On Thu, Aug 13, 2009 at 03:25:45PM -0500, Blake Hudson wrote: > -------- Original Message -------- > Subject: thunderbird 3.0, cram-md5 failing > From: Jay G. Scott <g...@arlut.utexas.edu> > To: postfix-users@postfix.org > Date: Thursday, August 13, 2009 3:03:38 PM >> Greetings, >> >> client = thunderbird 3.0 beta 3 >> postfix 2.3.3 >> linux, host == jgstoy >> >> doing TLS encryption and authentication. >> >> windows/thunderbird 2.0.0.22 works >> windows/outlook 2003 works >> >> looking at /var/log/maillog i see that thunderbird 3 is setting >> up a TLS connection okay. >> >> but the authentication fails: >> Aug 13 14:51:40 smail postfix/smtpd[3128]: warning: SASL authentication >> failure: no secret in database >> Aug 13 14:51:40 smail postfix/smtpd[3128]: warning: >> jgstoy.arlut.utexas.edu[10.3.16.56]: SASL CRAM-MD5 authentication failed: >> authentication failure >> >> 1. i can't seem to tell thunderbird not to use cram-md5, but >> that might be a short-term workaround. if i change smtpd.conf >> to be just plain login then thunderbird says the server doesn't >> authenticate. >> >> 2. some people who should know were saying in feb 2007 that >> saslauthd did not support cram-md5. but.... it looks like >> it should. does it work nowadays? >> >> 3. i CAN use openssl to "telnet" in and send mail from the >> linux client jgstoy. but i used >> auth plain >> not auth cram-md5. so the problem is getting cram-md5 to >> work on the server, right? >> >> > > I would suggest using smtptest (part of cyrus) to confirm that your > server correctly authenticates using CRAM-MD5. If it works, then there's > a problem with thunderbird. If not, then you can either stop advertising > CRAM or look into fixing the problem on the server side.
that looks a lot like what this will do: openssl s_client -starttls smtp .... but the problem is i don't know how to supply the AUTH CRAM-MD5 ....this part.... or i could use openssl to test it. > > Also note, in my experience T-Bird caches and does not refresh the list > of available auth mechs without a restart. So if you change available > mechs on the server, t-bird will not notice and may continue to try and > authenticate using the now unsupported mech. I've seen this silly ohhhhh... i think i didn't restart.... j. > behavior after making account server/port settings changes. This would > explain point #1 above. > > --Blake -- Jay Scott 512-835-3553 g...@arlut.utexas.edu Head of Sun Support, Sr. Operating Systems Specialist Applied Research Labs, Computer Science Div. S224 University of Texas at Austin
