Mailing Lists

curl-tracker Archives

[curl:bugs] #1458 SMTP digest-md5 auth fails

From: silver <silvergo_at_users.sf.net>
Date: Wed, 03 Dec 2014 14:03:52 +0000

Hi Steve,
I don't know the whole system impact using newer version of curl and libcurl only. I could have a new issue on another package by a dependency problem.

BTW
I tryed to compile myself v7.39. May be I missing something (library/other).
I tested it by command line only.

$ curl -V
curl 7.39.0 (i686-pc-linux-gnu) libcurl/7.39.0 OpenSSL/1.0.1e zlib/1.2.7
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API SPNEGO NTLM NTLM_WB SSL libz TLS-SRP

This was the error in v7.26:
curl: (67) Login denied

This is the error in v7.39:
curl: (67) Authentication cancelled

I made some tests. Below the results.

----------------------------------

$ curl --url "smtps://user:password;AUTH=CRAM-MD5_at_smtp.domain.org:port"
OK

When using FQDA (many servers use FQDA as username):
$ curl --url "smtps://user@domain:password;AUTH=CRAM-MD5_at_smtp.domain.org:port"
curl: (6) Could not resolve host: domain:password;AUTH=CRAM-MD5_at_smtp.domain.org

I suppose this is because libcurl splits on first "@".

$ curl --url "smtps://AUTH=CRAM-MD5_at_..." --user "username_at_domain:password"
OK

$ curl --login-options AUTH=CRAM-MD5 --url "smtps://smtp.domain.org:465"
OK

$ curl --url "smtps://smtp.domain.org:465"
OK
(curl firts tries DIGEST-MD5 -fails-, then it tries CRAM-MD5 -OK-)

$ curl --login-options AUTH=DIGEST-MD5 --url "smtps://smtp.domain.org:465"
curl: (67) Authentication cancelled
(curl tries DIGEST-MD5 only, and it fails)

----------------------------------

Below there are relevant parts of postfix debug log.
client ip: 1.2.3.4
server ip: 11.22.33.44

============================================
Dec 3 08:15:14 mail postfix/smtpd[4321]: connect from unknown[1.2.3.4]
Dec 3 08:15:14 mail postfix/smtpd[4321]: smtp_stream_setup: maxtime=300 enable_deadline=0
Dec 3 08:15:14 mail postfix/smtpd[4321]: event_request_timer: reset 0xb7619f10 0xb7d9fef8 5
Dec 3 08:15:14 mail postfix/smtpd[4321]: send attr request = seed
Dec 3 08:15:14 mail postfix/smtpd[4321]: send attr size = 32
Dec 3 08:15:14 mail postfix/smtpd[4321]: vstream_fflush_some: fd 12 flush 22
Dec 3 08:15:14 mail postfix/smtpd[4321]: vstream_buf_get_ready: fd 12 got 60
Dec 3 08:15:14 mail postfix/smtpd[4321]: private/tlsmgr: wanted attribute: status
Dec 3 08:15:14 mail postfix/smtpd[4321]: input attribute name: status
Dec 3 08:15:14 mail postfix/smtpd[4321]: input attribute value: 0
Dec 3 08:15:14 mail postfix/smtpd[4321]: private/tlsmgr: wanted attribute: seed
Dec 3 08:15:14 mail postfix/smtpd[4321]: input attribute name: seed
Dec 3 08:15:14 mail postfix/smtpd[4321]: input attribute value: roX+NqV/arXtDmwgAItID/y/bfGPR4nU6STYHC6sAnI=
Dec 3 08:15:14 mail postfix/smtpd[4321]: private/tlsmgr: wanted attribute: (list terminator)
Dec 3 08:15:14 mail postfix/smtpd[4321]: input attribute name: (end)
Dec 3 08:15:14 mail postfix/smtpd[4321]: event_request_timer: reset 0xb7619f10 0xb7d9fef8 5
Dec 3 08:15:14 mail postfix/smtpd[4321]: send attr request = update
Dec 3 08:15:14 mail postfix/smtpd[4321]: send attr cache_type = smtpd
Dec 3 08:15:14 mail postfix/smtpd[4321]: send attr cache_id = C32C8C22E2811B8D87960A3968B07D2A135C5808C273D172F7CDE4E44CE69712&s=smtps&l=268439647
Dec 3 08:15:14 mail postfix/smtpd[4321]: send attr session = [data 148 bytes]
Dec 3 08:15:14 mail postfix/smtpd[4321]: vstream_fflush_some: fd 12 flush 336
Dec 3 08:15:14 mail postfix/smtpd[4321]: vstream_buf_get_ready: fd 12 got 10
Dec 3 08:15:14 mail postfix/smtpd[4321]: private/tlsmgr: wanted attribute: status
Dec 3 08:15:14 mail postfix/smtpd[4321]: input attribute name: status
Dec 3 08:15:14 mail postfix/smtpd[4321]: input attribute value: 0
Dec 3 08:15:14 mail postfix/smtpd[4321]: private/tlsmgr: wanted attribute: (list terminator)
Dec 3 08:15:14 mail postfix/smtpd[4321]: input attribute name: (end)
Dec 3 08:15:14 mail postfix/smtpd[4321]: xsasl_dovecot_server_create: SASL service=smtp, realm=(null)
Dec 3 08:15:14 mail postfix/smtpd[4321]: name_mask: noanonymous
Dec 3 08:15:14 mail postfix/smtpd[4321]: xsasl_dovecot_server_connect: Connecting
Dec 3 08:15:14 mail postfix/smtpd[4321]: vstream_fflush_some: fd 22 flush 22
Dec 3 08:15:14 mail postfix/smtpd[4321]: vstream_buf_get_ready: fd 22 got 196
Dec 3 08:15:14 mail postfix/smtpd[4321]: xsasl_dovecot_server_connect: auth reply: VERSION?1?1
Dec 3 08:15:14 mail postfix/smtpd[4321]: xsasl_dovecot_server_connect: auth reply: MECH?PLAIN?plaintext
Dec 3 08:15:14 mail postfix/smtpd[4321]: name_mask: plaintext
Dec 3 08:15:14 mail postfix/smtpd[4321]: xsasl_dovecot_server_connect: auth reply: MECH?LOGIN?plaintext
Dec 3 08:15:14 mail postfix/smtpd[4321]: name_mask: plaintext
Dec 3 08:15:14 mail postfix/smtpd[4321]: xsasl_dovecot_server_connect: auth reply: MECH?DIGEST-MD5?dictionary?active?mutual-auth
Dec 3 08:15:14 mail postfix/smtpd[4321]: name_mask: dictionary
Dec 3 08:15:14 mail postfix/smtpd[4321]: name_mask: active
Dec 3 08:15:14 mail postfix/smtpd[4321]: name_mask: mutual-auth
Dec 3 08:15:14 mail postfix/smtpd[4321]: xsasl_dovecot_server_connect: auth reply: MECH?CRAM-MD5?dictionary?active
Dec 3 08:15:14 mail postfix/smtpd[4321]: name_mask: dictionary
Dec 3 08:15:14 mail postfix/smtpd[4321]: name_mask: active
Dec 3 08:15:14 mail postfix/smtpd[4321]: xsasl_dovecot_server_connect: auth reply: SPID?1824
Dec 3 08:15:14 mail postfix/smtpd[4321]: xsasl_dovecot_server_connect: auth reply: CUID?219
Dec 3 08:15:14 mail postfix/smtpd[4321]: xsasl_dovecot_server_connect: auth reply: COOKIE?a53dcd31e8db10ce67636f400ef7dbf1
Dec 3 08:15:14 mail postfix/smtpd[4321]: xsasl_dovecot_server_connect: auth reply: DONE
Dec 3 08:15:14 mail postfix/smtpd[4321]: xsasl_dovecot_server_mech_filter: keep mechanism: PLAIN
Dec 3 08:15:14 mail postfix/smtpd[4321]: xsasl_dovecot_server_mech_filter: keep mechanism: LOGIN
Dec 3 08:15:14 mail postfix/smtpd[4321]: xsasl_dovecot_server_mech_filter: keep mechanism: DIGEST-MD5
Dec 3 08:15:14 mail postfix/smtpd[4321]: xsasl_dovecot_server_mech_filter: keep mechanism: CRAM-MD5
Dec 3 08:15:14 mail postfix/smtpd[4321]: match_hostname: unknown ~? 127.0.0.0/8
Dec 3 08:15:14 mail postfix/smtpd[4321]: match_hostaddr: 1.2.3.4 ~? 127.0.0.0/8
Dec 3 08:15:14 mail postfix/smtpd[4321]: match_hostname: unknown ~? 11.22.33.44/32
Dec 3 08:15:14 mail postfix/smtpd[4321]: match_hostaddr: 1.2.3.4 ~? 11.22.33.44/32
Dec 3 08:15:14 mail postfix/smtpd[4321]: match_list_match: unknown: no match
Dec 3 08:15:14 mail postfix/smtpd[4321]: match_list_match: 1.2.3.4: no match
Dec 3 08:15:14 mail postfix/smtpd[4321]: auto_clnt_open: connected to private/anvil
Dec 3 08:15:14 mail postfix/smtpd[4321]: event_enable_read: fd 23
Dec 3 08:15:14 mail postfix/smtpd[4321]: event_extend: fd 23
Dec 3 08:15:14 mail postfix/smtpd[4321]: send attr request = connect
Dec 3 08:15:14 mail postfix/smtpd[4321]: send attr ident = smtps:1.2.3.4
Dec 3 08:15:14 mail postfix/smtpd[4321]: vstream_fflush_some: fd 23 flush 44
Dec 3 08:15:14 mail postfix/smtpd[4321]: vstream_buf_get_ready: fd 23 got 25
Dec 3 08:15:14 mail postfix/smtpd[4321]: private/anvil: wanted attribute: status
Dec 3 08:15:14 mail postfix/smtpd[4321]: input attribute name: status
Dec 3 08:15:14 mail postfix/smtpd[4321]: input attribute value: 0
Dec 3 08:15:14 mail postfix/smtpd[4321]: private/anvil: wanted attribute: count
Dec 3 08:15:14 mail postfix/smtpd[4321]: input attribute name: count
Dec 3 08:15:14 mail postfix/smtpd[4321]: input attribute value: 1
Dec 3 08:15:14 mail postfix/smtpd[4321]: private/anvil: wanted attribute: rate
Dec 3 08:15:14 mail postfix/smtpd[4321]: input attribute name: rate
Dec 3 08:15:14 mail postfix/smtpd[4321]: input attribute value: 1
Dec 3 08:15:14 mail postfix/smtpd[4321]: private/anvil: wanted attribute: (list terminator)
Dec 3 08:15:14 mail postfix/smtpd[4321]: input attribute name: (end)
Dec 3 08:15:14 mail postfix/smtpd[4321]: maps_find: smtpd_discard_ehlo_keyword_address_maps: 1.2.3.4: not found
Dec 3 08:15:14 mail postfix/smtpd[4321]: > unknown[1.2.3.4]: 220 mail.domain.com ESMTP ready
Dec 3 08:15:14 mail postfix/smtpd[4321]: watchdog_pat: 0xb7da87c8
Dec 3 08:15:14 mail postfix/smtpd[4321]: vstream_fflush_some: fd 21 flush 34
Dec 3 08:15:14 mail postfix/smtpd[4321]: vstream_buf_get_ready: fd 21 got 15
Dec 3 08:15:14 mail postfix/smtpd[4321]: < unknown[1.2.3.4]: EHLO mail.txt
Dec 3 08:15:14 mail postfix/smtpd[4321]: match_list_match: unknown: no match
Dec 3 08:15:14 mail postfix/smtpd[4321]: match_list_match: 1.2.3.4: no match
Dec 3 08:15:14 mail postfix/smtpd[4321]: > unknown[1.2.3.4]: 250-mail.domain.com
Dec 3 08:15:14 mail postfix/smtpd[4321]: > unknown[1.2.3.4]: 250-PIPELINING
Dec 3 08:15:14 mail postfix/smtpd[4321]: > unknown[1.2.3.4]: 250-SIZE 20971520
Dec 3 08:15:14 mail postfix/smtpd[4321]: > unknown[1.2.3.4]: 250-ETRN
Dec 3 08:15:14 mail postfix/smtpd[4321]: > unknown[1.2.3.4]: 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
Dec 3 08:15:14 mail postfix/smtpd[4321]: > unknown[1.2.3.4]: 250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5
Dec 3 08:15:14 mail postfix/smtpd[4321]: > unknown[1.2.3.4]: 250-ENHANCEDSTATUSCODES
Dec 3 08:15:14 mail postfix/smtpd[4321]: > unknown[1.2.3.4]: 250-8BITMIME
Dec 3 08:15:14 mail postfix/smtpd[4321]: > unknown[1.2.3.4]: 250 DSN
Dec 3 08:15:14 mail postfix/smtpd[4321]: watchdog_pat: 0xb7da87c8
Dec 3 08:15:14 mail postfix/smtpd[4321]: vstream_fflush_some: fd 21 flush 199
Dec 3 08:15:14 mail postfix/smtpd[4321]: vstream_buf_get_ready: fd 21 got 17
Dec 3 08:15:14 mail postfix/smtpd[4321]: < unknown[1.2.3.4]: AUTH DIGEST-MD5
Dec 3 08:15:14 mail postfix/smtpd[4321]: xsasl_dovecot_server_first: sasl_method DIGEST-MD5
Dec 3 08:15:14 mail postfix/smtpd[4321]: vstream_fflush_some: fd 22 flush 85
Dec 3 08:15:14 mail postfix/smtpd[4321]: vstream_buf_get_ready: fd 22 got 128
Dec 3 08:15:14 mail postfix/smtpd[4321]: xsasl_dovecot_handle_reply: auth reply: CONT?1?cmVhbG09IiIsbm9uY2U9Imd0K3p4SWZJU1VhNmh2NFN1WTFFTVE9PSIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI=
Dec 3 08:15:14 mail postfix/smtpd[4321]: > unknown[1.2.3.4]: 334 cmVhbG09IiIsbm9uY2U9Imd0K3p4SWZJU1VhNmh2NFN1WTFFTVE9PSIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI=
Dec 3 08:15:14 mail postfix/smtpd[4321]: vstream_fflush_some: fd 21 flush 126
Dec 3 08:15:14 mail postfix/smtpd[4321]: vstream_buf_get_ready: fd 21 got 3
Dec 3 08:15:14 mail postfix/smtpd[4321]: < unknown[1.2.3.4]: *
Dec 3 08:15:14 mail postfix/smtpd[4321]: warning: unknown[1.2.3.4]: SASL DIGEST-MD5 authentication aborted
Dec 3 08:15:14 mail postfix/smtpd[4321]: > unknown[1.2.3.4]: 501 5.7.0 Authentication aborted
Dec 3 08:15:14 mail postfix/smtpd[4321]: watchdog_pat: 0xb7da87c8
Dec 3 08:15:14 mail postfix/smtpd[4321]: vstream_fflush_some: fd 21 flush 34
Dec 3 08:15:14 mail postfix/smtpd[4321]: smtp_get: EOF
Dec 3 08:15:14 mail postfix/smtpd[4321]: match_hostname: unknown ~? 127.0.0.0/8
Dec 3 08:15:14 mail postfix/smtpd[4321]: match_hostaddr: 1.2.3.4 ~? 127.0.0.0/8
Dec 3 08:15:14 mail postfix/smtpd[4321]: match_hostname: unknown ~? 11.22.33.44/32
Dec 3 08:15:14 mail postfix/smtpd[4321]: match_hostaddr: 1.2.3.4 ~? 11.22.33.44/32
Dec 3 08:15:14 mail postfix/smtpd[4321]: match_list_match: unknown: no match
Dec 3 08:15:14 mail postfix/smtpd[4321]: match_list_match: 1.2.3.4: no match
Dec 3 08:15:14 mail postfix/smtpd[4321]: send attr request = disconnect
Dec 3 08:15:14 mail postfix/smtpd[4321]: send attr ident = smtps:1.2.3.4
Dec 3 08:15:14 mail postfix/smtpd[4321]: vstream_fflush_some: fd 23 flush 47
Dec 3 08:15:14 mail postfix/smtpd[4321]: vstream_buf_get_ready: fd 23 got 10
Dec 3 08:15:14 mail postfix/smtpd[4321]: private/anvil: wanted attribute: status
Dec 3 08:15:14 mail postfix/smtpd[4321]: input attribute name: status
Dec 3 08:15:14 mail postfix/smtpd[4321]: input attribute value: 0
Dec 3 08:15:14 mail postfix/smtpd[4321]: private/anvil: wanted attribute: (list terminator)
Dec 3 08:15:14 mail postfix/smtpd[4321]: input attribute name: (end)
Dec 3 08:15:14 mail postfix/smtpd[4321]: lost connection after AUTH from unknown[1.2.3.4]
Dec 3 08:15:14 mail postfix/smtpd[4321]: disconnect from unknown[1.2.3.4]
============================================

Thank you for your work.

---
** [bugs:#1458] SMTP digest-md5 auth fails**
**Status:** pending-needsinfo
**Labels:** smtp digest-md5 authentication 
**Created:** Mon Dec 01, 2014 11:42 AM UTC by silver
**Last Updated:** Wed Dec 03, 2014 02:54 AM UTC
**Owner:** Steve Holme
E-mail authentication fails when email server supports DIGEST-MD5 authentication mechanism.
Auth fails when the server EHLO response contains these auth mechanisms:
250-AUTH DIGEST-MD5 CRAM-MD5
250-AUTH=DIGEST-MD5 CRAM-MD5
The curl/library selects digest-md5 and the auth fails.
Auth is OK when the server EHLO response does not contains digest-md5 mechanism:
250-AUTH CRAM-MD5
250-AUTH=CRAM-MD5
Details:
- Debian wheezy (stable)
- curl 7.26.0 (i486-pc-linux-gnu) libcurl/7.26.0 OpenSSL/1.0.1e zlib/1.2.7 libidn/1.25 libssh2/1.4.2 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp
Features: Debug GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
- protocol SMTP (with or without ssl/tls)
Thank you very much.
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

Received on 2014-12-03

This message: [ Message body ]
Next message: Daniel Stenberg: "[curl:bugs] #1457 Enable CA path support for NSS"
Previous message: Daniel Stenberg: "[curl:bugs] #1457 Enable CA path support for NSS"
In reply to: silver: "[curl:bugs] #1458 SMTP digest-md5 auth fails"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

These mail archives are generated by hypermail.