234329 - If you check "Use Secure Authentication" both mail and smtp is forced to use it.

Status: RESOLVED WORKSFORME

(MailNews Core :: Networking: SMTP, defect)

Description

[Robert Miller]

User-Agent:       
Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6) Gecko/20040206 Firefox/0.8

My mail server does not us Secure Authentication but my SMTP requires it.  If I
check the box to use "Secure Authentication" under "Server Settings", I cannot
receive e-mails, but I can send them.  If I uncheck "Secure Authentication", I
can receive e-mails but I cannot send them.

ThunderBird needs a way to set Secure Authenitcation seprerately for the Mail
server and the SMTP server.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.




I found I could work around this problem by editing the Prefs.js files.  I set
the key for the mail server uses authentication from "true" to "Flase".  This
works fine so long as I don't accidently recheck the setting in thunderbird.  If
I do that, then  I have to re-edit the Pref.js file before I can send e-mail.

Comment 1

[Scott MacGregor]

has nothing to do with thunderbird. POP/SMTP SPA issue.

Comment 2

[Christian Eyrich]

Robert, I guess with mail server you speak of POP3 or IMAP, yes? Which one?

Which pref you set to false?
  mail.server.serverx.useSecAuth
or
  mail.smtpserver.smtpx.trySecAuth

The first one is for POP/IMAP, the second one for SMTP. You see, there are
separate prefs.
But trySecAuth is true for all accounts by default. And so we try a secure
authentication mechanism first (if the server advertises to be able to use it)
before falling back when the login fails.

I can't imagine what causes your problem. So I ask you to attach communication
logs here for a failing connection. One for SMTP and one for POP or IMAP. See
http://www.mozilla.org/quality/mailnews/mail-troubleshoot.html#smtp for how to
create one.

Comment 3

[John T]

I have been having this problem recently with my ISP's new mail software, and
used about:config to set the mail server use-authentication variable to false.
This change enables receiving and sending to work without further changes. This
practice may be needed due to MS Outlook Express being written to do that,
perhaps at the request of govt investigative agencies that might like to easily
access incoming mail.

Where could I find info on the use of all of the variables listed in the
about:config variable list?

Comment 4

[Chapman Flack]

Comment 2 says the SMTP exchange by default tries secure auth and then falls
back to insecure.  But that is not as good as having a setting to try secure
auth and then fail before risking insecure auth.  I think that's what the
original reporter was getting at: there is no UI to set that separately for
incoming and outgoing server, and there should be.

See also bug 259982.

Comment 5

[Mike Cowperthwaite]

(In reply to comment #4)
> But that is not as good as having a setting to try secure
> auth and then fail before risking insecure auth.

Bug 311657?

> I think that's what the original reporter was getting at: there is no UI to
> set that separately for incoming and outgoing server, and there should be.

That doesn't quite jibe: reporter stated with the POP (IMAP?) server's SecAuth checked, he could use SMTP but not POP, but with the POP server's SecAuth unchecked, he could receive but not use SMTP.  The SMTP action shouldn't have changed if the problem is simply missing UI for the SMTP pref.

On the other hand, Robert Miller has never responded to requests for further information here; who knows if the problem even still exists.

Comment 6

[(not reading, please use seth@sspitzer.org instead)]

sorry for the spam.  making bugzilla reflect reality as I'm not working on these bugs.  filter on FOOBARCHEESE to remove these in bulk.

Comment 7

[Christian Eyrich]

Closing since noone could reproduce this and the reporter didn't respond for over three years.