Closed Bug 144491 Opened 24 years ago Closed 22 years ago

When utilizing STARTTLS, mozilla refuses to send mail unless it succesfully SMTP AUTH's

Categories

(MailNews Core :: Networking: SMTP, defect)

Product:
MailNews Core
Component:
Networking: SMTP
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: jmaimon, Assigned: mscott)

Details

Attachments

(1 obsolete file)

While setting smtp server settings for use SSL (STARTTLS), I cannot send any mail without successfully authenticating to the smtp server. Is this bug or feature? Build 2002051106
Change qa contact -> meehansqa
QA Contact: sheelar → meehansqa
This is definitely a bug. Many problems have problems with that ... Just search comp.mail.sendmail for details. (This works fine with many other mail clients. The bug already existed back in Netscape 4 ...)
Actually, people had problems with that. :) Problems don't have problems with that (at least none I know about, so I shouldn't claim that .... ;-)
OK so how do we get this fixed? Shall I try myself? Who will accept the patch?
Marking as NEW
Status: UNCONFIRMED → NEW
Ever confirmed: true
Is this a dupe of #98399?
I'm being annoyed by this as well. Are anyone looking at fixing it atm?
I think this is a duplicate of bug 98399 as well.
*** This bug has been marked as a duplicate of 98399 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
I don't think this bug, in terms of functionality, is a duplicate of bug 98399. As it looks to me, 98399 deals with starttls failure modes. This bug deals with the case where starttls succeeds and Mozilla proceeds to prompt for username and password even though "User name and password" has not been ticked off in the "Outgoing Server (SMTP) Settings".
I do not see how this is a duplicate. This bug is not about smtp over ssl. It is about not being able to use starttls unless you also use SMTP AUTH. Someone please open my uneducated eyes.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
I tested the bug again with build: 2003011208 and I see that sending just spins. Old behavior IIRC was that a window would pop up demanding a username. Is this the referred to duplication?
In 1.3b Using and smtp server with (default) settings that specify use starttls when available (which is on this server), if you do not specify a username to use with SMTPAuth you get this error message. Message could not be sent because could not connect to smtp server. Smtp server logs indicate that client has succesfully negotiated STARTTLS and then for absolutely no good reason terminates the connection. THIS IS A BUG! Its has been a bug in one form or another since the early pre 1.0 days. Please reassign.
Status: REOPENED → NEW
This is untrue. I routinely used allow my clients to connect on varois ports, negotiate TLS, and send, auth or no. Several of them (myself included) use TLS for just this purpose. I changed the configuration of sendmail to allow Auth *only if* TLS was negotiated, and to only allow sending of mail if Auth was, in fact, negotiated successfully. The message I get from Mozilla if I do not Auth is misleading - it informs me that I could not connect to the server. However this is not the case, the server itself sends back "Authentication Required", which Mozilla misinterprets. While that is in itelf an Feature Request (to fix the error message), the fact of the matter is prior to this I was able to send mail WITH TLS, and without Auth. In fact, I welcome anyone to try this very thing. Relay your mail via mail.datawire.net, port 25, TLS enabled, Auth disabled. Mail ksnider@datawire.net a test message. I will forward it back to you upon receipt. I just tested this *today* in my QA cycle, as we needed to rebuild Sendmail for the most recent Sendmail vulnerability. One of the success cases was Moz 1.3b (Linux), TLS, no SMTP/Auth.
I have attempted to test against your server. It didnt work. Not in post 1.3b trunk nightlies. Not in 1.3b. Not in 1.2.1. Not in 1.0.1. Three different (2windows,1rhl8.0) machines also. I have also successfully (from my side at least) sent you an unauth'd TLS message from OE6. Prior to post1.3b nightlies, you would get a username/password prompt. Now it just fails with connection failure. Please ensure that you are negotiating tls -- try setting it to always. Make sure you uncheck the username and delete the text in the box. Ensure that you have no other smtp server definitions with different settings. Try a vanilla profile for comparison. I welcome anyone to send me an email showing no authentication with tls in the headers. Use server smtp.ttec.com, my email jmaimon@ttec.com Could be I am just an idiot - its been known to occur. In any event its resolution I am looking for here, not a bug. If anyone else has any success, lets hear it.
Well, I get to do two things. 1 - eat humble pie 2 - get new QA staff. testing against my own server, I found that attempting to send mail via my mailserver on port 25 did in fact generate an Auth requestor in Mozilla (1.3b), even though auth was *disabled*. This is obviously incorrect behavior. I'm confused as to why this was treated as a "success" case by my QA team, the only think I can think of is they preloaded username/password into the password manager and it passed it on by itself. This is a Bad Thing if true, however, because it means Mozilla is possibly passing out sensitive information against user consent! To recap, Moz 1.3b: STARTTLS & SMTP/Auth enabled server: Connect, settings set to SSL "Always", no SMTP/Auth checked, no username, nothing. Mozilla will pop up a requestor asking for Auth information. The requestor asks only for password, and with no username cannot succeed on most MTA's, *even if* the user had an account. Going to bump the severity to major, since there is no workaround for this. Also, my tests were performed under Linux, so this does not seem OS dependant. Lastly, if a Moz developer wants to co-ordinate with me to run some debug-level logs of packets in-situ, shoot me off an email.
Severity: normal → major
OS: Windows 2000 → All
I have problems even with Mozilla 1.4. I can't send email over tls when smtp auth is required.
Verfied with 1.5b, does'nt work with authentication (required, so I can test if it does *without*)
I have seen this work in Moz 1.5RC
Status: NEW → RESOLVED
Closed: 23 years ago22 years ago
Resolution: --- → FIXED
Product: MailNews → Core
Product: Core → MailNews Core

Comment on attachment 9309273 [details]
Bug 144491 - Check the number of script blocking style sheets in autofocus algorithm r=smaug

Revision D165224 was moved to bug 1444491. Setting attachment 9309273 [details] to obsolete.

Attachment #9309273 - Attachment is obsolete: true
Resolution: FIXED → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: