nmh-workers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: smtp authentication problem

From: Tony Stoneley
Subject: Re: smtp authentication problem
Date: Thu, 3 Feb 2022 18:24:13 +0000 
Apologies for slow turnaround: the real world obtruded. I'm still no
nearer understanding, but I have looked into several blind alleys. One
thought I had was that "worthy" might mean something like "carrying
trusted authentication detail such as password" and that there might
be a flag the SASL user could set in this respect. I.e. much the same
thought as you had. I went on to check that the stipulations on my
netrc file were met, but so far found nothing untoward. When I can
work out were netrc is being checked I will stop with a breakpoint and
follow it through, but that may take a day or two, life being what it
is. It's curious that you get further than I do, evidently post at
least trying to authenticate, whereas in my case it's not even
attempting to (I think). There must therefore be some glitch in my
setup and I will continue probing as and when I can.

In response to your questions -

Yes, my main experiment is with -saslmech PLAIN. You'll see most of
the options forced below.

I understand my SASL to be version 2.1.27, partly from the Debian
package name and partly from /usr/include/sasl/sasl.h, which
incidentally is a mine of information, almost a man page in its
comments. At all events, what I have all comes from the Debian
bookworm distribution.

I will investigate the git repo, but that's a whole new adventure for
me and will take a while.

There is precious little more before the mysterious diagnostic, but
for what it's worth, again shorn only of obvious irrelevancies, here
is the a complete command window cut/paste, beginning with the command
file and including snoop -

[Showing the surrounding environment setup - ]
...system/nmh/nmh-1.7.1$ cat ../my-antics/mypost
#!/bin/bash
#set -vx

ANTDIR=~ajms/0/comp/this_system/nmh/my-antics
INSTDIR=~ajms/0/comp/this_system/nmh/nmh-1.7.1/testdir
LIBEXEC=$INSTDIR/libexec/nmh/

NEWBIN=$INSTDIR/bin
export PATH=$NEWBIN:$PATH

gdb --args $LIBEXEC/post -mts smtp -server mail.btinternet.com -port
465 -sasl -saslmech PLAIN -initialtls -user tonystoneley@btinternet.com
-snoop  -verbose $ANTDIR/draftmsg ...system/nmh/nmh-1.7.1$

[ I should add that my .mh_profile contains  ]
[ credentials: file:/home/ajms/.mh_dir/netrc ]

[Now running that lot - ]
../my-antics/mypost
GNU gdb (Debian 10.1-2) 10.1.90.20210103-git
[ ---snipped--- ]
Reading symbols from
/home/ajms/0/comp/this_system/nmh/nmh-1.7.1/testdir/libexec/nmh//post...
(gdb) run Starting program:
/home/ajms/0/comp/this_system/nmh/nmh-1.7.1/testdir/libexec/nmh/post
-mts smtp -server mail.btinternet.com -port 465 -sasl -saslmech PLAIN
-initialtls -user tonystoneley@btinternet.com -snoop -verbose
/home/ajms/0/comp/this_system/nmh/my-antics/draftmsg [Thread debugging
using libthread_db enabled] Using host libthread_db library
"/lib/x86_64-linux-gnu/libthread_db.so.1". -- Posting for All
Recipients -- Trying to connect to "mail.btinternet.com" ... Connecting
to 213.120.69.88:465... TLS negotiation successful:
ECDHE-RSA-AES128-GCM-SHA256(128) TLSv1.2 SSL-Session: [ --- snipped ---
] Extended master secret: yes [EHLO dialogue begins]
(tls-decrypted) <= 220 re-prd-rgout-004.btmx-prd.synchronoss.net ESMTP
Service ready (tls-encrypted) => EHLO bryher.nodomain
(tls-decrypted) <= 250-re-prd-rgout-004.btmx-prd.synchronoss.net
(tls-decrypted) <= 250-DSN
(tls-decrypted) <= 250-8BITMIME
(tls-decrypted) <= 250-PIPELINING
(tls-decrypted) <= 250-AUTH=LOGIN
(tls-decrypted) <= 250-AUTH LOGIN PLAIN
(tls-decrypted) <= 250-DELIVERBY 300
(tls-decrypted) <= 250 SIZE 41943040
(tls-encrypted) => RSET
(tls-decrypted) <= 250 RSET
(tls-encrypted) => QUIT
(tls-decrypted) <= 221 re-prd-rgout-004.btmx-prd.synchronoss.net QUIT
post: problem initializing server; [BHST] SASL client start failed:
SASL(-4): no mechanism available: No worthy mechs found [Inferior 1
(process 2389) exited with code 01] (gdb) q
[ end of screen shot ]

Anything else I could send to help?

 Tony

--
Tony Stoneley 
Preferred email address ajms@cam.ac.uk
   ...not withstanding anything any ISP may force into my "From:" field
----------------------------------------------------------------

Ken Hornstein wrote on Wed, 02 Feb 2022 09:57:35 -0500

So, silly question ... did you try -saslmech PLAIN?  That is what I
tested and I got basically "no such user" when I tested it against
your ISPs server (because I made up an username/password).  I am not
sure if Cyrus-SASL supports the LOGIN mechanism (although, WITHOUT
-saslmech it should have picked the "best" mechanism and selected
PLAIN).  LOGIN and PLAIN are basically equivalent from a security
standpoint.

"No worthy mechs found" ... I'd have to dig into Cyrus-SASL to recall
what that means.  There's some additional criteria you can use for
mechanism selection (like "does not require encrypted channel")
but I don't believe we ever configure those criteria.  If you could
post the -snoop output before you get to that point it would be
helpful.  Also, if you are capable of using the latest sources in
the git repo, there is some additional debugging printed when using
-snoop that might be helpful.  Also, if you can tell me exactly which
version of Cyrus-sasl you are compiling against, I can take a look
at that error message.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]