Closed
Bug 150212
Opened 23 years ago
Closed 17 years ago
[RFE] Add CRAM-MD5 and DIGEST-MD5 AUTH support to SMTP (see #41594 also)
Categories
(MailNews Core :: Networking: SMTP, enhancement)
MailNews Core
Networking: SMTP
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: dommi_fr2, Assigned: Bienvenu)
References
Details
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc3) Gecko/20020531
Debian/1.0rc3-2
BuildID: 1.0rc3
SMTP AUTH mechanisms support for "CRAM-MD5" and "DIGEST-MD5" should be added to
SMTP server features.
Most SMTP servers support either "CRAM-MD5" or "DIGEST-MD5" but mostly not both
of them, so both algorithms are important to be supported.
Some SMTP-Server don't support SSL if they have AUTH support enabled (e.g. GMX -
one of the major german Mail providers), so this feature would really be important.
It should be quite easy to copy the IMAP code to the SMTP code (see #41594)
Summary: Add CRAM-MD5 and DIGEST-MD5 AUTH support to SMTP (see #41594 also) → [RFE] Add CRAM-MD5 and DIGEST-MD5 AUTH support to SMTP (see #41594 also)
|
||
Comment 2•23 years ago
|
||
Should this bug be marked as duplicate of 41594 or just dependant on it, since
implementation of cram-MD5 on IMAP would make it implemented for SMTP?
comment #12 for 41594 indicates that this should be considered a seperate,
dependent bug.
Depends on: 41594
|
||
Comment 4•22 years ago
|
||
I suggest grouping bugs: 169375, 150212, 41594 . I need this bug to be fixed
before I can make the switch from OE to Mozilla. My email service uses CRAM-MD5
auth. and I can not use it as an SMTP server until Mozillla supports this for SMTP.
|
Assignee | |
Comment 6•22 years ago
|
||
I've added CRAM-MD5, but not DIGEST-MD5 - DIGEST-MD5 is more involved. I'd like
to be able to reuse the HTTP AuthDigest code, if possible and appropriate. Right
now, it's just a private method.
|
||
Comment 7•22 years ago
|
||
re Comment 6 (bienvenue):
Does this mean that the CRAM-MD5 support added for 41594 includes SMTP, or is
this a separate patch you are going to add?
|
|
Assignee | |
Comment 8•22 years ago
|
||
CRAM-MD5 should be working for SMTP now as well.
|
||
Comment 9•22 years ago
|
||
I am currently getting repeated failures from my mailserver; the error message
claims that "<server> responded: CRAM-MD5 authentication refused"
I can usually log in if I supply the password often enough; sometimes it works
the first time, sometimes takes on retry, sometimes takes several retries.
Is there something I need to do to turn this OFF in Mozilla? Because I don't
think my server supports it.
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b) Gecko/20030426
|
|
Assignee | |
Comment 10•22 years ago
|
||
fix for pop3 cram-md5 checked in to bug 203219
|
||
Comment 11•22 years ago
|
||
I am using version 1.4b of Mozilla and the cram-md5 SMTP authentication does not
work for me. It works with Mail.App, but not with Mozilla. Sadness. I have to
use a windows box at work, and I would love to use Mozilla instead of the Other
One. The lack of SMTP is a real show stopper for me. I think the problem is,
under the "outgoing server" dialog it has a check box for use name and password.
I assume this means that it will check for authentication. However, there is no
option for password and it never asks for one. It just times out on the send.
Perhaps the problem is that it is assuming my cram-md5 password is the same as
the IMAP password? THIS SHOULD NOT BE THE CASE. Proper operation, IMHO, would be
for a dialog to ask for the password to pop-up after the first guess with the
IMAP password fails. I hope this makes sense. I will work closely with anybody
that want to fix this problem. My mail server is a freeBSD box running postfix.
|
||
Comment 12•22 years ago
|
||
Please consider bug 205003 when fixing this (eventually set dependance). There
should be a way to have it disabled or at least to have the mail client to give
up and try with a normal login if it fails for three times. Some web servers do
not seem to handle correctly the cram-md5 authentication for POP and IMAP, so
setting it for SMTP would make things worse.
|
|
||
Comment 13•22 years ago
|
||
My fault: I earlier said I had problems with CRAM-MD5 authentications in comment
#11 but it seems that it is actually my institute's firewall. They block
outgoing port 25 calls as far as I can tell.
|
||
Comment 14•21 years ago
|
||
At least CRAM-MD5 works for me (with or w/o TLS), because that's the mechanism
mozilla 1.7.2 chooses, when it connects to my postfix smtp server (verified in
the server logfile). I've configured
smtpd_sasl_security_options = noanonymous, noplaintext
for postfix.
But I don't know what mozilla does, when plaintext logins are allowed, but
CRAM-MD5 is possible, too. I would vote for using the safe mechanism in this
case, too. Even better use DIGEST-MD5 when available. Experts say that it's
slightly better than CRAM-MD5.
|
||
Updated•21 years ago
|
Product: MailNews → Core
|
|
Assignee | |
Comment 15•17 years ago
|
||
cram and digest md5 have been implemented for smtp for a long time, afaik.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
|
||
Updated•17 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•