Empty response to AUTH LOGIN when should return base64 encoded "Username:" #223
Comments
|
go-mail dev here. I know that Authelia uses go-mail under the hood and I recognize that error message from our auth modules. Turns out this issue is actually related to go-mail. It has nothing to do with the order of the supported methods, this is just a coincident. It has to do with the The issue is, that in go-mail we expect the server to respond with a base64 encoded representation of either "Username:", "username:" or "User name\x00". I believe there is no formal IETF RFC for "AUTH LOGIN", but there is draft. Mox does not reply with the base64 encoded representation of "Username:" but just responds with an empty I suggest that Mox follows the common approach of sending the "Username:". Unless of course @mjl- has a valid point to not do so- in that case I'd be happy to adept mox's behaviour in go-mail. For refernece, I've checked some mail server implementations/popular mail services and it looks like the common agreement is to send the Postfix: Dovecot: Google: Zoho mail: Yahoo mail: iCloud mail: |
|
Additional note: While writing a test to adept this behaviour in go-mail, I just noticed that mox, on the second response, answers with "Password". Commonly servers respond with "Password:", "password:" or "Password\x00". Maybe also something to consider here. Side note: in the next release go-mail will support SCRAM-SHA, so this will become a no-brainer for Authela ;) |
|
Last side note (I promise): After reading the draft again (especially https://datatracker.ietf.org/doc/html/draft-murchison-sasl-login-00#section-2.1 and https://datatracker.ietf.org/doc/html/draft-murchison-sasl-login-00#section-2.2) I see that it's vage as usual... The clients I'll file an issue for go-mail to address the "SHOULD" part in #2.1 but still it might be advisable to follow the common behaviour for mox to follow. |
|
Ill update the title of this issue to be clearer |
gdunstone
changed the title
|
Created: wneessen/go-mail#311 |
… as attempt to improve interoperability there is only an internet-draft about the required behaviour. it says clients should ignore the strings. some clients do check the string. most servers appear to use "Username:" and "Password:" as challenge. we'll follow them, hoping to improve interoperability. for issue #223 by gdunstone, and with analysis from wneessen of go-mail. thanks!
|
Thanks for the report & analysis! I changed mox to write the "Username:" and "Password:" challenges. Closer to what others services are doing, the internet-draft is just a draft (and it says essentially anything goes). Should improve interoperability. |
Should EHLO 250-AUTH response have PLAIN and LOGIN first?
I was having trouble getting Authelia to use mox as its submissions server for a notification service.
I kept getting this error when trying to use mox:
error="failed to dial connection: SMTP AUTH failed: unsupported SMTP AUTH types: ", however it worked when I used gmail.I had a look at the responses of both gmail and mox and it seems that gmail returns LOGIN and PLAIN before the others:
Response from gmail:
Response from mox v0.0.11
After building a dev mox, and placing PLAIN and LOGIN before the others, Authelia worked.
This line:
mox/smtpserver/server.go
Line 906 in b0c4b09
This reponse from mox resulted in successful login by Authelia:
I'm not sure if I should raise this with mox or Authelia, and I dont know the spec of how these auth options should be ordered, so if this is fully within spec I can raise this with Authelia instead.
The text was updated successfully, but these errors were encountered: