Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Thunderbird 17 not able to retrieve POP mail - Authentication failed
752 views
Skip to first unread message
Bill
Dec 13, 2012, 12:35:51 PM12/13/12
to
For several days I haven't been able to download email from my ISP. I
get the error:
Sending of username did not succeed. Mail server mail.iinet.net.au
responded: Authentication failed
It works with Outlook so I can't really blame my ISP.
I have run a packet capture and I see the following:
+OK Dovecot ready.
CAPA
+OK
CAPA
TOP
UIDL
RESP-CODES
PIPELINING
USER
SASL PLAIN
STLS
.
AUTH PLAIN
+
AGJpbGxjAGB3JyxjaXVtb3A=
-ERR Authentication failed.
USER billc
I have no idea what that the AGJpbGxjAGB3JyxjaXVtb3A= string is.
If I look at the capture of my Outlook session I see:
+OK Dovecot ready.
AUTH
+OK
PLAIN
.
USER billc
+OK
PASS ----------
+OK logged in.
STAT
+OK 188 7880866
QUIT
+OK Bye-bye.
Does anyone have any ideas? I have tried starting in safe mode and it
has made no difference.
get the error:
Sending of username did not succeed. Mail server mail.iinet.net.au
responded: Authentication failed
It works with Outlook so I can't really blame my ISP.
I have run a packet capture and I see the following:
+OK Dovecot ready.
CAPA
+OK
CAPA
TOP
UIDL
RESP-CODES
PIPELINING
USER
SASL PLAIN
STLS
.
AUTH PLAIN
+
AGJpbGxjAGB3JyxjaXVtb3A=
-ERR Authentication failed.
USER billc
I have no idea what that the AGJpbGxjAGB3JyxjaXVtb3A= string is.
If I look at the capture of my Outlook session I see:
+OK Dovecot ready.
AUTH
+OK
PLAIN
.
USER billc
+OK
PASS ----------
+OK logged in.
STAT
+OK 188 7880866
QUIT
+OK Bye-bye.
Does anyone have any ideas? I have tried starting in safe mode and it
has made no difference.
Bill
Dec 13, 2012, 12:57:00 PM12/13/12
to
One thing to note, Thunderbird is configured to check for new email on
startup. I get the following in my packet capture:
+OK Dovecot ready.
AUTH
+OK
PLAIN
.
QUIT
+OK Bye-bye.
However, when I click "Get Mail" I get the following (as mentioned in my
previous post):
+OK Dovecot ready.
CAPA
+OK
CAPA
TOP
UIDL
RESP-CODES
PIPELINING
USER
SASL PLAIN
STLS
.
AUTH PLAIN
+
AGJpbGxjAGB3JyxjaXVtb3A=
-ERR Authentication failed.
USER billc
One thing I didn't mention in my previous post is that after my PC sends
the "USER billc" packet, it then retransmits that packet two more times
(TCP Retransmission). I then see a retransmit of the "-ERR
Authentication failed." packet from the server followed by another three
or five (it seems to vary) TCP retransmissions of the "USER billc"
packet. My PC then sends a RST packet closing the connection.
I see no retransmissions in the Outlook traffic. Both the Thunderbird
and Outlook "USER billc" packets have a TCP length of 12 bytes (USER
billc\r\n).
I'm running Windows. I've tried it without and without my anti-virus.
startup. I get the following in my packet capture:
+OK Dovecot ready.
AUTH
+OK
PLAIN
.
CAPA
+OK
CAPA
TOP
UIDL
RESP-CODES
PIPELINING
USER
SASL PLAIN
STLS
.
AUTH PLAIN
+
AGJpbGxjAGB3JyxjaXVtb3A=
-ERR Authentication failed.
USER billc
+OK
CAPA
TOP
UIDL
RESP-CODES
PIPELINING
USER
SASL PLAIN
STLS
.
AUTH PLAIN
+
AGJpbGxjAGB3JyxjaXVtb3A=
-ERR Authentication failed.
USER billc
+OK
PASS ----------
+OK logged in.
STAT
+OK 189 7882407
PASS ----------
+OK logged in.
STAT
QUIT
+OK Bye-bye.
However, when I click "Get Mail" I get the following (as mentioned in my
previous post):
+OK Dovecot ready.
CAPA
+OK
CAPA
TOP
UIDL
RESP-CODES
PIPELINING
USER
SASL PLAIN
STLS
.
AUTH PLAIN
+
AGJpbGxjAGB3JyxjaXVtb3A=
-ERR Authentication failed.
USER billc
the "USER billc" packet, it then retransmits that packet two more times
(TCP Retransmission). I then see a retransmit of the "-ERR
Authentication failed." packet from the server followed by another three
or five (it seems to vary) TCP retransmissions of the "USER billc"
packet. My PC then sends a RST packet closing the connection.
I see no retransmissions in the Outlook traffic. Both the Thunderbird
and Outlook "USER billc" packets have a TCP length of 12 bytes (USER
billc\r\n).
I'm running Windows. I've tried it without and without my anti-virus.
Mike Easter
Dec 13, 2012, 2:08:22 PM12/13/12
to
Bill wrote:
> For several days I haven't been able to download email from my ISP. I
> get the error:
> Sending of username did not succeed. Mail server mail.iinet.net.au
> responded: Authentication failed
You forgot to mention how you have your Tb configured for pop.
> For several days I haven't been able to download email from my ISP. I
> get the error:
> Sending of username did not succeed. Mail server mail.iinet.net.au
> responded: Authentication failed
The page for mail.iinet.net.au doesn't stipulate the connection security
so I would be using none and port 110.
> AUTH PLAIN
> +
> AGJpbGxjAGB3JyxjaXVtb3A=
> -ERR Authentication failed.
> USER billc
>
> I have no idea what that the AGJpbGxjAGB3JyxjaXVtb3A= string is.
Your username for that server is supposed to be your full email which
apparently is billc <at> iinet.net.au
> Does anyone have any ideas? I have tried starting in safe mode and it
> has made no difference.
forget to use the full email addy for the user. What you pasted says
USER billc.
https://iihelp.iinet.net.au/general_settings
POP server (incoming): mail.iinet.net.au
SMTP server (outgoing): mail.iinet.net.au
Username: Your full iiNet email address, e.g. john.c...@iinet.net.au
Email address: Your full iiNet email address again, e.g.
john.c...@iinet.net.au
--
Mike Easter
Keith Nuttle
Dec 13, 2012, 4:04:53 PM12/13/12
to
I don't know how many hours and bad words have filled the air because
I had misspelled something, put a space where it should not be, or a ,
for a .
Bill
Dec 14, 2012, 12:18:53 AM12/14/12
to
Mike Easter said the following on 14/12/2012 3:08 AM:> You forgot to
changed in my Thunderbird configuration and it was all working until a
few days ago.
My wife also uses Thunderbird on this computer with the same issue.
Anyway, I have changed connection security to SSL/TLS and it now works.
Judging by the retransmissions I would say that something was blocking
the traffic. I have no idea what that might have been.
> I would engage the server with telnet and try my user/pass. Don't
> forget to use the full email addy for the user. What you pasted says
> USER billc.
I've already tried that. Interestingly, telnet doesn't seem to work with
this pop server.
mention how you have your Tb configured for pop.
>
> The page for mail.iinet.net.au doesn't stipulate the connection security
> so I would be using none and port 110.
Port 110. The ISP doesn't require a domain in the username. Nothing has
>
> The page for mail.iinet.net.au doesn't stipulate the connection security
> so I would be using none and port 110.
changed in my Thunderbird configuration and it was all working until a
few days ago.
My wife also uses Thunderbird on this computer with the same issue.
Anyway, I have changed connection security to SSL/TLS and it now works.
Judging by the retransmissions I would say that something was blocking
the traffic. I have no idea what that might have been.
> I would engage the server with telnet and try my user/pass. Don't
> forget to use the full email addy for the user. What you pasted says
> USER billc.
this pop server.
Bill
Dec 14, 2012, 12:21:00 AM12/14/12
to
Keith Nuttle said the following on 14/12/2012 5:04 AM:> Very Basic
security to ssl/tls and it started working.
question: In your TB setup is everything spelled correctly,
> I don't know how many hours and bad words have filled the air because
> I had misspelled something, put a space where it should not be, or a ,
> for a .
Nothing in my end was changed to cause it to stop working. I changed
> I don't know how many hours and bad words have filled the air because
> I had misspelled something, put a space where it should not be, or a ,
> for a .
security to ssl/tls and it started working.
Keith Nuttle
Dec 14, 2012, 7:42:55 AM12/14/12
to
ago mine did. It seems there was a letter making the announcement that
I nearly threw away without reading
John H Meyers
Jan 4, 2013, 4:11:10 AM1/4/13
to
On 12/13/2012 11:35 AM:
> AUTH PLAIN + [hex string]
> -ERR Authentication failed.
>
> I have no idea what that the [hex string] is.
As a general rule, avoid posting _any hex strings at all_
In this case, it's:
User name _and_ password, each preceded by one null byte,
easily converted back from "base64" to _plain text_
It was therefore not a good idea to post it -- hopefully
the OP had his ISP change his password in the ensuing weeks,
before anyone read all his mail, stole his identity,
and spammed the entire world using his account -- perhaps
that's why the account got suspended, and private earlier email
saying these same things probably could not reach him,
so this warning is now for everyone else to become aware
that AUTH commands should not be posted, as they are
just as transparent as USER and PASS commands,
for which AUTH is an alternative, when supported by servers.
Technical reference: <http://tools.ietf.org/html/rfc4616>
That's why it's strongly recommended to use SSL
(which encrypts everything from the very outset of a connection)
with every mail server that supports it,
which will involve port 995 for POP, 993 for IMAP, or 465 for SMTP,
so that plain text login info (even when converted to "base64")
is not easily captured by anyone "listening in" on the same network.
By the same token, any internal unencrypted log made by an email program
should not be posted without removing all personal data and all hex strings.
Second best is to _require_ TLS with any other ports, e.g.
110 for POP, 143 for IMAP, and 587 or 25 or anything else for SMTP.
TLS connections begin unencrypted, but the client then issues
a StartTLS command to negotiate encryption,
before transmitting any login info.
Not all servers offer TLS capability; those that do so
"advertise" their capability in response to a CAPA command
(for incoming servers) or EHLO command (for outgoing servers).
Some clients (e.g. even older versions of Thunderbird) offer an
"if available, use TLS" option -- this could be useful for an ISP
which offers no encryption at all at the present time, so that
encryption would automatically start being used at any time
the ISP later added that capability, but Thunderbird no longer
offers this way of specifying TLS, based on a flawed philosophy
that requires you to demand encryption, just to find out whether your ISP
offers it, then to reverse yourself and dictate refraining from encryption
if they don't, so that you'll never switch back again even if they start --
to me, that's obviously inferior, but TB often "hears a different drummer"
than makes the best sense, in many ill-reasoned behaviors, including
new "whoppers" that continue to accompany recent releases.
--
> AUTH PLAIN + [hex string]
> -ERR Authentication failed.
>
> I have no idea what that the [hex string] is.
As a general rule, avoid posting _any hex strings at all_
In this case, it's:
User name _and_ password, each preceded by one null byte,
easily converted back from "base64" to _plain text_
It was therefore not a good idea to post it -- hopefully
the OP had his ISP change his password in the ensuing weeks,
before anyone read all his mail, stole his identity,
and spammed the entire world using his account -- perhaps
that's why the account got suspended, and private earlier email
saying these same things probably could not reach him,
so this warning is now for everyone else to become aware
that AUTH commands should not be posted, as they are
just as transparent as USER and PASS commands,
for which AUTH is an alternative, when supported by servers.
Technical reference: <http://tools.ietf.org/html/rfc4616>
That's why it's strongly recommended to use SSL
(which encrypts everything from the very outset of a connection)
with every mail server that supports it,
which will involve port 995 for POP, 993 for IMAP, or 465 for SMTP,
so that plain text login info (even when converted to "base64")
is not easily captured by anyone "listening in" on the same network.
By the same token, any internal unencrypted log made by an email program
should not be posted without removing all personal data and all hex strings.
Second best is to _require_ TLS with any other ports, e.g.
110 for POP, 143 for IMAP, and 587 or 25 or anything else for SMTP.
TLS connections begin unencrypted, but the client then issues
a StartTLS command to negotiate encryption,
before transmitting any login info.
Not all servers offer TLS capability; those that do so
"advertise" their capability in response to a CAPA command
(for incoming servers) or EHLO command (for outgoing servers).
Some clients (e.g. even older versions of Thunderbird) offer an
"if available, use TLS" option -- this could be useful for an ISP
which offers no encryption at all at the present time, so that
encryption would automatically start being used at any time
the ISP later added that capability, but Thunderbird no longer
offers this way of specifying TLS, based on a flawed philosophy
that requires you to demand encryption, just to find out whether your ISP
offers it, then to reverse yourself and dictate refraining from encryption
if they don't, so that you'll never switch back again even if they start --
to me, that's obviously inferior, but TB often "hears a different drummer"
than makes the best sense, in many ill-reasoned behaviors, including
new "whoppers" that continue to accompany recent releases.
--
Bill
Jan 13, 2013, 4:59:07 AM1/13/13
to
Bill said the following on 14/12/2012 1:18 PM:
another. After I replaced my router I tried changing back to normal POP
(not using SSL) and it works again. So, I suspect the problem was with
my router.
> Port 110. The ISP doesn't require a domain in the username. Nothing has
> changed in my Thunderbird configuration and it was all working until a
> few days ago.
>
> My wife also uses Thunderbird on this computer with the same issue.
>
> Anyway, I have changed connection security to SSL/TLS and it now works.
> Judging by the retransmissions I would say that something was blocking
> the traffic. I have no idea what that might have been.
My router died a few weeks ago (Cisco 877W) so I have swapped it out for
> changed in my Thunderbird configuration and it was all working until a
> few days ago.
>
> My wife also uses Thunderbird on this computer with the same issue.
>
> Anyway, I have changed connection security to SSL/TLS and it now works.
> Judging by the retransmissions I would say that something was blocking
> the traffic. I have no idea what that might have been.
another. After I replaced my router I tried changing back to normal POP
(not using SSL) and it works again. So, I suspect the problem was with
my router.
Rob
Jan 13, 2013, 5:43:08 AM1/13/13
to
specific protocols and makes all kinds of misjudgements based on old
specfications of protocols and misunderstandings of details.
It is best not to use this. It also fouls up smtp (outgoing mail)
sessions.
Bill
Jan 19, 2013, 3:44:07 AM1/19/13
to
Rob said the following on 13/01/2013 6:43 PM:
> Bill <bi...@iinet.no-s-p-a-m.net.au> wrote:
>> My router died a few weeks ago (Cisco 877W) so I have swapped it out for
>> another. After I replaced my router I tried changing back to normal POP
>> (not using SSL) and it works again. So, I suspect the problem was with
>> my router.
>
> Maybe you had "ip inspect" enabled. It looks into the traffic for
> specific protocols and makes all kinds of misjudgements based on old
> specfications of protocols and misunderstandings of details.
Yes, I was using CBAC. I dare say that was it/
>> My router died a few weeks ago (Cisco 877W) so I have swapped it out for
>> another. After I replaced my router I tried changing back to normal POP
>> (not using SSL) and it works again. So, I suspect the problem was with
>> my router.
>
> Maybe you had "ip inspect" enabled. It looks into the traffic for
> specific protocols and makes all kinds of misjudgements based on old
> specfications of protocols and misunderstandings of details.
Rob
Jan 20, 2013, 5:14:35 AM1/20/13
to
It seems that Cisco do not read protocol specifications very well
when they write their filters, but rather observe behaviour by typical
mainstream programs, code their filters to accomodate them, and thus
lockout others (like Thunderbird).
0 new messages