smtp patch does not tell you when your password is incorrect

[charlie@…]

if you mis-stype your SMTP password, mutt will respond with an error that "No authenticators [were] available", which is not the case.

Here is the debug from both sides:

mx_close_message (): unlinking /tmp/mutt-little-laptop-501-29795-6
send.c:967: mutt_mktemp returns "/tmp/mutt-little-laptop-501-29795-7".
ssl_check_certificate: signer check passed
< 220 lazy.spodder.com ESMTP Postfix
> EHLO eatyourpets.com
< 250-lazy.spodder.com
< 250-PIPELINING
< 250-SIZE 10240000
< 250-ETRN
< 250-AUTH PLAIN DIGEST-MD5 CRAM-MD5
< 250-AUTH=PLAIN DIGEST-MD5 CRAM-MD5
< 250 8BITMIME
smtp_authenticate: Trying method plain
local ip: 10.0.1.3;59557, remote ip:72.21.56.27;465
External SSF: 256
External authentication name: charlie
mutt_sasl_cb_authname: getting authname for mail.eatyourpets.com:465
mutt_sasl_cb_authname: getting user for mail.eatyourpets.com:465
mutt_sasl_cb_pass: getting password for charlie@mail.eatyourpets.com:465
> AUTH PLAIN Y2hhcmxpZQBjaGFybGllAGJvb3R5
< 535 Error: authentication failed
smtp_auth_sasl: PLAIN failed
No authenticators available
mutt_free_body: Unlinking /tmp/mutt-little-laptop-501-29795-3.

and from the MTA side:
Oct 21 21:47:46 lazy postfix/smtpd[26056]: connect from 220-253-43-125.VIC.netsp
ace.net.au[220.253.43.125]
Oct 21 21:47:54 lazy postfix/smtpd[26056]: warning: SASL authentication failure:
 Password verification failed
Oct 21 21:47:54 lazy postfix/smtpd[26056]: warning: 220-253-43-125.VIC.netspace.
net.au[220.253.43.125]: SASL PLAIN authentication failed
Oct 21 21:47:55 lazy postfix/smtpd[26056]: lost connection after AUTH from 220-2
53-43-125.VIC.netspace.net.au[220.253.43.125]
Oct 21 21:47:55 lazy postfix/smtpd[26056]: disconnect from 220-253-43-125.VIC.ne
tspace.net.au[220.253.43.125]

It seems the smtp.patch could use the "535" error code to pick up on an authentication failure, rather than a lack of authentication mechanism?

It seems mutt can internally check it's authenticators to really report if there are no authenticators:

ssl_check_certificate: signer check passed
< 220 lazy.spodder.com ESMTP Postfix
> EHLO eatyourpets.com
< 250-lazy.spodder.com
< 250-PIPELINING
< 250-SIZE 10240000
< 250-ETRN
< 250-AUTH PLAIN DIGEST-MD5 CRAM-MD5
< 250-AUTH=PLAIN DIGEST-MD5 CRAM-MD5
< 250 8BITMIME
smtp_authenticate: Trying method gssapi
local ip: 10.0.1.3;59564, remote ip:72.21.56.27;465
External SSF: 256
External authentication name: charlie
mutt_sasl_cb_authname: getting user for mail.eatyourpets.com:465
SASL: GSSAPI Error: Miscellaneous failure (No credentials cache found)
smtp_auth_sasl: GSSAPI unavailable
No authenticators available
mutt_free_body: Unlinking /tmp/mutt-little-laptop-501-29929-4.
>How-To-Repeat:
on the prompt for SMTP password, enter a bogus password, and watch it return "No Authenticators available". I should return "bad password" or whatever the string is.
>Fix:
Unknown

[gshapiro]

Ticket #2872 was closed as a duplicate of this ticket. IMHO, it is a different issue (that can in the end have the same effect). I have attached a fix for ticket #2872 to that ticket (it is an easy one line patch). I worry that the issue in ticket #2872 will not be addressed in a timely fashion since ticket #2117 is marked as trivial and covers a different problem.

[gshapiro]

The attached patch fixes both the problem from ticket #2872 as well as the problem in this ticket. It does so by separating the fact the AUTH isn't available from AUTH failures. In the case of specific SmtpAuthenticators?, if an attempt at one fails, SMTP_AUTH_NEXT is returned to indicate the next method should be attempted. SMTP_AUTH_UNAVAIL will only be returned if SASL can't negotiate a common AUTH method. At the end of the smtp_auth(), if we have exhausted the list of SmtpAuthenticators? or, if none was specified and the single call to smtp_auth_sasl(conn, AuthMechs?) failed, M_ACCT_PASS is cleared from the SMTP connection so the next attempt will again query for a password.

[gshapiro]

Patch to fix the problem. It clears the flag that says a password is available if authentication fails.

[gshapiro]

Patch to fix the problem. It clears the flag that says a password is available if authentication fails.