]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
submission-login: Fail CLIENT_AUTH_RESULT_MECH_SSL_REQUIRED authentication result...
authorStephan Bosch <stephan.bosch@dovecot.fi>
Sat, 23 Dec 2017 22:49:02 +0000 (23:49 +0100)
committerStephan Bosch <stephan.bosch@dovecot.fi>
Wed, 27 Dec 2017 14:23:01 +0000 (15:23 +0100)
Defined in RFC5248, Section 2.4.

src/submission-login/client-authenticate.c

index 1ae8b5b7c92b2d82a7579e2c1e7cbdd8857e8072..48aff64b91ea13ca88c2c703d614423bb837b797 100644 (file)
@@ -141,8 +141,20 @@ void submission_client_auth_result(struct client *client,
                   SHOULD be 5.7.0. */
                smtp_server_reply(cmd, 530, "5.7.0", "%s", text);
                break;
-       case CLIENT_AUTH_RESULT_MECH_INVALID:
        case CLIENT_AUTH_RESULT_MECH_SSL_REQUIRED:
+               /* RFC5248, Section 2.4:
+
+                  523 X.7.10 Encryption Needed
+
+                  This indicates that an external strong privacy layer is
+                  needed in order to use the requested authentication
+                  mechanism. This is primarily intended for use with clear text
+                  authentication mechanisms. A client that receives this may
+                  activate a security layer such as TLS prior to
+                  authenticating, or attempt to use a stronger mechanism. */
+               smtp_server_reply(cmd, 523, "5.7.10", "%s", text);
+               break;
+       case CLIENT_AUTH_RESULT_MECH_INVALID:
                /* RFC4954, Section 4:
 
                   If the requested authentication mechanism is invalid (e.g.,