肖建彬的博客

作者: 肖建彬 | 可以转载, 转载时务必以超链接形式标明文章原始出处和作者信息及版权声明
网址：http://www.xiaojb.com/archives/mailtech/empty_auth.shtml

Question:

Hi all,
after upgrading from SLES8 to SLES9 -> postfix-2.1.1-1.17,
postfix is configured as smpt-auth client against a windows2003 server.
I have noticed that postfix sends the following string

> MAIL FROM: AUTH=

(this didn't happen with SLES8 - postfix-1.1.12-12 - i mean the empty AUTH)
and this mail is rejected from the windows2003 server with the following message
> 454 5.7.3 Client does not have permission to Send As this sender

the authentication itself works
250 OK
AUTH LOGIN
334 VXNlcm5hbWU6
cmRwdXNlcjM=
334 UGFzc3dvcmQ6
cmRwdXNlcjM=
235 2.7.0 Authentication successful.
MAIL FROM: AUTH=
-----
without this AUTH= or with AUTH= windows2003 accepts the mail.

how can i
1. tell postfix not to send the empty AUTH=
2. or tell postfix to add the username to AUTH=

TIA

Khai

Wietse Venema reply:

3. Tell Microsoft to implement the AUTH command as described in RFC 2554.

Wietse Venema 拿出来了RFC2554

RFC 2554 says:

      It is conforming for an implementation to be hard-coded to treat
      all clients as being insufficiently trusted.  In that case, the
      implementation does nothing more than parse and discard
      syntactically valid AUTH parameters to the MAIL FROM command and
      supply AUTH= parameters to any servers to which it
      authenticates using the AUTH extension.

Postfix implements RCF 2554. Microsoft apparently does not.

Windows2003 mail server不能接受MAIL FROM: AUTH=这样的指令，不符合RFC2554.