[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Channel binding being attempted even when SCRAM PLUS not advertized

From: Manvendra Bhangui
Subject: Re: Channel binding being attempted even when SCRAM PLUS not advertized
Date: Tue, 16 Aug 2022 00:11:46 +0530

On Tue, 16 Aug 2022 at 00:02, Simon Josefsson <> wrote:
> Manvendra Bhangui <> writes:
> > On Mon, 15 Aug 2022 at 23:36, Simon Josefsson <> wrote:
> >>
> >> Manvendra Bhangui <> writes:
> >>
> >> > I have recently added SCRAM-SHA-1, SCRAM-SHA-1-PLUS, SCRAM-SHA-256 and
> >> > SCRAM-SHA-256-PLUS, to my smtp daemon, using gsasl.
> >>
> >> Thank you!  Is indimail packaged for some distribution?
> >>
> > It is packaged officially for any distribution, but my users mostly
> > install it from openSUSE build service for most linux distributions or
> > use the docker images from github.
> Maybe it would be possible to integrate this into GitLab CI/CD... what
> is the name of the docker image?  Does it ship with recent gsasl?
I'm yet to merge the PR for SCRAM-*-PLUS into master and build the
docker image. The next release will have gsasl and support
tls-exporter. Hopefully it should be out before the end of this month.

The PR which has tls-exporter is
The docker images are at

> Both msmtp and GNU MailUtils uses gsasl, and while tls-exporter support
> may be missing right now, it shouldn't be hard to add it.
> Getting interop of all this working would be great -- I know the Exim
> folks are looking into this too.

I tried cyrus-sasl too. However I find using gsasl much easier and
better. It literally took few hours to make SCRAM-SHA-1 and
SCRAM-SHA-256 work.

For the PLUS variant it took me almost a week before I discovered the
openssl functions
SSL_get_peer_finished() and SSL_export_keying_material().

Now it works like a charm with gsasl.
Regards Manvendra -
GPG Pub Key

reply via email to

[Prev in Thread] Current Thread [Next in Thread]