[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Channel binding being attempted even when SCRAM PLUS not advertized
|
From: |
Simon Josefsson |
|
Subject: |
Re: Channel binding being attempted even when SCRAM PLUS not advertized |
|
Date: |
Mon, 15 Aug 2022 20:32:03 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
Manvendra Bhangui <mbhangui@gmail.com> writes:
> On Mon, 15 Aug 2022 at 23:36, Simon Josefsson <simon@josefsson.org> wrote:
>>
>> Manvendra Bhangui <mbhangui@gmail.com> writes:
>>
>> > I have recently added SCRAM-SHA-1, SCRAM-SHA-1-PLUS, SCRAM-SHA-256 and
>> > SCRAM-SHA-256-PLUS, to my smtp daemon, using gsasl.
>>
>> Thank you! Is indimail packaged for some distribution?
>>
> It is packaged officially for any distribution, but my users mostly
> install it from openSUSE build service for most linux distributions or
> use the docker images from github.
Maybe it would be possible to integrate this into GitLab CI/CD... what
is the name of the docker image? Does it ship with recent gsasl?
>> Maybe what you found is an unexpected behaviour in the 'gsasl' tool --
>> the callback shouldn't set CB's when non-PLUS is selected. It doesn't
>> have the logic to do that, but you should be able to fake it with
>> --no-cb. The idea was that the tool should be as dumb as possible, to
>> allow you to use --no-cb to manually chose here. But perhaps the
>> default for non-PLUS
>>
>
> OK, I tried that and it works. Using --no-cb works for me as I am
> primarily using gsasl for testing. It is very useful and I doubt if
> there is anything else available to test the SCRAM auth methods.
Both msmtp and GNU MailUtils uses gsasl, and while tls-exporter support
may be missing right now, it shouldn't be hard to add it.
Getting interop of all this working would be great -- I know the Exim
folks are looking into this too.
/Simon
signature.asc
Description: PGP signature