Closed Bug 301421 Opened 19 years ago Closed 15 years ago

sending mail - mozilla retries hundreds of times per second when not permitted to authenticate

Categories

(SeaMonkey :: MailNews: Message Display, defect)

Product:
SeaMonkey
Component:
MailNews: Message Display
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: iane, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/412.6 (KHTML, like Gecko) Safari/412.2
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b2) Gecko/20050702

Mozilla retries hundreds of times per second when not permitted to authenticate against our Exim SMTP 
server. Our server requires encryption when authenticating. If mozilla's SMTP account is set up to use 
authentication, BUT NOT encryption - then it will attempt to send the message at millisecond intervals 
until the user hits 'cancel.

If the user ignores the error, millions of log lines can be written on the server.

Reproducible: Always

Steps to Reproduce:
1. Configure a mail server (Exim 4.44 for example) to require encryption when authenticating (contact 
me if you'd like to use my server to test this.)
2. Configure mozilla to attempt to authenticate without encryption
3. snoop the connection with (solaris) snoop -xv -s0 host <HOST> and port <PORT>
3. attempt to send an email

Actual Results:  
A progress bar appears. It stays there until the user hits cancel.
Mozilla keeps retrying - hundreds of times per second. In fact, the SMTP dialog looks like this:
AUTH LOGIN
503 TLS encryption or CRAM-MD5 required
AUTH LOGIN
503 TLS encryption or CRAM-MD5 required
AUTH LOGIN
503 TLS encryption or CRAM-MD5 required......
When the user ignores the warning, millions of log lines may be written on the server.

Expected Results:  
Good behaviour is exhibited if the SMTP account is set up with NO username and password. In this case an 
error dialog is shown, displaying the error returned by the server.

While this problem exists, I can't recommend using Mozilla or Thunderbird application with our servers. I'd 
like to recommend Thunderbird - since it is somewhat easier to use than our recommended mail client.

I suspect that the problem is that Mozilla is ignoring the return code after saying "AUTH LOGIN" in the 
SMTP dialog.

This causes problems for the user, since they get no feedback on what's causing their mail to stick.
Version: unspecified → Trunk
Similar situation to my Bug 262584 on POP3(APOP).

What does "Configure mozilla to attempt to authenticate without encryption" mean?
(What is set in which difinition)
What is your "Use secure connection" setting of the SMTP server definition?

What will occur if "Configure mozilla to attempt to authenticate WITH encryption"?

Go http://www.mozilla.org/quality/mailnews/mail-troubleshoot.html#smtp and
attach SMTP protocol log file to this bug(Don't paste long log text.)
Please don't forget to change "protcol:5" to "SMTP:5" when SMTP.

By the way, no password prompt during infinite log-in retry?
Does you login-id contain dot(".")?
As written in Bug 262584 comment #14, bug 263542 still active...
(Probably not the case, since no password is saved yet in your case.)

Oh, this was report on Mac OS X.
See Bug 227981 also for protocol logging on Mac OS X.
(In reply to comment #1)

> What does "Configure mozilla to attempt to authenticate without encryption" mean?
> (What is set in which difinition)
> What is your "Use secure connection" setting of the SMTP server definition?

By "without encryption", I mean this:

 "Use secure connection" is set to "no".

> What will occur if "Configure mozilla to attempt to authenticate WITH encryption"?

No problem. It works fine. The problem is that I run the SERVER, and I can't control what my users do 
with their clients. Therefore, I need the client to behave properly when misconfigured.

> Go http://www.mozilla.org/quality/mailnews/mail-troubleshoot.html#smtp and
> attach SMTP protocol log file to this bug(Don't paste long log text.)
> Please don't forget to change "protcol:5" to "SMTP:5" when SMTP.

I've already posted a TCP dump of the session. It's clear that the client is ignoring a 5xx error after it 
sends "AUTH".

> By the way, no password prompt during infinite log-in retry?
> Does you login-id contain dot(".")?

No, my login is "iane". 

Oh, heck I can't reproduce this now. I've not updated Mozilla, but now I get an error message. However, 
the error message is WRONG. It says the server can't be contacted, even though an error "TLS 
encryption or CRAM-MD5 required" has been returned to the client.

(In reply to comment #3)
>I've already posted a TCP dump of the session.
>It's clear that the client is ignoring a 5xx error after it sends "AUTH".
To where?
If you mean "AUTH LOGIN" and "503 TLS encryption or CRAM-MD5 required" in
comment #0, please see protcol log attached to my Bug 262584.
Other data is also important for analysis by developers.
 - Mozilla's internal status during process -"SMTP: entering state:" data.
   ("POP3: entering state:" line when POP3 protocol log)
 - Response to EHLO (response to CAPA when POP3), etc. etc.
Can you reproduce with SeaMonkey v1.1.9 ?
=> incomplete - no response to comment 5

but please comment if you have new information
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.