<<< Date Index >>>     <<< Thread Index >>>

mutt/2117: smtp patch does not tell you when your password is incorrect



>Number:         2117
>Notify-List:    
>Category:       mutt
>Synopsis:       smtp patch does not tell you when your password is incorrect
>Confidential:   no
>Severity:       minor
>Priority:       medium
>Responsible:    mutt-dev
>State:          open
>Keywords:       
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Oct 22 04:55:06 +0200 2005
>Originator:     Charlie Allom
>Release:        HEAD
>Organization:
>Environment:
patch-cvs20051003.bc.smtp
>mutt-1.5.11
>Description:
if you mis-stype your SMTP password, mutt will respond with an error that "No 
authenticators [were] available", which is not the case.

Here is the debug from both sides:

mx_close_message (): unlinking /tmp/mutt-little-laptop-501-29795-6
send.c:967: mutt_mktemp returns "/tmp/mutt-little-laptop-501-29795-7".
ssl_check_certificate: signer check passed
< 220 lazy.spodder.com ESMTP Postfix
> EHLO eatyourpets.com
< 250-lazy.spodder.com
< 250-PIPELINING
< 250-SIZE 10240000
< 250-ETRN
< 250-AUTH PLAIN DIGEST-MD5 CRAM-MD5
< 250-AUTH=PLAIN DIGEST-MD5 CRAM-MD5
< 250 8BITMIME
smtp_authenticate: Trying method plain
local ip: 10.0.1.3;59557, remote ip:72.21.56.27;465
External SSF: 256
External authentication name: charlie
mutt_sasl_cb_authname: getting authname for mail.eatyourpets.com:465
mutt_sasl_cb_authname: getting user for mail.eatyourpets.com:465
mutt_sasl_cb_pass: getting password for charlie@xxxxxxxxxxxxxxxxxxxx:465
> AUTH PLAIN Y2hhcmxpZQBjaGFybGllAGJvb3R5
< 535 Error: authentication failed
smtp_auth_sasl: PLAIN failed
No authenticators available
mutt_free_body: Unlinking /tmp/mutt-little-laptop-501-29795-3.

and from the MTA side:
Oct 21 21:47:46 lazy postfix/smtpd[26056]: connect from 220-253-43-125.VIC.netsp
ace.net.au[220.253.43.125]
Oct 21 21:47:54 lazy postfix/smtpd[26056]: warning: SASL authentication failure:
 Password verification failed
Oct 21 21:47:54 lazy postfix/smtpd[26056]: warning: 220-253-43-125.VIC.netspace.
net.au[220.253.43.125]: SASL PLAIN authentication failed
Oct 21 21:47:55 lazy postfix/smtpd[26056]: lost connection after AUTH from 220-2
53-43-125.VIC.netspace.net.au[220.253.43.125]
Oct 21 21:47:55 lazy postfix/smtpd[26056]: disconnect from 220-253-43-125.VIC.ne
tspace.net.au[220.253.43.125]

It seems the smtp.patch could use the "535" error code to pick up on an 
authentication failure, rather than a lack of authentication mechanism?

It seems mutt can internally check it's authenticators to really report if 
there are no authenticators:

ssl_check_certificate: signer check passed
< 220 lazy.spodder.com ESMTP Postfix
> EHLO eatyourpets.com
< 250-lazy.spodder.com
< 250-PIPELINING
< 250-SIZE 10240000
< 250-ETRN
< 250-AUTH PLAIN DIGEST-MD5 CRAM-MD5
< 250-AUTH=PLAIN DIGEST-MD5 CRAM-MD5
< 250 8BITMIME
smtp_authenticate: Trying method gssapi
local ip: 10.0.1.3;59564, remote ip:72.21.56.27;465
External SSF: 256
External authentication name: charlie
mutt_sasl_cb_authname: getting user for mail.eatyourpets.com:465
SASL: GSSAPI Error: Miscellaneous failure (No credentials cache found)
smtp_auth_sasl: GSSAPI unavailable
No authenticators available
mutt_free_body: Unlinking /tmp/mutt-little-laptop-501-29929-4.
>How-To-Repeat:
on the prompt for SMTP password, enter a bogus password, and watch it return 
"No Authenticators available". I should return "bad password" or whatever the 
string is.
>Fix:
Unknown
>Add-To-Audit-Trail:

>Unformatted: