cURL / Mailing Lists / curl-library / Single Mail

curl-library

FW: curl 7.21.0 SMTP - duplication of login credentials

From: Alona Rossen <arossen_at_opentext.com>
Date: Fri, 20 Jul 2012 15:10:10 +0000

From: Alona Rossen
Sent: July-19-12 10:26 AM
To: 'libcurl development'
Subject: curl 7.21.0 SMTP - duplication of login credentials

Hello,

We observed duplication of user name when sending emails via SMTP protocol with curl 7.21.0.

What is interesting is that this duplication is observed when connecting to some smtp servers and not observed when connecting to other servers. The duplication takes place when connecting to hMail and gmail and does not take place when connecting to <Another> server.
Notably, this duplication does not interfere with authentication on gmail. Authentication is required on gmail and failure to provide correct authentication credentials results in failure of SendMail action. However, SendMail action consistently fails with hMail server.

Gmail:

INFO_HEADER_IN:
     250-AUTH LOGIN PLAIN XOAUTH

     INFO_HEADER_IN:
     250-ENHANCEDSTATUSCODES

     INFO_HEADER_IN:
     250 PIPELINING

     INFO_HEADER_OUT:
     AUTH PLAIN YWxvbmEXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

     INFO_HEADER_IN:
     235 2.7.0 Accepted

     INFO_HEADER_OUT:
     MAIL FROM:alona.rossen_at_gmail.com<mailto:alona.rossen_at_gmail.com>

YWxvbmEXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX translates to alona.rossenalona.rossenmypassword

<Another> server :

INFO_HEADER_IN:
     250-AUTH NTLM LOGIN

     INFO_HEADER_IN:
     250-X-EXPS GSSAPI NTLM

     INFO_HEADER_IN:
     250-8BITMIME

     INFO_HEADER_IN:
     250-BINARYMIME

     INFO_HEADER_IN:
     250-CHUNKING

     INFO_HEADER_IN:
     250-XEXCH50

     INFO_HEADER_IN:
     250-XRDST

     INFO_HEADER_IN:
     250 XSHADOW

     INFO_HEADER_OUT:
     AUTH LOGIN XXXXXXXXXXXXXXXXXXXXXXXXX

     INFO_HEADER_IN:
     334 UGFzc3dvcmQ6

     INFO_HEADER_OUT:
     XXXXXXXXXXXXXXXXXXXXXXXX==

     INFO_HEADER_IN:
     235 2.7.0 Authentication successful

     INFO_HEADER_OUT:
     MAIL FROM:arossen_at_domain.com<mailto:arossen_at_domain.com>

Please notice that in this case USR and PWD are submitted separately, unduplicated.

hMail:

INFO_HEADER_IN:
     250-arossen0011

     INFO_HEADER_IN:
     250-SIZE 20480000

     INFO_HEADER_IN:
     250 AUTH LOGIN PLAIN

     INFO_HEADER_OUT:
     AUTH PLAIN YWxvbmEAYWxvbmEAYWxvbmFobWFpbA==

     INFO_HEADER_IN:
     535 Authentication failed. Restarting authentication process.

     INFO_TEXT:
     Authentication failed: 535

     INFO_TEXT:
     Expire cleared

     INFO_HEADER_OUT:
     QUIT

PLAIN YWxvbmEAYWxvbmEAYWxvbmFobWFpbA== translates to alonaalonaalonahmail (my credentials are alona/alonahmail). This format is identical to gmail.

The duplication disappeared when I submitted hMail url in the form of "smtp://usr:pwd_at_server:port/hostname", instead of "smtp:// server:port/hostname" and submitting login credentials separately. However, even without the duplication authentication fails on hMail server:

INFO_HEADER_IN:
     250-arossen0011

     INFO_HEADER_IN:
     250-SIZE 20480000

     INFO_HEADER_IN:
     250 AUTH LOGIN

     INFO_HEADER_OUT:
     AUTH LOGIN YWxvbmE=

     INFO_HEADER_IN:
     334 UGFzc3dvcmQ6

     INFO_HEADER_OUT:
     YWxvbmFobWFpbA==

     INFO_HEADER_IN:
     535 Authentication failed. Restarting authentication process.

"YWxvbmE=" decodes to "alona"
"YWxvbmFobWFpbA==" decodes to "alonahmail"

Regards,
Alona

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-07-20