Brian Szymanski wrote:
The fix:
In ehlo(), when we determine the available auth mechanisms, save this
bit of information in $self->{_auth_mechanisms}. Then, in auth(),
instead of calling Qsmtpd::Auth::SASL, respond 504 and return DENY if
the authentication method requested is not in $self->{_auth_mechanisms}.
I agree that this is a bug we want to fix (even though the *client* is
at fault here). However, I don't see any benefit to caching this
information in the $self object, since the auth mechanisms are global
(i.e. not specific to any transaction).
I'm working on a variant of your patch which makes %auth_mechanisms a
package variable, and the test hits that directly, instead of carrying
it around in the $self container. I think this will also make it easier
to remove the auth code from Qpsmtpd/SMTP.pm (which is a goal I have).
John
