8000 Empty response to AUTH LOGIN when should return base64 encoded "Username:" · Issue #223 · mjl-/mox · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Empty response to AUTH LOGIN when should return base64 encoded "Username:" #223
New issue
New issue
Closed
Closed
Empty response to AUTH LOGIN when should return base64 encoded "Username:"#223
@gdunstone

Description

@gdunstone
gdunstone
opened on Oct 2, 2024

Should EHLO 250-AUTH response have PLAIN and LOGIN first?

I was having trouble getting Authelia to use mox as its submissions server for a notification service.
I kept getting this error when trying to use mox: error="failed to dial connection: SMTP AUTH failed: unsupported SMTP AUTH types: ", however it worked when I used gmail.

I had a look at the responses of both gmail and mox and it seems that gmail returns LOGIN and PLAIN before the others:

Response from gmail:

220 smtp.gmail.com ESMTP 41be03b00d2f7-7e6db292aafsm8896834a12.14 - gsmtp
EHLO localhost
250-smtp.gmail.com at your service, [103.216.191.236]
250-SIZE 35882577
250-8BITMIME
250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8

Response from mox v0.0.11

220 my.domain.com ESMTP mox v0.0.11
EHLO localhost
250-my.domain.com
250-PIPELINING
250-SIZE 104857600
250-REQUIRETLS
250-AUTH SCRAM-SHA-256-PLUS SCRAM-SHA-256 SCRAM-SHA-1-PLUS SCRAM-SHA-1 CRAM-MD5 PLAIN LOGIN
250-FUTURERELEASE 5184000 2024-11-30T23:25:13Z
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-LIMITS RCPTMAX=1000
250 SMTPUTF8

After building a dev mox, and placing PLAIN and LOGIN before the others, Authelia worked.

This line:

mox/smtpserver/server.go

Line 906 in b0c4b09

c.bwritelinef("250-AUTH SCRAM-SHA-256-PLUS SCRAM-SHA-256 SCRAM-SHA-1-PLUS SCRAM-SHA-1 CRAM-MD5 PLAIN LOGIN") 

diff --git a/smtpserver/server.go b/smtpserver/server.go
index 38fa205..575edc8 100644
--- a/smtpserver/server.go
+++ b/smtpserver/server.go
@@ -899,7 +899,7 @@ func (c *conn) cmdHello(p *parser, ehlo bool) {
                        // authentication. The client should select the bare variant when TLS isn't
                        // present, and also not indicate the server supports the PLUS variant in that
                        // case, or it would trigger the mechanism downgrade detection.
-                       c.bwritelinef("250-AUTH SCRAM-SHA-256-PLUS SCRAM-SHA-256 SCRAM-SHA-1-PLUS SCRAM-SHA-1 CRAM-MD5 PLAIN LOGIN")
+                       c.bwritelinef("250-AUTH PLAIN LOGIN SCRAM-SHA-256-PLUS SCRAM-SHA-256 SCRAM-SHA-1-PLUS SCRAM-SHA-1 CRAM-MD5")
                } else {
                        c.bwritelinef("250-AUTH ")
                }

This reponse from mox resulted in successful login by Authelia:

220 my.domain.com ESMTP mox (devel)
EHLO localhost
250-my.domain.com
250-PIPELINING
250-SIZE 104857600
250-REQUIRETLS
250-AUTH PLAIN LOGIN SCRAM-SHA-256-PLUS SCRAM-SHA-256 SCRAM-SHA-1-PLUS SCRAM-SHA-1 CRAM-MD5
250-FUTURERELEASE 5184000 2024-12-01T00:47:52Z
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-LIMITS RCPTMAX=1000
250 SMTPUTF8

I'm not sure if I should raise this with mox or Authelia, and I dont know the spec of how these auth options should be ordered, so if this is fully within spec I can raise this with Authelia instead.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0