cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SMTP with TLS error handling

From: Adam <simplesec2012_at_gmail.com>
Date: Thu, 4 Jun 2015 15:53:43 -0300

These links helped me.

Confirms that libcurl basically does nothing for you, and it's just a
wrapper around encryption libs.

Also, if I'm not mistaken, I believe I've seen high/application level C++
SMTP open source libraries available.

https://rtcamp.com/tutorials/mail/server/testing/smtp/
http://fm4dd.com/openssl/sslconnect.htm

On Thu, Jun 4, 2015 at 3:32 PM, Adam <simplesec2012_at_gmail.com> wrote:

> How can we know if it's a problem with your code if you don't post it?
> Instead of writing paragraphs describing your code - just paste your code.
>
> I've just successfully got a "Login Denied" ASCI string error message by
> connecting to smtp://smtp.office365.com:587 by calling
> curl_easy_strerror(res).
>
> The same exact message is returned for faulty credentials to gmail also.
>
> | "And curl_easy_perform also gives me CURLE_LOGIN_DENIED which is much
> more user friendly."
>
> For what it's worth - I'm writing an SMTP library right now and if you
> want user friendly then libcurl isn't for you.
>
> You will run into *many* errors like this (especially with callbacks) and
> you'll have to revise the source yourself to get to the bottom of the
> problem.
>
> You'll need to do just about everything from scratch anyways, so I
> recommend skipping libcurl and writing directly with openssl libraries.
>
>
>
>
>
> On Thu, Jun 4, 2015 at 12:55 PM, Ralph Mitchell <ralphmitchell_at_gmail.com>
> wrote:
>
>> It may be deliberate behaviour by Office365, to avoid giving out
>> information that may assist an attacker.
>>
>> Ralph Mitchell
>>
>> On Thu, Jun 4, 2015 at 11:26 AM, Jamie Gordon <jamie_at_deslock.com> wrote:
>>
>>> Hi
>>>
>>> I have a problem with the correct error handling for SMTP errors when
>>> using libcurl and I'd be pleased if anyone can help/advise me. Specifically
>>> in this case I am using libcurl 7.42.1 but the same behaviour has been seen
>>> with previous versions I have tested with.
>>>
>>> This issue is, if I use the wrong password with Office365 I get error
>>> "CURLE_OPERATION_TIMEDOUT " and the internal curl message
>>> (CURLOPT_ERRORBUFFER) is "Operation timed out after 0 milliseconds with 0
>>> out of 0 bytes received". Actually some other servers using TLS do this
>>> also, but they have been at customer sites and I don't have any debug from
>>> those servers. But the issue is repeatable for me using Office365. If I use
>>> the correct username/password an email is sent fine. And I've been using
>>> the same sending code for a while with standard port 25 SMTP.
>>>
>>> You can see the debug from the libcurl below (this is output from my own
>>> CURLOPT_DEBUGFUNCTION callback function). I've just used a made up a
>>> username/password of test_at_example.com/moo.
>>>
>>> <debug>
>>> EHLO myhost
>>>
>>> 250-AM2PR09CA0025.outlook.office365.com Hello [194.75.73.194]
>>> 250-SIZE 157286400
>>> 250-PIPELINING
>>> 250-DSN
>>> 250-ENHANCEDSTATUSCODES
>>> 250-AUTH LOGIN
>>> 250-8BITMIME
>>> 250-BINARYMIME
>>> 250 CHUNKING
>>>
>>> AUTH LOGIN
>>>
>>> 334 VXNlcm5hbWU6
>>>
>>> dGVzdEBleGFtcGxlLmNvbQ==
>>>
>>> 334 UGFzc3dvcmQ6
>>>
>>> bW9v
>>>
>>> Operation timed out after 0 milliseconds with 0 out of 0 bytes received
>>> Closing connection 0
>>> </debug>
>>>
>>> In terms of function calls:
>>>
>>> curl_easy_perform returned 28 (CURLE_OPERATION_TIMEDOUT)
>>> curl_easy_getinfo(CURLINFO_HTTP_CONNECTCODE) returned 334
>>> and
>>> curl_easy_getinfo(CURLINFO_RESPONSE_CODE) returned 0
>>>
>>> Interestingly, if I use gmail with the wrong password I see more
>>> relevant info in the debug. And curl_easy_perform also gives me
>>> CURLE_LOGIN_DENIED which is much more user friendly.
>>>
>>> <debug>
>>> 535-5.7.8 Username and Password not accepted. Learn more at
>>> 535 5.7.8 https://support.google.com/mail/answer/14257
>>> ju2sm6707323wid.12 - gsmtp
>>> Closing connection 0
>>> </debug>
>>>
>>> So this seems maybe specific to the server somehow. Is it a problem with
>>> the Office365 response in TLS? Is their exchange server doing something
>>> wrong? Or is there some bad handling in libcurl somewhere? Or maybe could I
>>> have initialised something wrong in my c++ calling libcurl?
>>>
>>> If this behaviour by libcurl is "correct" then is it possible to
>>> interpret what I have to maybe suggest to the user that they have entered
>>> invalid credentials, rather than presenting them with "Operation timed out
>>> after 0 milliseconds..."?
>>>
>>> Otherwise if it is a bug, then I'll try to look into the library in more
>>> details and see if I can work out what's wrong.
>>>
>>> Any advice appreciated.
>>>
>>> Thanks
>>>
>>> Jamie
>>>
>>> -------------------------------------------------------------------
>>> List admin: http://cool.haxx.se/list/listinfo/curl-library
>>> Etiquette: http://curl.haxx.se/mail/etiquette.html
>>
>>
>>
>> -------------------------------------------------------------------
>> List admin: http://cool.haxx.se/list/listinfo/curl-library
>> Etiquette: http://curl.haxx.se/mail/etiquette.html
>>
>
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-06-04