[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Channel binding being attempted even when SCRAM PLUS not advertized

From: Simon Josefsson
Subject: Re: Channel binding being attempted even when SCRAM PLUS not advertized
Date: Mon, 15 Aug 2022 20:32:03 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)

Manvendra Bhangui <> writes:

> On Mon, 15 Aug 2022 at 23:36, Simon Josefsson <> wrote:
>> Manvendra Bhangui <> writes:
>> > I have recently added SCRAM-SHA-1, SCRAM-SHA-1-PLUS, SCRAM-SHA-256 and
>> > SCRAM-SHA-256-PLUS, to my smtp daemon, using gsasl.
>> Thank you!  Is indimail packaged for some distribution?
> It is packaged officially for any distribution, but my users mostly
> install it from openSUSE build service for most linux distributions or
> use the docker images from github.

Maybe it would be possible to integrate this into GitLab CI/CD... what
is the name of the docker image?  Does it ship with recent gsasl?

>> Maybe what you found is an unexpected behaviour in the 'gsasl' tool --
>> the callback shouldn't set CB's when non-PLUS is selected.  It doesn't
>> have the logic to do that, but you should be able to fake it with
>> --no-cb.  The idea was that the tool should be as dumb as possible, to
>> allow you to use --no-cb to manually chose here.  But perhaps the
>> default for non-PLUS
> OK, I tried that and it works. Using --no-cb works for me as I am
> primarily using gsasl for testing. It is very useful and I doubt if
> there is anything else available to test the SCRAM auth methods.

Both msmtp and GNU MailUtils uses gsasl, and while tls-exporter support
may be missing right now, it shouldn't be hard to add it.

Getting interop of all this working would be great -- I know the Exim
folks are looking into this too.


Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]