Cypht only checks/acknowledges the first-offered SMTP authentication method

[rawhide-kobayashi]

Maybe a bit less of a bug, more of a design oversight, but anyway.

Cypht will fail to authenticate, despite valid authentication methods being available, if the first one listed is not supported by Cypht. For example, this authentication message works with Thunderbird and Roundcube, but not with Cypht.

Does not work: 250-AUTH GSSAPI PLAIN Works: 250-AUTH PLAIN GSSAPI

Receiving the first string causes Cypht to immediately drop the connection with no further information provided to the SMTP server. Receiving the second causes it to proceed with PLAIN auth, as would normally be expected in both cases.

Steps to reproduce

1. Implement Postfix with SASL authentication
2. Provide multiple mechanisms to SASL for SMTP
3. Make the first option in the list an option supported by SASL and other mail clients, but unsupported by Cypht, such as GSSAPI
4. ...
5. Profit

For me, this is "solved" by changing the order of authentication methods in saslauthd's smtp mech_list config line from "GSSAPI PLAIN to "PLAIN GSSAPI". However, the way AUTH is parsed appears to be fundamentally flawed. I'm no PHP wiz, but I believe the problem area is likely here: https://github.com/jasonmunro/cypht/blob/master/modules/smtp/hm-smtp.php#L316

[jasonmunro]

I cannot reproduce this yet. Seems to be doing the right thing in selecting only the first supported mech in my tests. Thanks for the report and I will try to reproduce again and let you know!

[marclaporte]

@rawhide-kobayashi Any chance you could join us on https://gitter.im/cypht-org/community to help reproduce this?

Thanks!