diff options
| author | Phil Pennock <pdp@exim.org> | 2012-11-19 23:44:33 -0500 |
|---|---|---|
| committer | Phil Pennock <pdp@exim.org> | 2012-11-19 23:44:33 -0500 |
| commit | 3f1df0e341c4ddc4add38fa97d9d34972655a6c7 (patch) | |
| tree | 500b34d05ffe3a1e0d62c24a6023e66a9c6208da /doc/doc-txt | |
| parent | e1d15f5e3b03bccb229281e762f9d47cf0933542 (diff) | |
Dovecot: robustness; better msg on missing mech.
If the dovecot protocol response doesn't include the MECH message for
the SMTP AUTH protocol the client has requested, that's not a protocol
failure, don't log it as such. Instead, explicitly log that it didn't
advertise the mechanism we're looking for. This lets administrators fix
either their Exim or their Dovecot configurations.
Also: make the Dovecot handling more resistant to bad data from the auth
server; handle too many fields with debug-log message to explain what's
going on, permit lines of 8192 length per spec and detect if the line is
too long, so that we can fail auth instead of becoming unsynchronised.
Stop using the CUID from the server as the AUTH id counter. They're
different, by my reading of the spec.
TESTED: works against Dovecot 2.1.10.
Thanks to Brady Catherman for reporting the problem with diagnosis.
Diffstat (limited to 'doc/doc-txt')
| -rw-r--r-- | doc/doc-txt/ChangeLog | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 99fe09086..218d25567 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -91,6 +91,11 @@ JH/12 Add optional authenticated_sender logging to A= and a log_selector PP/12 Unbreak server_set_id for NTLM/SPA auth, broken by 4.80 PP/29. +PP/13 Dovecot auth: log better reason to rejectlog if Dovecot did not + advertise SMTP AUTH mechanism to us, instead of a generic + protocol violation error. Also, make Exim more robust to bad + data from the Dovecot auth socket. + Exim version 4.80.1 ------------------- |