Sending Mail using Authenticated SMTP MD5 Challenge-Response Fails
I am creating a new thread to specifically address Mail send errors on Authenticated SMTP servers that support MD5 Challenge-Response. Apple specifically made a change in Security Update 2007-009 to address the following:
From http://docs.info.apple.com/article.html?artnum=307179
Mail
CVE-ID: CVE-2007-5855
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: SMTP accounts set up through Account Assistant may use plaintext authentication even when MD5 Challenge-Response authentication is available
Description: When setting up an SMTP account through Account Assistant, if SMTP authentication is selected, and if the server supports only MD5 Challenge-Response authentication and plaintext authentication, Mail defaults to using plaintext authentication. This update addresses the issue by ensuring that the most secure available mechanism is used. This issue does not affect systems running Mac OS X 10.5 or later.
I had originally posted in: http://discussions.apple.com/thread.jspa?threadID=828731&tstart=0
but there were a subset of us who did not fall into the category of the fixes described in that thread.
I captured a failing authenticated SMTP transaction shown here:
220-elasmtp-scoter.atl.sa.earthlink.net ESMTP Exim 4.67 #1 Wed, 23 Jan 2008 13:38:46 -0500
220-NO UCE. EarthLink does not authorize the use of its computers or network
220 equipment to accept, transmit, or distribute unsolicited e-mail.
EHLO [192.168.0.17] // http:// added when posting is really [ ] with IP Addr in brackets
250-elasmtp-scoter.atl.sa.earthlink.net Hello [192.168.0.17] // Same Comment as above
250-SIZE 14680064
250-PIPELINING
250-AUTH PLAIN LOGIN CRAM-MD5
250-STARTTLS
250 HELP
421 elasmtp-scoter.atl.sa.earthlink.net lost input connection
As you can see, Mail did not respond once the supported options of the server were transmitted (should have been an "AUTH <type>" response; where <type> is PLAIN, LOGIN, or CRAM-MD5), in fact the "lost input connection" is due to the mac terminating the TCP connection.
To verify that Earthlink would, in fact, accept my login, I telneted to the server and manually performed an AUTH PLAIN and an AUTH LOGIN with my credentials and it worked beautifully. I have tried every suggestion in the other posts (I provided a list of what I tried in one post). The problem appeared after the Security Update 2007-009, and it is not a problem on my Mac Mini that I have not loaded the same Security Update, but am running 10.4.11. I know my settings are correct, I know my ISP is not blocking me, I can pinpoint exactly when the problem occurred, other machines on my network work, etc, etc.
This is a problem with 10.4.11, Security Update 2007-009, Mail 2.1.2(753).
From http://docs.info.apple.com/article.html?artnum=307179
CVE-ID: CVE-2007-5855
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: SMTP accounts set up through Account Assistant may use plaintext authentication even when MD5 Challenge-Response authentication is available
Description: When setting up an SMTP account through Account Assistant, if SMTP authentication is selected, and if the server supports only MD5 Challenge-Response authentication and plaintext authentication, Mail defaults to using plaintext authentication. This update addresses the issue by ensuring that the most secure available mechanism is used. This issue does not affect systems running Mac OS X 10.5 or later.
I had originally posted in: http://discussions.apple.com/thread.jspa?threadID=828731&tstart=0
but there were a subset of us who did not fall into the category of the fixes described in that thread.
I captured a failing authenticated SMTP transaction shown here:
220-elasmtp-scoter.atl.sa.earthlink.net ESMTP Exim 4.67 #1 Wed, 23 Jan 2008 13:38:46 -0500
220-NO UCE. EarthLink does not authorize the use of its computers or network
220 equipment to accept, transmit, or distribute unsolicited e-mail.
EHLO [192.168.0.17] // http:// added when posting is really [ ] with IP Addr in brackets
250-elasmtp-scoter.atl.sa.earthlink.net Hello [192.168.0.17] // Same Comment as above
250-SIZE 14680064
250-PIPELINING
250-AUTH PLAIN LOGIN CRAM-MD5
250-STARTTLS
250 HELP
421 elasmtp-scoter.atl.sa.earthlink.net lost input connection
As you can see, Mail did not respond once the supported options of the server were transmitted (should have been an "AUTH <type>" response; where <type> is PLAIN, LOGIN, or CRAM-MD5), in fact the "lost input connection" is due to the mac terminating the TCP connection.
To verify that Earthlink would, in fact, accept my login, I telneted to the server and manually performed an AUTH PLAIN and an AUTH LOGIN with my credentials and it worked beautifully. I have tried every suggestion in the other posts (I provided a list of what I tried in one post). The problem appeared after the Security Update 2007-009, and it is not a problem on my Mac Mini that I have not loaded the same Security Update, but am running 10.4.11. I know my settings are correct, I know my ISP is not blocking me, I can pinpoint exactly when the problem occurred, other machines on my network work, etc, etc.
This is a problem with 10.4.11, Security Update 2007-009, Mail 2.1.2(753).
12" PB G4 1.25G, Mac OS X (10.4.11), First computer: Apple II