1789975 - POP Encrypted Password authentication CRAM-MD5 not working if the server doesn't advertize support for it

Status: RESOLVED FIXED

(MailNews Core :: Networking: POP, defect)

Description

[Dave Cruz]

Steps to reproduce:

Nothing, just accepted the update of the app to 102.2.1 and the problem remains in 102.2.2

There is this configuration in Account Settings:
In Server Settings, Server Type: POP,
In Security Settings, Connection security: SSl/TLS
Authentication method: Encrypted password

Actual results:

When trying to retrieve messages from that account, a message windows appears with the text: "The server does not support the selected authentication method. Please change the Authentication method in the Account Settings | Server settings"

Expected results:

Retrieve the messages from the email server without problem,
This issue does not occurr in version 91.13 with the same POP Server Settings.

Comment 1

[Dave Cruz]

My Thunderbird program was automatically updated from 91.13.0 to 102.2.1 and after this update the issue started, I had to change the Authentication method to Normal password to keep receiving emails.

Comment 2

[Ping Chen [:rnons] (away)]

Thanks for reporting, can you get some logs by following bug 1783290 comment 3

Comment 3

[Dave Cruz]

Sure, this is what the Error Console got:

This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use “<!DOCTYPE html>”. 8 blank
Element.releaseCapture() is deprecated. Use Element.releasePointerCapture() instead. For more help https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture menupopup.js:169:13
mailnews.pop3.6: Connecting to pop://mail.hamerweb.net:995 Pop3Client.jsm:133:18
mailnews.pop3.6: Connected Pop3Client.jsm:269:18
mailnews.pop3.6: S: +OK Mail Hamer, POP, Bienvenido Pop3Client.jsm:316:18
mailnews.pop3.6: C: CAPA Pop3Client.jsm:458:20
mailnews.pop3.6: S: +OK Capability list follows
TOP
USER
UIDL
.
Pop3Client.jsm:316:18
mailnews.pop3.6: Possible auth methods: Pop3Client.jsm:541:18
mailnews.pop3.6: Got an error name=pop3AuthMechNotSupported Pop3Client.jsm:1306:18
mailnews.pop3.6: Done with status=2147500037 Pop3Client.jsm:1337:18
mailnews.pop3.6: C: QUIT Pop3Client.jsm:458:20
mailnews.pop3.6: Connection closed. Pop3Client.jsm:350:18
mailnews.pop3.6: S: +OK Goodbye Pop3Client.jsm:316:18

And when expanding the error red line:

mailnews.pop3.6: Got an error name=pop3AuthMechNotSupported Pop3Client.jsm:1306:18
_actionError resource:///modules/Pop3Client.jsm:1306
_actionChooseFirstAuthMethod resource:///modules/Pop3Client.jsm:571
_actionCapaResponse resource:///modules/Pop3Client.jsm:496
read resource:///modules/LineReader.jsm:55
_actionCapaResponse resource:///modules/Pop3Client.jsm:484
_onData resource:///modules/Pop3Client.jsm:324

Comment 4

[Ping Chen [:rnons] (away)]

Hmm, the log shows your server only supports USER auth. Do you know which encrypted auth method was used before?

In TB 102, there are the old C++ and new JavaScript implementation of POP3. You can go to the Config Editor, set mailnews.pop3.jsmodule to false, then restart TB to use the C++ implementation.

Please follow https://wiki.mozilla.org/MailNews:Logging#Generating_a_Protocol_Log to get some C++ logs, so that we know the exact encrypted auth method that your server supports. Use MOZ_LOG=POP3:5, thanks.

Comment 5

[Dave Cruz]

(In reply to Ping Chen (:rnons) from comment #4)

Hmm, the log shows your server only supports USER auth. Do you know which encrypted auth method was used before?

Yes it is CRAM-MD5

Please let me know if you still need the C++ logs

Thank you!

Comment 6

[Ping Chen [:rnons] (away)]

I don't need the C++ logs, thank you. So this is similar to bug 1782250. We used to send an empty AUTH request to check the auth methods supported, but it was removed in bug 1752397. We are now relying on CAPA responses.

Will make a fix tomorrow.

Comment 7

[Dave Cruz]

Well noted, thank you so much

Comment 8

[Ping Chen [:rnons] (away)]

Attachment: Bug 1789975 - Try CRAM-MD5 auth even if not advertised in Pop3Client. r=mkmelin

Comment 9

[Pulsebot]

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/aabe52d80296
Try CRAM-MD5 auth even if not advertised in Pop3Client. r=mkmelin

Comment 10

[Ping Chen [:rnons] (away)]

Comment on attachment 9294076 [details]
Bug 1789975 - Try CRAM-MD5 auth even if not advertised in Pop3Client. r=mkmelin

[Approval Request Comment]
Regression caused by (bug #): bug 1752397
User impact if declined: CRAM-MD5 auth doesn't work.
Testing completed (on c-c, etc.): beta
Risk to taking this patch (and alternatives if risky): low

Comment 11

[Wayne Mery (:wsmwk)]

Comment on attachment 9294076 [details]
Bug 1789975 - Try CRAM-MD5 auth even if not advertised in Pop3Client. r=mkmelin

[Triage Comment]
approved for esr102

Comment 12

[Rob Lemley [:rjl]]

Thunderbird 102.3.2:
https://hg.mozilla.org/releases/comm-esr102/rev/e71696f5ef21

Comment 13

[Rob Lemley [:rjl]]

This is causing a test failure on 102.3.2 when running test_pop3AuthMethods.js, "Encrypted password, try CRAM even if if not advertised" using the C++ client. I'm guessing it's not doing things exactly the same way as the JS version?

Ping, can you look at the XPCShell test failures on https://treeherder.mozilla.org/jobs?repo=comm-esr102&revision=c1ca3473de08a897f3b88fdf2029cefb13c62c2b and confirm that?

If that's the case, I will move test_pop3AuthMethods.js out out xpcshell-shared.ini into xpcshell.ini so that file won't run for C++ client anymore. Unless you have a better idea...

Comment 14

[Ping Chen [:rnons] (away)]

Yes, they are behaving a bit different here.

move test_pop3AuthMethods.js out out xpcshell-shared.ini into xpcshell.ini

This should be fine, thanks.

Comment 15

[Rob Lemley [:rjl]]

Attachment: bug1789975_disable_test_pop3AuthMethods_js.patch

[Triage Comment]
Disabling failing test with C++ POP client.

Comment 16

[Rob Lemley [:rjl]]

Thunderbird 102.3.2:
https://hg.mozilla.org/releases/comm-esr102/rev/e41a96444797