From 3f1df0e341c4ddc4add38fa97d9d34972655a6c7 Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Mon, 19 Nov 2012 23:44:33 -0500 Subject: Dovecot: robustness; better msg on missing mech. If the dovecot protocol response doesn't include the MECH message for the SMTP AUTH protocol the client has requested, that's not a protocol failure, don't log it as such. Instead, explicitly log that it didn't advertise the mechanism we're looking for. This lets administrators fix either their Exim or their Dovecot configurations. Also: make the Dovecot handling more resistant to bad data from the auth server; handle too many fields with debug-log message to explain what's going on, permit lines of 8192 length per spec and detect if the line is too long, so that we can fail auth instead of becoming unsynchronised. Stop using the CUID from the server as the AUTH id counter. They're different, by my reading of the spec. TESTED: works against Dovecot 2.1.10. Thanks to Brady Catherman for reporting the problem with diagnosis. --- doc/doc-txt/ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'doc') diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 99fe09086..218d25567 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -91,6 +91,11 @@ JH/12 Add optional authenticated_sender logging to A= and a log_selector PP/12 Unbreak server_set_id for NTLM/SPA auth, broken by 4.80 PP/29. +PP/13 Dovecot auth: log better reason to rejectlog if Dovecot did not + advertise SMTP AUTH mechanism to us, instead of a generic + protocol violation error. Also, make Exim more robust to bad + data from the Dovecot auth socket. + Exim version 4.80.1 ------------------- -- cgit v1.2.3