223318 - MSN authentication not supported using SMTP

Status: RESOLVED FIXED

(MailNews Core :: Networking: SMTP, enhancement)

Description

[Daniel Posey]

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Build Identifier: Mozilla Thunderbird 0.3 (20031013)

MSN requires their own flavor or authentication.  SMTP reports only "250-AUTH 
MSN" as an option (and you must authenticate to send mail).

POP mail also fails to authenticate.

Reproducible: Always

Steps to Reproduce:
1. smtp.email.msn.com
2. try to send mail




Google tells me that MSN authentication is the same as NTLM authentication, so 
if true, that might help with implemetation.

Comment 1

[Jo Hermans]

Well, in that case it should be bug 200436. But then we would have to recognize
'AUTH MSN', and route it to the NTLM implementation.

Comment 2

[Daniel Posey]

I created a filter that allows Thunderbird to use MSN servers:

dposey.no-ip.com/proxy

Comment 3

[Christian Eyrich]

Attachment: proposed patch

Unfortunately enabling the use of "AUTH MSN" isn't as easy as proposed in
comment #1. We don't only have to recognize MSN in the EHLO/AUTH response but
the MSN keyword has also to be used in the AUTH command. So we need a separate
flag for MSN to carry the state around.

For POP3 it's nevertheless quite easy.

But for SMTP adding MSN is much like adding a completely different
authentication.
That's because Microsoft did it again. They not only ignore RFC 2821 and the
initial response argument, but implement the same authentication mechanism (MSN
*is* NTLM) with another keyword another way.
As Daniel found out while trying a simple SMTP patch from me, when using MSN
the server only accepts a three step procedure, 1. "AUTH MSN", 2. sending
initial NTLM string, 3. sending credentials in NTLM string.

In contrast NTLM keyword without initial response parameter does not appear to
work properly with Exchange server (according to
http://davenport.sourceforge.net/ntlm.html#ntlmSmtpAuthentication) ...

I took this patch as opportunity to make some more changes regarding the naming
of SMTP states and functions to generalize the two resp. three steps of
authentication. That's because AuthLoginUsername() and AuthLoginPassword()
started to not only do (or do even the contrast) what their names say some time
ago.

Comment 4

[David :Bienvenu]

Comment on attachment 143268 [details] [diff] [review]
proposed patch

style nit: Can you make this "else if ()", i.e., on the same line?

	 else
+	 if(TestFlag(SMTP_AUTH_MSN_ENABLED))
+	   // if MSN enabled, clear it if we failed. 
+	   ClearFlag(SMTP_AUTH_MSN_ENABLED);
+	 else
	 if(TestFlag(SMTP_AUTH_PLAIN_ENABLED))

Also, can you add a comment about the non-standard things microsoft is doing?

Comment 5

[David :Bienvenu]

btw, thx for doing this, Christian!

Comment 6

[Christian Eyrich]

Of course I can put else and if on the same line. But all other are two liners
in AuthLoginResponse(). I'll change all for the final patch.

> Also, can you add a comment about the non-standard things microsoft is doing?

Well, to use three steps isn't non-standard. To fail when initial response
parameter (two steps) is used is non-standard. I'll modify the comment to
AuthLoginStep0().

And thanks to Daniel for testing and modifying my initial patch.

Comment 7

[Christian Eyrich]

Attachment: patch with little layout changes

This addresses comment #4.

Comment 8

[David :Bienvenu]

Comment on attachment 143292 [details] [diff] [review]
patch with little layout changes

thx

Comment 9

[David :Bienvenu]

fix checked in for Christian.