> I thing, my Postfix should ignore the "555 5.5.4 Unsupported
          >> option:
          >> >> AUTH=<>" and continue.
          >
          >Postfix cannot ignore 555 after RCPT TO. And we already know that
          >the server would not accept the mail (in your earlier email it
          >replied with "554 5.5.1 Error: no valid recipients" to the DATA
          >command).
          >
          >> Or better do not send it at all - what is it at all?
          >
          >Postfix is not written by imitation. It is written by implementing
          >mail standards. The AUTH command and the AUTH= option are defined
          >in RFC 2554 which was written many years ago.
          >
          >Unfortunately, not sending AUTH= involves editing Postfix source
          >code or using a proxy that removes the AUTH= option. There is no
          >feature to filter the commands that Postfix sends, like there is
          >for the replies that Postfix receives.
          >
          >A third option is to edit the Postfix smtp executable file. Look
          >for the string " AUTH=<>" and replace the space with a null byte.
          >
          >As for editing source code, this is in src/smtp/smtp_proto.c.
          >Just delete the portion with:
          >
          >/*
          >* We authenticate the local MTA only, but not the sender.
          >*/
          >#ifdef USE_SASL_AUTH
          >if (var_smtp_sasl_enable
          >&& (session->features & SMTP_FEATURE_AUTH))
          >vstring_strcat(next_command, " AUTH=<>");
          >#endif
          >
          >> As you wrote: "If that is the case, then the server
          >> mis-implements SMTP command
          >> pipelining."
          >>
          >> Did you mean my server (my postfix) or ISPs server ?
          >
          >Your machine is the SMTP client. The ISP is the SMTP server.
          >
          >Wietse




          sezóně? Čtěte speciál Příprava auta na zimu na
          http://web.volny.cz/data/click.php?id=1292




          --
          Jak co nejlépe přichystat automobil na provoz v nadcházející zimní
          sezóně? Čtěte speciál Příprava auta na zimu na
          http://web.volny.cz/data/click.php?id=1292
        • Wietse Venema
          ... Please complain to the vendor of the software that announces AUTH support and that fails to implement the AUTH= option. You may refer them to RFC 4954
          Message 4 of 5 , Nov 12, 2011
          View Source
          • 0 Attachment
            kapetr:
            > Hello,
            >
            > I didn't thing, that my Postfix is the bad guy, but I have to say -
            > if the client is
            > Evolution (in SSL+SASL connection with the ISPs server), the
            > messages goes out without problem.
            >
            > The problem is only if Postfix is the client ?!
            > Why ?

            Please complain to the vendor of the software that announces AUTH
            support and that fails to implement the AUTH=<> option. You may
            refer them to RFC 4954 which has all the details.

            > I have try yours "to modify executable" way.
            >
            > The "AUTH=<>" is in /usr/lib/postfix/smtp - I had edit it in "mc"
            > and have replaced it with " " and left the "^@" (this is probably
            > the NULL byte).
            >
            > But it just give an error in log:
            > Nov 5 11:24:05 zly-hugo postfix/master[1418]: warning:
            > /usr/lib/postfix/smtp: bad command startup -- throttling
            > Nov 5 11:25:05 zly-hugo postfix/master[1418]: warning: process
            > /usr/lib/postfix/smtp pid 2633 killed by signal 11

            The file size must be the same before and after editing.

            $ cp /usr/libexec/postfix/smtp smtp.new
            $ perl -pi -e 's/ AUTH=/\0AUTH=/' smtp.new
            $ ls -l /usr/libexec/postfix/smtp smtp.new
            -rwxr-xr-x 2 root wheel 1700160 Nov 8 20:12 /usr/libexec/postfix/smtp
            -rwxr-xr-x 1 wietse wheel 1700160 Nov 12 08:13 smtp.new
            $ cmp -l /usr/libexec/postfix/smtp smtp.new
            313969 40 0

            The numbers 1700160 and 313969 will be different on your system
            (unless you use the same FreeBSD version and the same compiler
            options as I did).

            Wietse
          Your message has been successfully submitted and would be delivered to recipients shortly.