Closed Bug 1789975 Opened 23 days ago Closed 22 days ago

POP Encrypted Password authentication CRAM-MD5 not working if the server doesn't advertize support for it

Categories

(MailNews Core :: Networking: POP, defect)

Thunderbird 102
defect

Tracking

(thunderbird_esr102+ affected, thunderbird105 affected)

RESOLVED FIXED
106 Branch
Tracking Status
thunderbird_esr102 + affected
thunderbird105 --- affected

People

(Reporter: ainomx, Assigned: rnons)

References

(Regression)

Details

(Keywords: regression)

Attachments

(1 file)

Steps to reproduce:

Nothing, just accepted the update of the app to 102.2.1 and the problem remains in 102.2.2

There is this configuration in Account Settings:
In Server Settings, Server Type: POP,
In Security Settings, Connection security: SSl/TLS
Authentication method: Encrypted password

Actual results:

When trying to retrieve messages from that account, a message windows appears with the text: "The server does not support the selected authentication method. Please change the Authentication method in the Account Settings | Server settings"

Expected results:

Retrieve the messages from the email server without problem,
This issue does not occurr in version 91.13 with the same POP Server Settings.

My Thunderbird program was automatically updated from 91.13.0 to 102.2.1 and after this update the issue started, I had to change the Authentication method to Normal password to keep receiving emails.

Thanks for reporting, can you get some logs by following bug 1783290 comment 3

Sure, this is what the Error Console got:

This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use “<!DOCTYPE html>”. 8 blank
Element.releaseCapture() is deprecated. Use Element.releasePointerCapture() instead. For more help https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture menupopup.js:169:13
mailnews.pop3.6: Connecting to pop://mail.hamerweb.net:995 Pop3Client.jsm:133:18
mailnews.pop3.6: Connected Pop3Client.jsm:269:18
mailnews.pop3.6: S: +OK Mail Hamer, POP, Bienvenido Pop3Client.jsm:316:18
mailnews.pop3.6: C: CAPA Pop3Client.jsm:458:20
mailnews.pop3.6: S: +OK Capability list follows
TOP
USER
UIDL
.
Pop3Client.jsm:316:18
mailnews.pop3.6: Possible auth methods: Pop3Client.jsm:541:18
mailnews.pop3.6: Got an error name=pop3AuthMechNotSupported Pop3Client.jsm:1306:18
mailnews.pop3.6: Done with status=2147500037 Pop3Client.jsm:1337:18
mailnews.pop3.6: C: QUIT Pop3Client.jsm:458:20
mailnews.pop3.6: Connection closed. Pop3Client.jsm:350:18
mailnews.pop3.6: S: +OK Goodbye Pop3Client.jsm:316:18

And when expanding the error red line:

mailnews.pop3.6: Got an error name=pop3AuthMechNotSupported Pop3Client.jsm:1306:18
_actionError resource:///modules/Pop3Client.jsm:1306
_actionChooseFirstAuthMethod resource:///modules/Pop3Client.jsm:571
_actionCapaResponse resource:///modules/Pop3Client.jsm:496
read resource:///modules/LineReader.jsm:55
_actionCapaResponse resource:///modules/Pop3Client.jsm:484
_onData resource:///modules/Pop3Client.jsm:324

Component: Untriaged → Networking: POP
Product: Thunderbird → MailNews Core

Hmm, the log shows your server only supports USER auth. Do you know which encrypted auth method was used before?

In TB 102, there are the old C++ and new JavaScript implementation of POP3. You can go to the Config Editor, set mailnews.pop3.jsmodule to false, then restart TB to use the C++ implementation.

Please follow https://wiki.mozilla.org/MailNews:Logging#Generating_a_Protocol_Log to get some C++ logs, so that we know the exact encrypted auth method that your server supports. Use MOZ_LOG=POP3:5, thanks.

(In reply to Ping Chen (:rnons) from comment #4)

Hmm, the log shows your server only supports USER auth. Do you know which encrypted auth method was used before?

Yes it is CRAM-MD5

Please let me know if you still need the C++ logs

Thank you!

I don't need the C++ logs, thank you. So this is similar to bug 1782250. We used to send an empty AUTH request to check the auth methods supported, but it was removed in bug 1752397. We are now relying on CAPA responses.

Will make a fix tomorrow.

Well noted, thank you so much

Assignee: nobody → remotenonsense
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Regressed by: 1752397
Target Milestone: --- → 106 Branch
Summary: POP Encrypted Password authentication not working → POP Encrypted Password authentication CRAM-MD5 not working if the server doesn't advertize support for it

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/aabe52d80296
Try CRAM-MD5 auth even if not advertised in Pop3Client. r=mkmelin

Status: ASSIGNED → RESOLVED
Closed: 22 days ago
Resolution: --- → FIXED

Comment on attachment 9294076 [details]
Bug 1789975 - Try CRAM-MD5 auth even if not advertised in Pop3Client. r=mkmelin

[Approval Request Comment]
Regression caused by (bug #): bug 1752397
User impact if declined: CRAM-MD5 auth doesn't work.
Testing completed (on c-c, etc.): beta
Risk to taking this patch (and alternatives if risky): low

Attachment #9294076 - Flags: approval-comm-esr102?
You need to log in before you can comment on or make changes to this bug.