mutt/2117: smtp patch does not tell you when your password is incorrect
>Number: 2117
>Notify-List:
>Category: mutt
>Synopsis: smtp patch does not tell you when your password is incorrect
>Confidential: no
>Severity: minor
>Priority: medium
>Responsible: mutt-dev
>State: open
>Keywords:
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Oct 22 04:55:06 +0200 2005
>Originator: Charlie Allom
>Release: HEAD
>Organization:
>Environment:
patch-cvs20051003.bc.smtp
>mutt-1.5.11
>Description:
if you mis-stype your SMTP password, mutt will respond with an error that "No
authenticators [were] available", which is not the case.
Here is the debug from both sides:
mx_close_message (): unlinking /tmp/mutt-little-laptop-501-29795-6
send.c:967: mutt_mktemp returns "/tmp/mutt-little-laptop-501-29795-7".
ssl_check_certificate: signer check passed
< 220 lazy.spodder.com ESMTP Postfix
> EHLO eatyourpets.com
< 250-lazy.spodder.com
< 250-PIPELINING
< 250-SIZE 10240000
< 250-ETRN
< 250-AUTH PLAIN DIGEST-MD5 CRAM-MD5
< 250-AUTH=PLAIN DIGEST-MD5 CRAM-MD5
< 250 8BITMIME
smtp_authenticate: Trying method plain
local ip: 10.0.1.3;59557, remote ip:72.21.56.27;465
External SSF: 256
External authentication name: charlie
mutt_sasl_cb_authname: getting authname for mail.eatyourpets.com:465
mutt_sasl_cb_authname: getting user for mail.eatyourpets.com:465
mutt_sasl_cb_pass: getting password for charlie@xxxxxxxxxxxxxxxxxxxx:465
> AUTH PLAIN Y2hhcmxpZQBjaGFybGllAGJvb3R5
< 535 Error: authentication failed
smtp_auth_sasl: PLAIN failed
No authenticators available
mutt_free_body: Unlinking /tmp/mutt-little-laptop-501-29795-3.
and from the MTA side:
Oct 21 21:47:46 lazy postfix/smtpd[26056]: connect from 220-253-43-125.VIC.netsp
ace.net.au[220.253.43.125]
Oct 21 21:47:54 lazy postfix/smtpd[26056]: warning: SASL authentication failure:
Password verification failed
Oct 21 21:47:54 lazy postfix/smtpd[26056]: warning: 220-253-43-125.VIC.netspace.
net.au[220.253.43.125]: SASL PLAIN authentication failed
Oct 21 21:47:55 lazy postfix/smtpd[26056]: lost connection after AUTH from 220-2
53-43-125.VIC.netspace.net.au[220.253.43.125]
Oct 21 21:47:55 lazy postfix/smtpd[26056]: disconnect from 220-253-43-125.VIC.ne
tspace.net.au[220.253.43.125]
It seems the smtp.patch could use the "535" error code to pick up on an
authentication failure, rather than a lack of authentication mechanism?
It seems mutt can internally check it's authenticators to really report if
there are no authenticators:
ssl_check_certificate: signer check passed
< 220 lazy.spodder.com ESMTP Postfix
> EHLO eatyourpets.com
< 250-lazy.spodder.com
< 250-PIPELINING
< 250-SIZE 10240000
< 250-ETRN
< 250-AUTH PLAIN DIGEST-MD5 CRAM-MD5
< 250-AUTH=PLAIN DIGEST-MD5 CRAM-MD5
< 250 8BITMIME
smtp_authenticate: Trying method gssapi
local ip: 10.0.1.3;59564, remote ip:72.21.56.27;465
External SSF: 256
External authentication name: charlie
mutt_sasl_cb_authname: getting user for mail.eatyourpets.com:465
SASL: GSSAPI Error: Miscellaneous failure (No credentials cache found)
smtp_auth_sasl: GSSAPI unavailable
No authenticators available
mutt_free_body: Unlinking /tmp/mutt-little-laptop-501-29929-4.
>How-To-Repeat:
on the prompt for SMTP password, enter a bogus password, and watch it return
"No Authenticators available". I should return "bad password" or whatever the
string is.
>Fix:
Unknown
>Add-To-Audit-Trail:
>Unformatted: