Closed
Bug 188384
Opened 22 years ago
Closed 22 years ago
doesn't issue STARTTLS command when "Use TLS: Always" selected
Categories
(Core Graveyard :: Security: UI, defect)
Tracking
(Not tracked)
VERIFIED
INVALID
People
(Reporter: huston, Assigned: ssaux)
Details
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.2.1) Gecko/20021130 Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.2.1) Gecko/20021130 In testing a TLS-aware sendmail with SMTP AUTH, I can't get Mozilla to issue the STARTTLS command to the server, even though "Use TLS" is set to always. I did get it to work once, but that was it (and I don't remember what was done). Tried on Linux and Mac OS X (v 1.2 on both). I have my username filled in, but when the RCPT TO: line hits the server, it denys relaying, and Mozilla gives me an error message that I must authenticate first. I am connecting on port 25; SMTP AUTH isn't available until *after* STARTTLS is issued on the server. Reproducible: Always Steps to Reproduce: 1. Compose & send message 2. SMTP EHLO sent, then MAIL FROM:, RCPT TO: 3. "Relaying denied. Proper authentication required" Actual Results: Relaying denied via mail server, popup window tells me message failed. Expected Results: STARTTLS, EHLO, AUTH PLAIN, ... I have not tested to see if Mozilla tries to (incorretly?) not use TLS+AUTH since I'm on the same subnet as the server. However, I'm setting this up for roaming users who will need TLS turned on when they're outside the building, and *can* use it within the building if they want. Here's a logdump from Sendmail, mozilla never issues the STARTTLS: 06022 >>> 220 diomedes.Princeton.EDU ESMTP Sendmail 8.12.5/8.12.5; Thu, 9 Jan 20 03 15:09:47 -0500 06022 <<< EHLO astro.princeton.edu 06022 >>> 250-diomedes.Princeton.EDU Hello prefect.astro.Princeton.EDU [128.112. 25.59], pleased to meet you 06022 >>> 250-ENHANCEDSTATUSCODES 06022 >>> 250-PIPELINING 06022 >>> 250-8BITMIME 06022 >>> 250-SIZE 06022 >>> 250-DSN 06022 >>> 250-ETRN 06022 >>> 250-STARTTLS 06022 >>> 250-DELIVERBY 06022 >>> 250 HELP 06022 <<< MAIL FROM:<huston@astro.princeton.edu> 06022 >>> 250 2.1.0 <huston@astro.princeton.edu>... Sender ok 06022 <<< RCPT TO:<huston@astro.princeton.edu> 06022 >>> 550 5.7.1 <huston@astro.princeton.edu>... Relaying denied. Proper auth entication required. 06022 <<< [EOF] 06022 >>> 421 4.4.1 diomedes.Princeton.EDU Lost input channel from prefect.astro .Princeton.EDU [128.112.25.59]
Comment 1•22 years ago
|
||
Looks like a dupe of bug 98399
Assignee: mstoltz → sspitzer
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 2•22 years ago
|
||
->PSM
Assignee: sspitzer → ssaux
Component: Security: General → S/MIME
Product: MailNews → PSM
QA Contact: junruh → carosendahl
Version: Trunk → 2.4
Reporter | ||
Comment 3•22 years ago
|
||
I at first thought it was a dupe also, and was just going to add a comment to that one. However, in that case there was a failure when STARTTLS is issued, and it doesn't work. In this case, STARTTLS isn't even issued; though they may be related in the code somewhere.
Comment 4•22 years ago
|
||
This is in the client library. From original message sniff log: 06022 >>> 250-ETRN 06022 >>> 250-STARTTLS 06022 >>> 250-DELIVERBY So there is a starttls command issued. It need not be in the order you mention as long as it is issued beforehand. I do believe it to be a dup. You are connecting to which port? What happens when you choose 'when possible' instead of 'always'?
Component: S/MIME → Client Library
QA Contact: carosendahl → junruh
Reporter | ||
Comment 5•22 years ago
|
||
Nope, that's the server's response to the 'EHLO'. Lines starting with <<< are the client's chatter.
Reporter | ||
Comment 6•22 years ago
|
||
Ugh, brain-dead; must be too cold in the server room today :) In response to the rest, port 25, and setting it to "When Possible" does no change. Also the other bug mentions a crash; I just get a polite "You have to authenticate first" message and the mail doesn't get sent.
Reporter | ||
Comment 7•22 years ago
|
||
Just tried this using Apple's "Mail" program, here's what Sendmail saw when it worked (apologies for the length of this) 06562 >>> 220 diomedes.Princeton.EDU ESMTP Sendmail 8.12.5/8.12.5; Thu, 9 Jan 20 03 17:33:35 -0500 06562 <<< EHLO prefect.astro.Princeton.EDU 06562 >>> 250-diomedes.Princeton.EDU Hello prefect.astro.Princeton.EDU [128.112. 25.59], pleased to meet you 06562 >>> 250-ENHANCEDSTATUSCODES 06562 >>> 250-PIPELINING 06562 >>> 250-8BITMIME 06562 >>> 250-SIZE 06562 >>> 250-DSN 06562 >>> 250-ETRN 06562 >>> 250-STARTTLS 06562 >>> 250-DELIVERBY 06562 >>> 250 HELP 06562 <<< STARTTLS 06562 >>> 220 2.0.0 Ready to start TLS 06562 <<< EHLO prefect.astro.Princeton.EDU 06562 >>> 250-diomedes.Princeton.EDU Hello prefect.astro.Princeton.EDU [128.112. 25.59], pleased to meet you 06562 >>> 250-ENHANCEDSTATUSCODES 06562 >>> 250-PIPELINING 06562 >>> 250-8BITMIME 06562 >>> 250-SIZE 06562 >>> 250-DSN 06562 >>> 250-ETRN 06562 >>> 250-AUTH LOGIN PLAIN 06562 >>> 250-DELIVERBY 06562 >>> 250 HELP 06562 <<< AUTH PLAIN (Snipped) 06562 >>> 235 2.0.0 OK Authenticated 06562 <<< MAIL FROM:<huston@astro.princeton.edu> 06562 >>> 250 2.1.0 <huston@astro.princeton.edu>... Sender ok 06562 <<< RCPT TO:<huston@astro.princeton.edu> 06562 >>> 250 2.1.5 <huston@astro.princeton.edu>... Recipient ok 06562 <<< DATA 06562 >>> 354 Enter mail, end with "." on a line by itself First it says EHLO, gets the response, then issues the STARTTLS; another EHLO to get started now that the TLS session is established, and now AUTH is available. Do the AUTH and send the mail.
Reporter | ||
Comment 8•22 years ago
|
||
(Hope I'm doing this right, don't know if there's a policy for closing a bug) I seem to have figured out the problem. Today I tried again, and noticed that there were three instances of the same outgoing SMTP server listed when you click the "Advanced" button. One was set as default, port 25, and "Use SSL Always". The other two had no setting for port number, and "Use SSL Never". When I deleted the two non-default ones with no SSL settings, it now works fine. Slightly confused by this, however it states clearly that things can be unpredictable if you define multiple outgoing SMTP servers. What gets me is that I don't recall doing that, but I'm not going to worry about it right now. Seems the bug report was invalid to me, so I might as well close it out.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•