Issue581165
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2002-07-13 23:46 by pierslauder, last changed 2022-04-10 16:05 by admin. This issue is now closed.
Messages (10) | |||
---|---|---|---|
msg11567 - (view) | Author: Piers Lauder (pierslauder) * | Date: 2002-07-13 23:46 | |
The ehlo() method in the smtplib class SMTP appears to incorrectly handle the response from Eudora Internet Mail Server 3.1.3 . The rsponse to the "EHLO" command is: send: 'ehlo gemini.cs.usyd.edu.au\r\n' reply: '250-webfactory.com.au hello gemini.cs.usyd.edu.au (129.78.111.139)\r\n' reply: '250-EXPN\r\n' reply: '250-PIPELINING\r\n' reply: '250-8BITMIME\r\n' reply: '250-BINARYMIME\r\n' reply: '250-CHUNKING\r\n' reply: '250-ENHANCEDSTATUSCODES\r\n' reply: '250-ETRN\r\n' reply: '250-AUTH CRAM-MD5 NTLM PLAIN LOGIN\r\n' reply: '250-AUTH=LOGIN\r\n' reply: '250 SIZE 2147483647\r\n' which is then gathered into: ['webfactory.com.au hello gemini.cs.usyd.edu.au (129.78.111.139)', 'EXPN', 'PIPELINING', '8BITMIME', 'BINARYMIME', 'CHUNKING', 'ENHANCEDSTATUSCODES', 'ETRN', 'AUTH CRAM-MD5 NTLM PLAIN LOGIN', 'AUTH=LOGIN', 'SIZE 2147483647'] which is then parsed into "self.esmtp_features as: {'enhancedstatuscodes': '', '8bitmime': '', 'expn': '', 'chunking': '', 'etrn': '', 'pipelining': '', 'size': '2147483647', 'auth': '=LOGIN', 'binarymime': ''} Note that the two lines starting "AUTH" have been elided into the one dictionary element 'auth':'=LOGIN'. This prevents a subsequent call to the login() method from correctly identifying a suitable authentication method resulting in: raise SMTPException("No suitable authentication method found.") |
|||
msg11568 - (view) | Author: Martin v. Löwis (loewis) * | Date: 2002-07-23 22:00 | |
Logged In: YES user_id=21627 Can you please try the patch in http://sourceforge.net/tracker/index.php? func=detail&aid=572031&group_id=5470&atid=305470 and report whether it solves this problem? |
|||
msg11569 - (view) | Author: Piers Lauder (pierslauder) * | Date: 2002-07-24 11:26 | |
Logged In: YES user_id=196212 I tried the patch. It gets me further - I now get "Syntax Error, not using <cr><lf> as end of line." Here's the trace: resp: ['webfactory.com.au hello gemini.cs.usyd.edu.au (129.78.111.139)', 'EXPN', 'PIPELINING', '8BITMIME', 'BINARYMIME', 'CHUNKING', 'ENHANCEDSTATUSCODES', 'ETRN', 'AUTH CRAM-MD5 NTLM PLAIN LOGIN', 'AUTH=LOGIN', 'SIZE 2147483647'] features: {'auth=login': '', 'enhancedstatuscodes': '', '8bitmime': '', 'expn': '', 'chunking': '', 'etrn': '', 'pipelining': '', 'size': '2147483647', 'auth': 'CRAM-MD5 NTLM PLAIN LOGIN', 'binarymime': ''} send: 'AUTH CRAM-MD5\r\n' reply: '334 PDExODQ1NzY3NTctNjk3MjgzMDhAd2ViZmFjdG9yeS5jb20uYXU+\r\n' reply: retcode (334); Msg: PDExODQ1NzY3NTctNjk3MjgzMDhAd2ViZmFjdG9yeS5jb20uYXU+ send: 'cGllcnMlY29tbXVuaXR5c29sdXRpb25zLmNvbS5hdSAzOTU2NzVmYWUwZGUxZmQyN2I3MTRjNGQ5\nYzgzOWIwNQ==\r\n' reply: '500 Syntax error, not using <cr><lf> as end of line\r\n' reply: retcode (500); Msg: Syntax error, not using <cr><lf> as end of line Which doesn't make any sense, and is probably a server problem, since I can see that each line sent _is_ terminated with <cr><lf>. So I consider the patch a (qualified) success. |
|||
msg11570 - (view) | Author: Gerhard Häring (ghaering) * | Date: 2002-08-06 06:56 | |
Logged In: YES user_id=163326 Piers, could you please try my patch again? It contained a very stupid bug (sent the username twice, but no password). This seems unrelated to the error message your SMTP server sent, but maybe it's worth a try. |
|||
msg11571 - (view) | Author: Piers Lauder (pierslauder) * | Date: 2002-08-07 05:01 | |
Logged In: YES user_id=196212 I tried the second patch. It got the same problem with "AUTH CRAM-MD5" ("Syntax Error, not using <cr><lf> as end of line.") but then I tried forcing "AUTH LOGIN" (which I think is what your change applied to?) and that worked. Thanks! So, I think the <cr><lf> problem is a bug on this particular smtp server, and I'm now happy because I can send mail to it using AUTH LOGIN (and the AUTH=LOGIN feature no longer causes a problem for smtplib.py) The question is - should CRAM-MD5 be the preferred method? I think the answer is yes as it is more secure, but perhaps a note could be installed somewhere to use LOGIN authentication if the <cr><lf> error occurs. |
|||
msg11572 - (view) | Author: Gerhard Häring (ghaering) * | Date: 2002-10-14 16:08 | |
Logged In: YES user_id=163326 Maybe we should add an additional optional argument to the login() method? Something like: def login(user, password, method=smtplib.AUTH_CRAM_MD5) ? |
|||
msg11573 - (view) | Author: Martin v. Löwis (loewis) * | Date: 2002-10-14 18:37 | |
Logged In: YES user_id=21627 I got the impression that the original problem reported has been fixed. Is that impression incorrect? If this is fixed, we should close this report. As for adding new parameters: I'd like to get a real-world bug report first, which then should be tracked separately. As for using CRAM-MD5: Correct me if I'm wrong, but doesn't that require clear text passwords on the server, and thus cannot be implemented on top of a /etc/passwd database? If so, I wonder whether it is used in real life. |
|||
msg11574 - (view) | Author: Gerhard Häring (ghaering) * | Date: 2002-10-14 18:54 | |
Logged In: YES user_id=163326 Yes, the original problem was that we didn't parse AUTH= lines and this has been fixed. Apparently the reason the current code doesn't work for Piers is that his SMTP server has problems with CRAM-MD5 although it says that it'll understand CRAM-MD5. I can think of two workarounds: - the additional argument like I proposedlibrary - smtp.login() tries the advertised auth methods until it finds one that works. But I don't like such hacks, as they make debugging problems even more difficult. If anybody actually wants one of these, they should perhaps file a feature request or a patch, so this one can be closed. On your other question, I don't have access to a "real-life" SMTP AUTH server except MS Exchange (of which we only support LOGIN). You're right about not being able to use /etc/passwd, but I believe most Unix MTAs support virtual users, so this should not be a problem. |
|||
msg11575 - (view) | Author: Piers Lauder (pierslauder) * | Date: 2002-11-22 06:57 | |
Logged In: YES user_id=196212 I think this item should be closed. It now works as far as I'm concerned. Just a note about CRAM-MD5 authentication. I've had a similar "feature" request for imaplib, and after our experience here, I decided to make it an explicit option. Ie: the invoker doesn't silently get CRAM-MD5 if available via the default "login" method - they have to ask for it. That way the invoker knows the status of protection for the password. |
|||
msg11576 - (view) | Author: Martin v. Löwis (loewis) * | Date: 2002-11-22 07:55 | |
Logged In: YES user_id=21627 Ok, closing it. |
History | |||
---|---|---|---|
Date | User | Action | Args |
2022-04-10 16:05:30 | admin | set | github: 36891 |
2002-07-13 23:46:16 | pierslauder | create |