Closed Bug 205003 Opened 22 years ago Closed 22 years ago

The PASS command did not succeed: "invalid proxy password"

Categories

(MailNews Core :: Networking: POP, defect)

Product:
MailNews Core
Component:
Networking: POP
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
mozilla1.4final

People

(Reporter: anto.montagnani, Assigned: Bienvenu)

References

Details

(Keywords: regression, Whiteboard: [adt2])

Attachments

(2 files, 1 obsolete file)

Two logs generated for Tin.it and Tiscali.it. The first part of the log shows what happens on Tin.it (until the ***), and the second part what on Tiscali.it (which is fine).
3.19 KB, text/plain
Details
workaround v2
6.50 KB, patch
Bienvenu
: review+
sspitzer
: superreview+
sspitzer
: approval1.4+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4a) Gecko/20030401 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) I downloaded 1.4b RPMs for RedHat but when I carry out a mail check I get the following message: The PASS command did not suceed.Mail server xxx.xxx.it responded: invalid proxy password. 1.4a worked great Reproducible: Always Steps to Reproduce: 1. 2. 3. Actual Results: POP is blocked with previous message The PASS command did not suceed.Mail server xxx.xxx.it responded: invalid proxy password. Expected Results: Collect my e-mails
Do you use a proxy server for pop3 ?
no proxy on mail. No change in settings between 1.4a and 1.4b and downwards (as I downgraded immediately to 1.4a)
*** Bug 205241 has been marked as a duplicate of this bug. ***
Please change summary to "The PASS command did not succeed. *servername* responded: invalid proxy password", since "POP malfunctioning" says little about thius bug. See bug 205241. For Antonio: state your server settings.
My provider is virgilio.it (that is strictly connected to tin.it) Server name is in.virgilio.it Carried out same procedure as Matteo deleting account and deleting password. but no success. I downgraded back to 1.4a now that is working great.
Summary: POP malfunctioning → The PASS command did not succeed: "invalid proxy password"
Yes, the problem occurs. But I'm convinced, it's not our fault. I subscribed on the tin.it website and got an @virgilio.it account. Then I tested the login with the normal login method USER/PASS with Mozilla, KMail and The Bat! - all succeeded. After switching to CRAM-MD5 authentication without changing other options *all three* clients received the same error "invalid proxy password". That's why I believe it's the servers fault (as the provider of the IMAP server in bug 205012 is also tin.it, this should be the same problem). But why did it work in 1.4a? It's because CRAM-MD5 authentication is new in 1.4b and the server clearly says it supports it: +OK POP3 PROXY server ready (6.5.005) AUTH +OK list of SASL extensions follows CRAM-MD5 . Before 1.4b we used the working USER/PASS. And why it still works with Outlook? Because Outlook doesn't (from what I can say after testing this) support CRAM-MD5 and therefore only does USER/PASS. But Outlook will fail too if you check "Log on using Secure Password Authentication (SPA)". Not because it does CRAM-MD5 then, but in then tries to use the LOGIN mechanism (which is everything else then secure, but that's another story), the server doesn't support this (as you can see above) and Outlook gives up too. Ok, Mozilla has one flaw - the user can't switch off CRAM-MD5 authentication. That's because I thought we can and should believe what the servers are saying. But after what I experienced in the last weeks, we can not. So either we continuing to have problems but will fight against administrators which don't know how to administrate - or implement a checkbox.
Ok, the better thing to do is to try to "envagelize" tin.it. I'll contact the tech assistance once again (for the fifth time!!). In the meantime, could you tell me how you get the informations in comment 6? (The list of SASL extensions) And then, what setting could be wrong with the server? If anyone has an idea, it'll help.
Already sent an e-mail to Tin.it. Looking forward to have their reaction to the problem (if any..)
Matteo, to get this answer, you've to type the command telnet in.virgilio.it 110 to a shell (and have telnet installed of course). After connection established you'll get this first line with +OK. Then type the second line (AUTH). That is the list of supported mechanisms besides the always and ever enabled simple cleartext USER/PASS mechanism. What can be wrong? Puh, I only know of a well known problem. To do CRAM-MD5 the server must have the passwords internally available in cleartext. If it's saved in the normal unix way (hash of the password) the authentication will fail. But as I wrote that requirement should be known by the admin.
Contacted tech assistance at tin.it - they said they'll take care of this... well, it's better if also you, Antonio, contact them directly and tell them the problem. They gave me an internal number (not a ticket), but unfortunately Explorer crashed before I had it saved. If they give you one, please write it down, or also here (it isn't a private number with personal infos, I think. Btw, I had to use Explorer to chat with them because it doesn't work with Java by Sun.
Added my log of the pop3 connection on Tin.it and Tiscali.it as said in Mail Troubleshooting. Probably a possible fix for this bug could be an alert box that ask you if you want to disable CRAM-MD5 authentication when "-ERR invalid proxy password" is returned. If the user chooses to continue anyway, he's aware of the problem. Btw, you can change OS to "all". If this error isn't solved by Tin.it, probably we'll be forced to code something. I hope to get an answer in the following days, else (maybe) the "blocking 1.4f" flag will be set. See Attachment #122983 [details] for IMAP log, on bug #205012
No reply from Tin.it and I was not allowed to discuss this point with the Technical Assistance as blocked from their Help Desk. I will try to contact them directly if I am lucky to find their telephone number in my paper address book.
OS: Linux → All
Same problem with freesurf.ch in Switzerland. I'll try to report the problem to them because right now I cannot get the mail of my main account! telnet pop.freesurf.ch pop3 Trying 194.230.0.8... Connected to freesurfmail.sunrise.ch. Escape character is '^]'. +OK POP3 server ready (6.0.055) <A3B966632D7A9B13C2ED098709AD641EBE736212@freesurfmail.sunrise.ch> AUTH +OK list of SASL extensions follows CRAM-MD5 .
taking to david, he thinks there are just too many broken pop servers out there. christian and david are working out a plane.
Assignee: sspitzer → bienvenu
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking1.4+
Keywords: nsbeta1, regression
Target Milestone: --- → mozilla1.4final
Blocks: 205376
Attached patch proposed workaround (obsolete) — Splinter Review
Ok, this workaround adds a pref for (at the moment) CRAM-MD5, named useSecAuth (I don't know about naming conventions for prefs, so please say if you don't like the name). It's disabled by default and can be enabled in prefs.js and about:config at the moment. If that works as it should we'll add a UI in 1.5. I incorporated changes to the strings for POP3_USERNAME_FAILURE and POP3_PASSWORD_FAILURE since the old wasn't suitable anymore. Added also a check if base64 decode of the challenge succeeded (as in SMTP code).
Looks good. However, can we do this without any UI changes? That means without adding a string, or even editing the existing strings (I don't think the string changes are really required, though they would be good for 1.5).
*** Bug 205527 has been marked as a duplicate of this bug. ***
Attached patch workaround v2Splinter Review
Removed any string changes.
Attachment #123195 - Attachment is obsolete: true
Comment on attachment 123199 [details] [diff] [review] workaround v2 r=bienvenu
Attachment #123199 - Flags: review+
Comment on attachment 123199 [details] [diff] [review] workaround v2 sr/a=sspitzer please log a spin off bug, for 1.5, about the pref UI for this, ok?
Attachment #123199 - Flags: superreview+
Attachment #123199 - Flags: approval1.4+
adt: nsbeta1+/adt2
Keywords: nsbeta1nsbeta1+
Whiteboard: [adt2]
Blocks: 205571
workaround fix checked in
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Blocks: 205641
No longer blocks: 205376
*** Bug 205376 has been marked as a duplicate of this bug. ***
*** Bug 205694 has been marked as a duplicate of this bug. ***
*** Bug 205527 has been marked as a duplicate of this bug. ***
*** Bug 205843 has been marked as a duplicate of this bug. ***
*** Bug 206051 has been marked as a duplicate of this bug. ***
I'm using Mozilla 1.4b and the workaround works fine with the TIN's pop3 server, but *not* with the IMAP4 one. I just tried to create a new account using the IMAP server and it did not work ("login to server box.tin.it failed"); I then tried with the POP3 server and it worked fine. Bye Alberto
Hm, that's right. The new key can be used to also switch off CRAM-MD5 in IMAP but it isn't right now. Please see bug 205012 for this problem in IMAP.
*** Bug 206483 has been marked as a duplicate of this bug. ***
I can't verify this bug, I don't have a mail account that shows this problem. Could those of you who have accounts that had this problem please comment on if this is fixed for you (POP accounts, IMAP accounts of this type still have the problem per bug 205012). Thanks
Resolved (Build 2003052205).
Strange... I was convinced to have already done it, but I cannot see any message about that here... Anyway, I applied the patch to the src.rpm, compiled it and it works fine. I'm still waiting for the same fix for IMAP (for my laptop) :-) Bye Alberto
Bug fixed #205527 Tested : - add 3 pop3 accounts from club-internet - dowmnload e-mails manually from the server (using <Ctrl>+T) Ok it works : password asked, and memorized. No longuer "PASS identification failure" - quit mail - open mail Ok it works : automatic connect to pop3 accounts and tries to download new e-mails (none because i've downloaded them just before)
I was having this bug with 1.4b (see dup 205843) but it has gone away since I started running 2003051512 in its default configuration, in which Mozilla uses the simple USER/PASS authentication method and will not attempt a CRAM-MD5 authentication. My ISP's pop server's behaviour is weird: The behaviour of my ISP's POP server when one has authenticated with it using CRAM-MD5 is most erratic. It fails on a random command! The AUTH usually succeeds (not always), the first RETR often succeeds, but the first DELE often fails. I think I've seen the first DELE work and the second RETR fail. I've also seen the first RETR fail. In the cases of failure, the POP server responds with an "unsupported authentication method" error message. I'm not sure what broken server they're using but it identifies itself thus: +OK POP3 PROXY server ready (7.0.000) <D4A8E73602C8B2D668E03376A2409C2B3A197B0D@ pop01.iprimus.com.au> and I believe they use Microsoft software. I will give them a call and try to find out. I don't think my Norton Antivirus 2002 POP proxy is responsible for the problem as I can't see why it would introduce an authentication issue after it has already passed a message.
thanks all, verifying this bug
Status: RESOLVED → VERIFIED
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: