It may be deliberate behaviour by Office365, to avoid giving out information that may assist an attacker.
Ralph Mitchell On Thu, Jun 4, 2015 at 11:26 AM, Jamie Gordon <[email protected]> wrote: > Hi > > I have a problem with the correct error handling for SMTP errors when > using libcurl and I'd be pleased if anyone can help/advise me. Specifically > in this case I am using libcurl 7.42.1 but the same behaviour has been seen > with previous versions I have tested with. > > This issue is, if I use the wrong password with Office365 I get error > "CURLE_OPERATION_TIMEDOUT " and the internal curl message > (CURLOPT_ERRORBUFFER) is "Operation timed out after 0 milliseconds with 0 > out of 0 bytes received". Actually some other servers using TLS do this > also, but they have been at customer sites and I don't have any debug from > those servers. But the issue is repeatable for me using Office365. If I use > the correct username/password an email is sent fine. And I've been using > the same sending code for a while with standard port 25 SMTP. > > You can see the debug from the libcurl below (this is output from my own > CURLOPT_DEBUGFUNCTION callback function). I've just used a made up a > username/password of [email protected]/moo. > > <debug> > EHLO myhost > > 250-AM2PR09CA0025.outlook.office365.com Hello [194.75.73.194] > 250-SIZE 157286400 > 250-PIPELINING > 250-DSN > 250-ENHANCEDSTATUSCODES > 250-AUTH LOGIN > 250-8BITMIME > 250-BINARYMIME > 250 CHUNKING > > AUTH LOGIN > > 334 VXNlcm5hbWU6 > > dGVzdEBleGFtcGxlLmNvbQ== > > 334 UGFzc3dvcmQ6 > > bW9v > > Operation timed out after 0 milliseconds with 0 out of 0 bytes received > Closing connection 0 > </debug> > > In terms of function calls: > > curl_easy_perform returned 28 (CURLE_OPERATION_TIMEDOUT) > curl_easy_getinfo(CURLINFO_HTTP_CONNECTCODE) returned 334 > and > curl_easy_getinfo(CURLINFO_RESPONSE_CODE) returned 0 > > Interestingly, if I use gmail with the wrong password I see more relevant > info in the debug. And curl_easy_perform also gives me CURLE_LOGIN_DENIED > which is much more user friendly. > > <debug> > 535-5.7.8 Username and Password not accepted. Learn more at > 535 5.7.8 https://support.google.com/mail/answer/14257 ju2sm6707323wid.12 > - gsmtp > Closing connection 0 > </debug> > > So this seems maybe specific to the server somehow. Is it a problem with > the Office365 response in TLS? Is their exchange server doing something > wrong? Or is there some bad handling in libcurl somewhere? Or maybe could I > have initialised something wrong in my c++ calling libcurl? > > If this behaviour by libcurl is "correct" then is it possible to interpret > what I have to maybe suggest to the user that they have entered invalid > credentials, rather than presenting them with "Operation timed out after 0 > milliseconds..."? > > Otherwise if it is a bug, then I'll try to look into the library in more > details and see if I can work out what's wrong. > > Any advice appreciated. > > Thanks > > Jamie > > ------------------------------------------------------------------- > List admin: http://cool.haxx.se/list/listinfo/curl-library > Etiquette: http://curl.haxx.se/mail/etiquette.html
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
