Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Sending Mail using Authenticated SMTP MD5 Challenge-Response Fails

I am creating a new thread to specifically address Mail send errors on Authenticated SMTP servers that support MD5 Challenge-Response. Apple specifically made a change in Security Update 2007-009 to address the following:

From http://docs.info.apple.com/article.html?artnum=307179

Mail

CVE-ID: CVE-2007-5855

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

Impact: SMTP accounts set up through Account Assistant may use plaintext authentication even when MD5 Challenge-Response authentication is available

Description: When setting up an SMTP account through Account Assistant, if SMTP authentication is selected, and if the server supports only MD5 Challenge-Response authentication and plaintext authentication, Mail defaults to using plaintext authentication. This update addresses the issue by ensuring that the most secure available mechanism is used. This issue does not affect systems running Mac OS X 10.5 or later.


I had originally posted in: http://discussions.apple.com/thread.jspa?threadID=828731&tstart=0
but there were a subset of us who did not fall into the category of the fixes described in that thread.

I captured a failing authenticated SMTP transaction shown here:

220-elasmtp-scoter.atl.sa.earthlink.net ESMTP Exim 4.67 #1 Wed, 23 Jan 2008 13:38:46 -0500
220-NO UCE. EarthLink does not authorize the use of its computers or network
220 equipment to accept, transmit, or distribute unsolicited e-mail.

EHLO [192.168.0.17] // http:// added when posting is really [ ] with IP Addr in brackets

250-elasmtp-scoter.atl.sa.earthlink.net Hello [192.168.0.17] // Same Comment as above
250-SIZE 14680064
250-PIPELINING
250-AUTH PLAIN LOGIN CRAM-MD5
250-STARTTLS
250 HELP

421 elasmtp-scoter.atl.sa.earthlink.net lost input connection

As you can see, Mail did not respond once the supported options of the server were transmitted (should have been an "AUTH <type>" response; where <type> is PLAIN, LOGIN, or CRAM-MD5), in fact the "lost input connection" is due to the mac terminating the TCP connection.

To verify that Earthlink would, in fact, accept my login, I telneted to the server and manually performed an AUTH PLAIN and an AUTH LOGIN with my credentials and it worked beautifully. I have tried every suggestion in the other posts (I provided a list of what I tried in one post). The problem appeared after the Security Update 2007-009, and it is not a problem on my Mac Mini that I have not loaded the same Security Update, but am running 10.4.11. I know my settings are correct, I know my ISP is not blocking me, I can pinpoint exactly when the problem occurred, other machines on my network work, etc, etc.

This is a problem with 10.4.11, Security Update 2007-009, Mail 2.1.2(753).

12" PB G4 1.25G, Mac OS X (10.4.11), First computer: Apple II

Posted on Jan 23, 2008 12:56 PM

Reply
1 reply

Jan 28, 2008 1:02 PM in response to pquirk

In the thread referred to in the initial post, go2rba made a suggestion to delete the user name and password from the outgoing server configuration. I had tried this suggestion several times without success. After it worked for another user, I figured I'd try again, this time on a server that requires SSL. It did not work, so I re-entered my primary outgoing smtp server information for the thousandth time and much to my surprise a test email in my outbox was sent!

I performed a capture using Wireshark and the authenticated smtp exchange worked flawlessly. I am still stunned! 🙂 The only explanation that I can think of is a flag or variable in the code that was not being properly initialized after the Software Update is somehow corrected through this procedure.

Nice work go2rba!

Sending Mail using Authenticated SMTP MD5 Challenge-Response Fails

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.