Closed Bug 1382010 Opened 7 years ago Closed 7 years ago

Yahoo Mail IMAP authentication/login failure - SASL mechanisms as defined in RFC 4422 should be upper case.

Categories

(MailNews Core :: Networking: IMAP, defect)

Product:
MailNews Core
Component:
Networking: IMAP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(thunderbird_esr5255+ fixed, thunderbird55 wontfix, thunderbird56 fixed)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 56.0
Tracking Flags:
Tracking Status
thunderbird_esr52 55+ fixed
thunderbird55 --- wontfix
thunderbird56 --- fixed

People

(Reporter: mancha1, Assigned: infofrommozilla)

References

(
URL
)

Details

Attachments

(1 file)

Use SASL mechanisms PLAIN and LOGIN, as defined in RFC 4422, in uppercase letters
2.15 KB, patch
jorgk-bmo
: review+
jorgk-bmo
: approval-comm-esr52+
Details | Diff | Splinter Review 
Hello.

It appears that due to recent Yahoo Mail server-side IMAP changes, Thunderbird users can no longer log in (see [1] and [2]). Other popular IMAP mail clients appear unaffected by these changes.

After closer inspection, I narrowed down the problem to the IMAP authenticate command [3] which Thunderbird issues to Yahoo Mail. Upon receiving "authenticate plain," Yahoo servers reply with two "NO"s at which point Yahoo servers stop responding (note: the connection is not severed - it merely hangs). See transcript:

=== IMAPS transcript between Thunderbird and imap.mail.yahoo.com:993 ===

* OK [CAPABILITY IMAP4rev1 ID MOVE NAMESPACE X-ID-ACLID UIDPLUS LITERAL+ XYMHIGHESTMODSEQ SASL-IR AUTH=PLAIN AUTH=LOGIN AUTH=XYMLOGIN AUTH=XYMPKI AUTH=XYMCOOKIEB64 AUTH=XOAUTH2 AUTH=OAUTHBEARER] IMAP4rev1 Hello
# authenticate plain
# NO Authenticate mechanism not supported
# NO [SERVERBUG] AUTHENTICATE Server error - Please try again later

===

--
[1] https://forums.yahoo.net/t5/Password-and-sign-in/Login-to-server-imap-mail-yahoo-com-failed-from-Thunderbird/m-p/298597
[2] https://support.mozilla.org/en-US/questions/1168140
[3] https://tools.ietf.org/html/rfc3501#section-6.2.2
I've alerted Yahoo Mail via their Customer Care Twitter account: https://twitter.com/mancha140/status/887430900589441024
Thanks for such a detailed report. Yahoo clearly changed something - what it is, we do not yet know so too early to assign blame, but I'll mark this confirmed anyway and so we can see what people have to say here. 

Please keep us informed of yahoo's response.  AFAICT they did not yet reply in https://forums.yahoo.net/t5/Password-and-sign-in/Login-to-server-imap-mail-yahoo-com-failed-from-Thunderbird/m-p/298597 

FWIW, currently open bug reports - https://mzl.la/2tcJTT5
URL: https://support.mozilla.org/en-US/que...
Severity: critical → major
Status: UNCONFIRMED → NEW
Component: General → Security
Ever confirmed: true
Summary: Yahoo Mail IMAP failure → Yahoo Mail IMAP authentication/login failure
TB may be hit hardest, but it's not the only one...
https://forums.yahoo.net/t5/Password-an ... 597/page/6 mentions:
"it does not work for me either, and I'm using gnu Claws Mail with IMAP... So not just a Thunderbird problem."
Yahoo Mail is now aware of this issue and is working on a fix. Here's the response I received from their customer care account [1]:

"Hi there, Thank you for reporting this. We apologize for the inconvenience and are working quickly to fix the IMAP issue. Please be aware that there will be some delivery delays during and after the fix. Thanks."

--
[1] https://twitter.com/mancha140/status/887478848891351041
Good news. It appears the problem has been fixed.

=== IMAPS transcript ===

* OK [CAPABILITY IMAP4rev1 ID MOVE NAMESPACE X-ID-ACLID UIDPLUS LITERAL+ XYMHIGHESTMODSEQ SASL-IR AUTH=PLAIN AUTH=LOGIN AUTH=XYMLOGIN AUTH=XYMPKI AUTH=XYMCOOKIEB64 AUTH=XOAUTH2 AUTH=OAUTHBEARER] IMAP4rev1 Hello
# authenticate plain
+ 

========================
I somewhere read that authentication problems were only occurring in some mail clients, but not all.
It was possible to authenticate to Yahoo! with openssl command:
openssl s_client -connect imap.mail.yahoo.com:993 -crlf
This might suggest Thunderbird isn't using the right IMAPS protocol.

Here's my IMAP logging from yesterday, when authentication for Yahoo failed in TB:

[Unnamed thread 254D0710]: D/IMAP ImapThreadMainLoop entering [this=2541F800]
[Unnamed thread 254D0710]: I/IMAP 2541F800:imap.mail.yahoo.com:NA:ProcessCurrentURL: entering
[Unnamed thread 254D0710]: I/IMAP 2541F800:imap.mail.yahoo.com:NA:ProcessCurrentURL:imap://oeekker%40yahoo%2Ecom@imap.mail.yahoo.com:993/select%3E/INBOX:  = currentUrl
[Unnamed thread 254D0710]: D/IMAP ReadNextLine [stream=1E35A7E0 nb=212 needmore=0]
[Unnamed thread 254D0710]: I/IMAP 2541F800:imap.mail.yahoo.com:NA:CreateNewLineFromSocket: * OK [CAPABILITY IMAP4rev1 ID MOVE NAMESPACE X-ID-ACLID UIDPLUS LITERAL+ XYMHIGHESTMODSEQ SASL-IR AUTH=PLAIN AUTH=LOGIN AUTH=XYMLOGIN AUTH=XYMPKI AUTH=XYMCOOKIEB64 AUTH=XOAUTH2 AUTH=OAUTHBEARER] IMAP4rev1 Hello^M
[Unnamed thread 254D0710]: D/IMAP try to log in
[Unnamed thread 254D0710]: D/IMAP IMAP auth: server caps 0x840007627, pref 0x1006, failed 0x0, avail caps 0x1006
[Unnamed thread 254D0710]: D/IMAP (GSSAPI = 0x1000000, CRAM = 0x20000, NTLM = 0x100000, MSN = 0x200000, PLAIN = 0x1000,
[Unnamed thread 254D0710]: D/IMAP trying auth method 0x1000
[Unnamed thread 254D0710]: D/IMAP got new password
[Unnamed thread 254D0710]: D/IMAP IMAP: trying auth method 0x1000
[Unnamed thread 254D0710]: D/IMAP PLAIN auth
[Unnamed thread 254D0710]: I/IMAP 2541F800:imap.mail.yahoo.com:NA:SendData: 1 authenticate plain^M
[Unnamed thread 254D0710]: D/IMAP ReadNextLine [stream=1E35A7E0 nb=43 needmore=0]
[Unnamed thread 254D0710]: I/IMAP 2541F800:imap.mail.yahoo.com:NA:CreateNewLineFromSocket: 1 NO Authenticate mechanism not supported^M
[Unnamed thread 254D0710]: D/IMAP authlogin failed
[Unnamed thread 254D0710]: D/IMAP marking auth method 0x1000 failed
[Unnamed thread 254D0710]: D/IMAP IMAP auth: server caps 0x840007627, pref 0x1006, failed 0x1000, avail caps 0x6
[Unnamed thread 254D0710]: D/IMAP (GSSAPI = 0x1000000, CRAM = 0x20000, NTLM = 0x100000, MSN = 0x200000, PLAIN = 0x1000,
[Unnamed thread 254D0710]: D/IMAP trying auth method 0x2
[Unnamed thread 254D0710]: D/IMAP got new password
[Unnamed thread 254D0710]: D/IMAP IMAP: trying auth method 0x2
[Unnamed thread 254D0710]: D/IMAP LOGIN auth
[Unnamed thread 254D0710]: I/IMAP 2541F800:imap.mail.yahoo.com:NA:SendData: 2 authenticate login^M
[Unnamed thread 254D0710]: D/IMAP ReadNextLine [stream=1E35A7E0 nb=69 needmore=0]
[Unnamed thread 254D0710]: I/IMAP 2541F800:imap.mail.yahoo.com:NA:CreateNewLineFromSocket: 1 NO [SERVERBUG] AUTHENTICATE Server error - Please try again later^M
[Unnamed thread 254D0710]: D/IMAP authlogin failed
[Unnamed thread 254D0710]: D/IMAP marking auth method 0x2 failed
[Unnamed thread 254D0710]: D/IMAP IMAP auth: server caps 0x840007627, pref 0x1006, failed 0x1002, avail caps 0x4
[Unnamed thread 254D0710]: D/IMAP (GSSAPI = 0x1000000, CRAM = 0x20000, NTLM = 0x100000, MSN = 0x200000, PLAIN = 0x1000,
[Unnamed thread 254D0710]: D/IMAP trying auth method 0x4
[Unnamed thread 254D0710]: D/IMAP got new password
[Unnamed thread 254D0710]: D/IMAP IMAP: trying auth method 0x4
[Unnamed thread 254D0710]: D/IMAP old-style auth
[Unnamed thread 254D0710]: I/IMAP 2541F800:imap.mail.yahoo.com:NA:SendData: Logging suppressed for this command (it probably contained authentication information)
[Unnamed thread 254D0710]: D/IMAP ReadNextLine [stream=1E35A7E0 nb=0 needmore=1]
[Unnamed thread 254D0710]: I/IMAP 2541F800:imap.mail.yahoo.com:NA:CreateNewLineFromSocket: clearing IMAP_CONNECTION_IS_OPEN - rv = 804b000e
[Unnamed thread 254D0710]: I/IMAP 2541F800:imap.mail.yahoo.com:NA:TellThreadToDie: close socket connection
[Unnamed thread 254D0710]: I/IMAP 2541F800:imap.mail.yahoo.com:NA:CreateNewLineFromSocket: (null)
[Unnamed thread 254D0710]: D/IMAP authlogin failed
[Unnamed thread 254D0710]: D/IMAP marking auth method 0x4 failed
[Unnamed thread 254D0710]: D/IMAP IMAP auth: server caps 0x840007627, pref 0x1006, failed 0x1006, avail caps 0x0
[Unnamed thread 254D0710]: D/IMAP (GSSAPI = 0x1000000, CRAM = 0x20000, NTLM = 0x100000, MSN = 0x200000, PLAIN = 0x1000,
[Unnamed thread 254D0710]: D/IMAP no remaining auth method
[Unnamed thread 254D0710]: W/IMAP IMAP: ask user what to do (after login failed): new passwort, retry, cancel
[Unnamed thread 254D0710]: W/IMAP cancel button pressed
[Unnamed thread 254D0710]: E/IMAP login failed entirely
[Unnamed thread 254D0710]: D/IMAP ImapThreadMainLoop leaving [this=2541F800]
(In reply to mancha from comment #6)
> Good news. It appears the problem has been fixed.


It is working for me as well.
Component: Security → Networking: IMAP
Product: Thunderbird → MailNews Core
This is a bug in Thunderbird implementation: https://tools.ietf.org/html/rfc4422#section-3.1.
(In reply to nvikram.iphone from comment #9)
> This is a bug in Thunderbird implementation:
> https://tools.ietf.org/html/rfc4422#section-3.1.
What exactly is the bug?
> [Unnamed thread 254D0710]: I/IMAP 2541F800:imap.mail.yahoo.com:NA:SendData:
> 1 authenticate plain^M
> [Unnamed thread 254D0710]: I/IMAP 2541F800:imap.mail.yahoo.com:NA:SendData:
> 2 authenticate login^M

SASL mechanisms as defined in RFC 4422 are all upper case.
Alfred, do you think we should change those authentication requests to uppercase?
Flags: needinfo?(infofrommozilla)
Summary: Yahoo Mail IMAP authentication/login failure → Yahoo Mail IMAP authentication/login failure - SASL mechanisms as defined in RFC 4422 should upper case.
Summary: Yahoo Mail IMAP authentication/login failure - SASL mechanisms as defined in RFC 4422 should upper case. → Yahoo Mail IMAP authentication/login failure - SASL mechanisms as defined in RFC 4422 should be upper case.
(In reply to Jorg K (GMT+2) from comment #12)
> Alfred, do you think we should change those authentication requests to
> uppercase?

Yes. In case of doubt it is always good to orient yourself at the RFC.

It was a bit pedantic from the Yahoo server, but at the end it was our failure

I checked my logs.

For 'plain' and 'login' we use lowercase letters.

But for "encrypted password" I see already uppercase letters:

> 4 authenticate CRAM-MD5
Flags: needinfo?(infofrommozilla)
Care to send a patch? ;-)
Just wondering if this might not be a good time to think about using standard IMAP libraries instead of re-writing the protocol handlers?

Same for POP & SMTP.

IMHO, TB should serve as an MUA with all MTA functions handed off to other specific libraries (in the UNIX tradition).
Comment on attachment 8888351 [details] [diff] [review]
Use SASL mechanisms PLAIN and LOGIN, as defined in RFC 4422,  in uppercase letters

Not much to review here. Should "authenticate" also be uppercase? It's mostly lowercase in the file, but there is also AUTHENTICATE XOAUTH2.
(In reply to Jorg K (GMT+2) from comment #17)

> Not much to review here. Should "authenticate" also be uppercase? It's
> mostly lowercase in the file, but there is also AUTHENTICATE XOAUTH2.

"AUTHENTICATE" is a normal IMAP command. For a few we use lowercase (e.g. capability).
In my opinion, these are case-in-sensitive. In a short search I found two confirmations.

But it would not hurt to unify that.
(In reply to Alfred Peters from comment #18)

> ... normal IMAP command. For a few we use lowercase (e.g.

https://dxr.mozilla.org/comm-central/search?q=command.Append("&redirect=false
Comment on attachment 8888351 [details] [diff] [review]
Use SASL mechanisms PLAIN and LOGIN, as defined in RFC 4422,  in uppercase letters

Let's go with this then, I assume you've tried it ;-)
Attachment #8888351 - Flags: review?(jorgk) → review+
(In reply to Jorg K (GMT+2) from comment #20)
> Let's go with this then, I assume you've tried it ;-)

Yes. Just not with a 'Yahoo' account. (I hope they didn't change it in lowercase. ;-)
https://tools.ietf.org/html/rfc3501#section-9
IMAP Commands are case-insensitive.

(In reply to Alfred Peters from comment #18)
> (In reply to Jorg K (GMT+2) from comment #17)
> 
> > Not much to review here. Should "authenticate" also be uppercase? It's
> > mostly lowercase in the file, but there is also AUTHENTICATE XOAUTH2.
> 
> "AUTHENTICATE" is a normal IMAP command. For a few we use lowercase (e.g.
> capability).
> In my opinion, these are case-in-sensitive. In a short search I found two
> confirmations.
> 
> But it would not hurt to unify that.
https://hg.mozilla.org/comm-central/rev/11d720ef6082a332b4eb5905d73ae84caa65b418
Assignee: nobody → infofrommozilla
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 56.0
Comment on attachment 8888351 [details] [diff] [review]
Use SASL mechanisms PLAIN and LOGIN, as defined in RFC 4422,  in uppercase letters

Simple fix to align us with RFC 4422.
Attachment #8888351 - Flags: approval-comm-esr52+
Attachment #8888351 - Flags: approval-comm-beta+
bonjour
Une solution qui fonctionne en attendant. Faire suivre depuis Yahoo.comp les messages vers une autre adresse.
voir ici https://forums.mozfr.org/viewtopic.php?f=4&t=133921&start=15#p846033

----------------translate google-------------------
Hello
A solution that works in the meantime. Send messages from Yahoo.comp to another address.
See here https://forums.mozfr.org/viewtopic.php?f=4&t=133921&start=15#p846033
Comment on attachment 8888351 [details] [diff] [review]
Use SASL mechanisms PLAIN and LOGIN, as defined in RFC 4422,  in uppercase letters

Not doing another TB 55 beta.
Attachment #8888351 - Flags: approval-comm-beta+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: