<<< Date Index >>>     <<< Thread Index >>>

Re: [Mutt] #2117: smtp patch does not tell you when your password



#2117: smtp patch does not tell you when your password is incorrect

Changes (by brendan):

  * owner:  mutt-dev => brendan
  * milestone:  => 1.6

Old description:

> {{{
> if you mis-stype your SMTP password, mutt will respond with an error that
> "No authenticators [were] available", which is not the case.
>
> Here is the debug from both sides:
>
> mx_close_message (): unlinking /tmp/mutt-little-laptop-501-29795-6
> send.c:967: mutt_mktemp returns "/tmp/mutt-little-laptop-501-29795-7".
> ssl_check_certificate: signer check passed
> < 220 lazy.spodder.com ESMTP Postfix
> > EHLO eatyourpets.com
> < 250-lazy.spodder.com
> < 250-PIPELINING
> < 250-SIZE 10240000
> < 250-ETRN
> < 250-AUTH PLAIN DIGEST-MD5 CRAM-MD5
> < 250-AUTH=PLAIN DIGEST-MD5 CRAM-MD5
> < 250 8BITMIME
> smtp_authenticate: Trying method plain
> local ip: 10.0.1.3;59557, remote ip:72.21.56.27;465
> External SSF: 256
> External authentication name: charlie
> mutt_sasl_cb_authname: getting authname for mail.eatyourpets.com:465
> mutt_sasl_cb_authname: getting user for mail.eatyourpets.com:465
> mutt_sasl_cb_pass: getting password for charlie@xxxxxxxxxxxxxxxxxxxx:465
> > AUTH PLAIN Y2hhcmxpZQBjaGFybGllAGJvb3R5
> < 535 Error: authentication failed
> smtp_auth_sasl: PLAIN failed
> No authenticators available
> mutt_free_body: Unlinking /tmp/mutt-little-laptop-501-29795-3.
>
> and from the MTA side:
> Oct 21 21:47:46 lazy postfix/smtpd[26056]: connect from
> 220-253-43-125.VIC.netsp
> ace.net.au[220.253.43.125]
> Oct 21 21:47:54 lazy postfix/smtpd[26056]: warning: SASL authentication
> failure:
>  Password verification failed
> Oct 21 21:47:54 lazy postfix/smtpd[26056]: warning:
> 220-253-43-125.VIC.netspace.
> net.au[220.253.43.125]: SASL PLAIN authentication failed
> Oct 21 21:47:55 lazy postfix/smtpd[26056]: lost connection after AUTH
> from 220-2
> 53-43-125.VIC.netspace.net.au[220.253.43.125]
> Oct 21 21:47:55 lazy postfix/smtpd[26056]: disconnect from
> 220-253-43-125.VIC.ne
> tspace.net.au[220.253.43.125]
>
> It seems the smtp.patch could use the "535" error code to pick up on an
> authentication failure, rather than a lack of authentication mechanism?
>
> It seems mutt can internally check it's authenticators to really report
> if there are no authenticators:
>
> ssl_check_certificate: signer check passed
> < 220 lazy.spodder.com ESMTP Postfix
> > EHLO eatyourpets.com
> < 250-lazy.spodder.com
> < 250-PIPELINING
> < 250-SIZE 10240000
> < 250-ETRN
> < 250-AUTH PLAIN DIGEST-MD5 CRAM-MD5
> < 250-AUTH=PLAIN DIGEST-MD5 CRAM-MD5
> < 250 8BITMIME
> smtp_authenticate: Trying method gssapi
> local ip: 10.0.1.3;59564, remote ip:72.21.56.27;465
> External SSF: 256
> External authentication name: charlie
> mutt_sasl_cb_authname: getting user for mail.eatyourpets.com:465
> SASL: GSSAPI Error: Miscellaneous failure (No credentials cache found)
> smtp_auth_sasl: GSSAPI unavailable
> No authenticators available
> mutt_free_body: Unlinking /tmp/mutt-little-laptop-501-29929-4.
> >How-To-Repeat:
> on the prompt for SMTP password, enter a bogus password, and watch it
> return "No Authenticators available". I should return "bad password" or
> whatever the string is.
> >Fix:
> Unknown
> }}}

New description:

 {{{
 if you mis-stype your SMTP password, mutt will respond with an error that
 "No authenticators [were] available", which is not the case.

 Here is the debug from both sides:

 mx_close_message (): unlinking /tmp/mutt-little-laptop-501-29795-6
 send.c:967: mutt_mktemp returns "/tmp/mutt-little-laptop-501-29795-7".
 ssl_check_certificate: signer check passed
 < 220 lazy.spodder.com ESMTP Postfix
 > EHLO eatyourpets.com
 < 250-lazy.spodder.com
 < 250-PIPELINING
 < 250-SIZE 10240000
 < 250-ETRN
 < 250-AUTH PLAIN DIGEST-MD5 CRAM-MD5
 < 250-AUTH=PLAIN DIGEST-MD5 CRAM-MD5
 < 250 8BITMIME
 smtp_authenticate: Trying method plain
 local ip: 10.0.1.3;59557, remote ip:72.21.56.27;465
 External SSF: 256
 External authentication name: charlie
 mutt_sasl_cb_authname: getting authname for mail.eatyourpets.com:465
 mutt_sasl_cb_authname: getting user for mail.eatyourpets.com:465
 mutt_sasl_cb_pass: getting password for charlie@xxxxxxxxxxxxxxxxxxxx:465
 > AUTH PLAIN Y2hhcmxpZQBjaGFybGllAGJvb3R5
 < 535 Error: authentication failed
 smtp_auth_sasl: PLAIN failed
 No authenticators available
 mutt_free_body: Unlinking /tmp/mutt-little-laptop-501-29795-3.

 and from the MTA side:
 Oct 21 21:47:46 lazy postfix/smtpd[26056]: connect from
 220-253-43-125.VIC.netsp
 ace.net.au[220.253.43.125]
 Oct 21 21:47:54 lazy postfix/smtpd[26056]: warning: SASL authentication
 failure:
  Password verification failed
 Oct 21 21:47:54 lazy postfix/smtpd[26056]: warning:
 220-253-43-125.VIC.netspace.
 net.au[220.253.43.125]: SASL PLAIN authentication failed
 Oct 21 21:47:55 lazy postfix/smtpd[26056]: lost connection after AUTH from
 220-2
 53-43-125.VIC.netspace.net.au[220.253.43.125]
 Oct 21 21:47:55 lazy postfix/smtpd[26056]: disconnect from
 220-253-43-125.VIC.ne
 tspace.net.au[220.253.43.125]

 It seems the smtp.patch could use the "535" error code to pick up on an
 authentication failure, rather than a lack of authentication mechanism?

 It seems mutt can internally check it's authenticators to really report if
 there are no authenticators:

 ssl_check_certificate: signer check passed
 < 220 lazy.spodder.com ESMTP Postfix
 > EHLO eatyourpets.com
 < 250-lazy.spodder.com
 < 250-PIPELINING
 < 250-SIZE 10240000
 < 250-ETRN
 < 250-AUTH PLAIN DIGEST-MD5 CRAM-MD5
 < 250-AUTH=PLAIN DIGEST-MD5 CRAM-MD5
 < 250 8BITMIME
 smtp_authenticate: Trying method gssapi
 local ip: 10.0.1.3;59564, remote ip:72.21.56.27;465
 External SSF: 256
 External authentication name: charlie
 mutt_sasl_cb_authname: getting user for mail.eatyourpets.com:465
 SASL: GSSAPI Error: Miscellaneous failure (No credentials cache found)
 smtp_auth_sasl: GSSAPI unavailable
 No authenticators available
 mutt_free_body: Unlinking /tmp/mutt-little-laptop-501-29929-4.
 >How-To-Repeat:
 on the prompt for SMTP password, enter a bogus password, and watch it
 return "No Authenticators available". I should return "bad password" or
 whatever the string is.
 >Fix:
 Unknown
 }}}

-- 
Ticket URL: <http://dev.mutt.org/trac/ticket/2117#comment:1>