On Mon, 6 Feb 2006, Guillaume Filion wrote:
> [EMAIL PROTECTED] a ?crit :
> > My Mozilla SMTP settings allow for using SSL never, if available,
> > or always, plus a "User Login" user name, which I had selected - the
> > plugin never fired.
> >
> > Although it's firing with Netscape 7.1 on Windows, the auth is
> > failing (DECLINED) at the first test, which I suspect is related to the
> > failure of SMTP.pm line 227. Some information is not being propagated.
>
> In the logs (log/main/current),
> - is the server sending an ESMTP announce containing this:
> 250 AUTH PLAIN CRAM-MD5
>
> - is the client sending a AUTH CRAM-MD5 to the server?
In the case of the Mozilla client, that doesn't appear to be the
case, even when I tell it to use a login/password.
It does send it for Netscape 7.1 on Windows, but I don't seem to
have found the correct combination of login and config/auth_flat_file
entry to use.
Interestingly, Outlook 2000 appears to send neither STARTTLS (when
I select SSL) nor AUTH CRAM-MD5 (when I tell it to use a login/password,
whether encrypted or not).
> I'm not using this particular plugin, but I'm pretty sure that the file
> format is:
> [EMAIL PROTECTED]:password
>
> In your client config you just use [EMAIL PROTECTED] as the user name.
>
> Let us know how you're doing,
I'll do that right now. I've got debugging level 7 turned on. I'm
using Netscape 7.1 on Windows. I've told Netscape to use SSL. I've used
the ficticious "[EMAIL PROTECTED]" as the login in both Netscape and the
config file. When I send:
dispatching STARTTLS
running plugin (unrecognized_command): tls
220 Go ahead with TLS
CA file certs/my-ca.pem not found, using CA path instead.
TLS setup returning
Plugin tls, hook unrecognized_command returned DONE,
got `EHLO rope.net
' (15:0 bytes, VM=vm_unknown)
As far as I can tell, it actually works.
When I am prompted for the password, it asks for the password for
"[EMAIL PROTECTED]@testsmtp.rope.net" - the last part is the server's
hostname. I type in the password and it hangs:
[NOTICE THAT ON THIS, THE 2ND EHLO, THE NAME/IP WERE NOT FOUND!]
250-sprint.rope.net Hello []
250-PIPELINING
250-8BITMIME
250 AUTH CRAM-MD5
got `AUTH CRAM-MD5
' (15:0 bytes, VM=vm_unknown)
dispatching AUTH CRAM-MD5
trying to get config for me
334 PDNhY2Q1LjQzZTc3ZGUzQHNwcmludC5yb3BlLm5ldD4=
When I kill the send, I get the rest:
Premature end of base64 data at lib/Qpsmtpd/Auth.pm line 289, <> line 1.
running plugin (auth-cram-md5): auth_flat_file
Plugin auth_flat_file, hook auth-cram-md5 returned DECLINED,
535 Authentication Failed For 53q;F(#dSnf -
Authentication Failed For 53q;F(#dSnf -
got `' (0:0 bytes, VM=vm_unknown)
SSL read errorerror:00000000:lib(0):func(0):reason(0)
at /usr/lib/perl5/site_perl/5.8.5/IO/Socket/SSL.pm line 543
cleaning up
The garbage at the end of 'Authentication Failed For ...' changes
each time I connect and doesn't cut-n-paste properly across screens.
==============
I'm getting the sense that only the latest and greatest mail
clients will support TLS, and that any of the Microsoft just plain doesn't
work properly anyway. As for AUTH, probably the same "only the latest and
greatest" issue, but I think I may be close :-/ At least if I can get one
thing working, I can always tell the users that it works with a certain
mail client, so if they want to use the feature, then they have to use
that client :-/
