Print Page | Close Window

Problem with AUTH=LOGIN

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5768
Printed Date: 28 December 2024 at 8:06pm


Topic: Problem with AUTH=LOGIN
Posted By: atifghaffar
Subject: Problem with AUTH=LOGIN
Date Posted: 22 August 2006 at 9:26am
Hello,

We started using the SMTP AUTH feature. Thanks. It works great.
Just a small problem with some email clients and email servers.

They expect AUTH=LOGIN instead of AUTH LOGIN.
The spamfilter just gives AUTH LOGIN and confuses these clients.
(1) 250-AUTH LOGIN
(1) 250-8BITMIME
(1) 250 HELP
(1) Provider does not support "AUTH=LOGIN" extension

The postfix server we have works around this by giving out both responses.. eg:
250-PIPELINING
250-SIZE 50120000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME

Would it be possible to have this work-around in the next release.

Thanks in advance


-------------
best regards

Atif



Replies:
Posted By: BigDog
Date Posted: 22 August 2006 at 1:37pm
I agree, MS OE works but I just had a user with a Palm Treo complain that it doesn't work for him and that user is a techy who then telnet'ed into the spamfilter box and told me the very same as  atifghaffar described.


Posted By: BigDog
Date Posted: 22 August 2006 at 2:05pm

Retract my prior.....

Seems that my Cisco Pix firewall is doing this, certain elements are being filtered by it; right now my firewall guy is working on how to make exceptions for the mapping that SpamFilter had though the firewall inorder to correct this.

By the way LogSat, EXCELLANT feature upgrade with LDAP authentication !!!

Kudos and thanks!!!!

 

Cisco Pix changes complete and now it appears that all is working properly from the outside.



Posted By: LogSat
Date Posted: 22 August 2006 at 7:11pm
Atif,

Is your problem also related to the Cisco PIX? If not, can you please provide some references to documentation that requires the syntax "AUTH=LOGIN"?

That syntax is in theory incorrect, as per RFC 2821 the ehlo keywords and its parameters must be separated by a space, the "=" is not allowed:

   Normally, the response to EHLO will be a multiline reply.  Each line
of the response contains a keyword and, optionally, one or more
parameters. Following the normal syntax for multiline replies, these
keyworks follow the code (250) and a hyphen for all but the last
line, and the code and a space for the last line. The syntax for a
positive response, using the ABNF notation and terminal symbols of
[8], is:

ehlo-ok-rsp = ( "250" domain [ SP ehlo-greet ] CRLF )
/ ( "250-" domain [ SP ehlo-greet ] CRLF
*( "250-" ehlo-line CRLF )
"250" SP ehlo-line CRLF )

ehlo-greet = 1*(%d0-9 / %d11-12 / %d14-127)
; string of any characters other than CR or LF

ehlo-line = ehlo-keyword *( SP ehlo-param )

ehlo-keyword = (ALPHA / DIGIT) *(ALPHA / DIGIT / "-")
; additional syntax of ehlo-params depends on

; ehlo-keyword


There is a bug in some older email clients that caused the softwares to require the incorrect syntax "AUTH=LOGIN", but that is a bug in those apps. While we could add the buggy syntax, we're hesitant to do so as we can't predict what will happen to legitimate clients.



-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: atifghaffar
Date Posted: 23 August 2006 at 3:19am
Hello Roberto,

No my problem is not related to PIX.

I understand that it is a broken behaviour in the CLIENT and some Servers that act as a CLIENT for us.

Postfix server has made a configuration parameter that allows you to accept this broken behaviour (Its difficult for me to justify to our clients that it is THEIR program which is broken when the same program was working fine until the move).

Here is the excerpt from the postfix manual, perhaps you can give the same option which when set to yes|1, does what the broken clients want in addition to what the un-broken clients want.


Parameter: broken_sasl_auth_clients

Set this equal to yes to enable support for older clients
that expect AUTH= instead of AUTH. This will result in
Postfix giving two AUTH banners, i.e.:

250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN

This is required to allow Outlook Express 4.x to
authenticate.

thanks



-------------
best regards

Atif


Posted By: LogSat
Date Posted: 23 August 2006 at 6:13pm
Atif,

We uploaded build 3.1.3.598 in the registered user area. The only difference from build 597 is the availability of a new parameter in the SpamFilter.ini file:

;Some older email clients have a bug that requires them to see "AUTH=LOGIN" in the EHLo response rather than "AUTH LOGIN". Set this to 1 to add the incorrect syntax to the EHLO output
AddIncorrectAUTHLOGINEHLOEntry=0

Please let us know if this helps.


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: atifghaffar
Date Posted: 24 August 2006 at 11:43am

Roberto,

Thankyou very very much.

I have more feature requests but will bug you with that at a later time and in a different thread.

 

 



-------------
best regards

Atif


Posted By: Desperado
Date Posted: 24 August 2006 at 9:17pm

Roberto,

It fixed my issue with Stupid ... ooops, I mean "Smart Phones" manufactured by Samsung for Verizon!



-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com



Posted By: LogSat
Date Posted: 24 August 2006 at 10:56pm
Geez... that bug is years old, thought they'd have fixed it by now...

Well... Thank Atif! he did most of the work


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: Desperado
Date Posted: 25 August 2006 at 10:06am

BTW ... I does not seem to have broken the other clients that are using SMTP auth ... or at least I am not seeing any issues.



-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com




Print Page | Close Window