Closed Bug 220486 Opened 22 years ago Closed 22 years ago

when i try to get mail from lycos i'm getting : "Sending of password did not succeed..."

Categories

(MailNews Core :: Networking: POP, defect)

Product:
MailNews Core
Component:
Networking: POP
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: volvo4k, Assigned: ch.ey)

Details

Attachments

(1 file)

proposed patch
10.05 KB, patch
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6a) Gecko/20030926 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6a) Gecko/20030926 I'm using Mozilla 1.6a (2003092604). When i'm trying to receive my emails from Lycos.co.uk i'm getting this error: "Sending of password did not succeed,Mail pop.lycos.co.uk responded : Unknown command." This error only apeared in 1.6a. When i'm switching back to 1.5rc2 i'm getting my emails. Reproducible: Always Steps to Reproduce: 1.open an accoutn at mail.lycos.co.uk 2.read lycos instractions how to receive emails from email client 3.get emails and than you'll get the error Actual Results: "Sending of password did not succeed,Mail pop.lycos.co.uk responded : Unknown command."
This is because Mozilla uses the PLAIN authentication mechanism since 9/13 (see bug 218766) if available. The Lycos server advertises to know PLAIN in answer to AUTH and CAPA. I'm getting "-ERR Unknown command" in answer to all my tests (via telnet and with KMail) too. I suspect the /$%*µ<" server is broken.
Assignee: sspitzer → ch.ey
Status: UNCONFIRMED → NEW
Ever confirmed: true
David, what's your opinion? Should we live with those broken servers? I see three options: 1. Back out PLAIN (would help for this but not for other servers having problems with other mechanisms). 2. Make each single authentication mechanism switchable 3. Implement fallback for POP3
How hard would it be to do 3? I assume it's the hardest but the most desirable...By 2, you mean having a UI to disable each kind of authentication that the server claims to support but doesn't?
I tried to implement option 3. some time ago while we had CRAM-MD5 problems. It required some ugly tricks, flags and ifs. I can try again and see how it looks. For 2. I meant a switch for each mechanism _we_ support to enable/disable it (with or without UI). I don't like it, but even with a fallback it could be the only way to get mails from some servers. E.g. if a server disconnects at the first "wrong" login.
Attached patch proposed patchSplinter Review
This patch implements a real fallback if authentication fails (the current did it only if the mechanism itself suddenly failed).
Christian, this looks OK to me - should I apply this patch or do you have a non whitespace patch? If I understand correctly, this shouldn't result in us sending a good password in the clear, unless the server's secure authentication is broken? It might result in us sending a bad password in the clear, but that's no big deal.
If the user checked secure authentication we'll never try a unsecure authentication and vice versa. The secure/unsecure border will never crossed. This limits the options for the fallback. But I think security comes before comfort.
Status: NEW → ASSIGNED
fix checked in. Thx, Christian!
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
I have been experiencing a similar POP3 bug, using the Windows version of Mozilla 1.5, and a local ISP. I have had analogous experiences in the past with websites and HTTP. What would be immensely useful would be if Mozilla provided a means, in case of trouble, to record a Telnet-level log or transcript of the various TCP protocols in action. This would give me hard and concrete information that I could use to resolve the issue. I have legacy issues, so I am not switching over to Linux as fast as you would like. When I was using Trumpet Winsock with Windows 3.1, it had logging features which were invaluable in this respect. However, I was obliged to upgrade to Windows 9x, and the Microsoft Winsock does not contain such features.
we have protocol level logging for all our mail protocols. They omit username and password info for privacy reasons, however. But you can try it: http://www.mozilla.org/quality/mailnews/mail-troubleshoot.html#imap
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: