Re: [exim] TLS SASL authentiation error 535

Góra strony
Delete this message
Reply to this message
Autor: AC
Data:  
Dla: exim-users, pdp
Temat: Re: [exim] TLS SASL authentiation error 535
On 2015-09-03 16:06, Phil Pennock wrote:
> On 2015-09-03 at 15:25 -0700, AC wrote:
>> I'm trying to figure out what's going on with sending mail from my phone
>> through my server. It had been working for a while but suddenly
>> stopped. I am authenticating using saslauthd for outgoing mail.
>
> My first suspicion is password corruption because of a character which
> some system thinks it should escape before it leaves the phone, or a
> character not showing, or a homoglyph. You're absolutely sure that the
> base64-encoded password which made it to your debug exim instances was
> identical in the working and non-working states? Note that if the phone
> is sending leading or trailing whitespace, then it might not show up
> visibly in debug traces where you're looking at the password, but should
> be more obvious in the base64-encoded variant (which should still be
> identical across authentication attempts, for plaintext auth). Also ë
> vs ë (one character, vs two characters (one combining) composed into a
> grapheme) and other things which look similar, but aren't at the byte
> level.



Thanks Phil. You got it right, it was a trailing space. I wasn't
looking closely at the encoded version thinking it was encrypted by the
TLS key exchange (not just base64 encoded) so the difference there
didn't stand out. The data in $auth2 is identical but there was indeed
a trailing white space that the phone kept adding (because of the
password entry field). I looked on the phone and found the space.
Fixed the problem.

Perhaps a feature request would be to change he debugging code to
output things like the auth fields with delimiters around them to make
things like this obvious?

I would have easily seen:

$auth2 = "passwordwithtrailingspace "

compared to :

$auth2 = passwordwithtrailingspace


So I learned that the phone added a space and I must be careful in the
future when entering the password to make sure it doesn't have a (very
hard to see two pixel wide) space. I also learned that in the debug
data, the initial PLAIN AUTH is just base64 and not something encrypted.
Overall a productive error on my part, so thanks! :)