From: Matthias A. <mat...@gm...> - 2024-06-25 17:02:06
|
Am 25.06.24 um 03:53 schrieb Michael Pope: >> 1- a genuine issue with authentication (did the service change login > policies? > > I fear there may have been a "quiet change" at the provider. My > credentials are correct/unchanged for their webmail. Yep. I find it most confusing though that the server would offer STARTTLS in spite of having already negotiated TLS. This seems to be a first to be seen in the wild and reported - and this is what confused fetchmail, which simply does not expect to see STARTTLS offered on a TLS connection, and also would not use it, nor would that make sense. It might be a configuration issue on your provider's servers. None of the servers I've read conversations of would offer STARTTLS on a TLS-wrapped connection. >> 2- fetchmail misreporting the authentication failure with that WARNING > OK, sslproto is (probably) correct, and that warning is incorrect. Is > there any other logging/warning/error configuration I can try to get better > debugging of why authentication is failing? Does fetchmail only see a > success/fail, or is the next step to fire up wireshark:-)? There isn't anything you can do but checking the provider's help and news pages or contacting them. The very first communication is the successful negotiation of TLS v1.2, and after receiving the initial prompt, the first command that fetchmail tries is A0001 LOGIN with your user and password, and that fails. This is the *entire* conversation after the SSL negotiation, and WireShark is not going to give you anything useful because fetchmail has the cleartext conversation, but Wireshark only has the encrypted stuff, and decoding that would be quite a bit of a hassle and a distraction because you already have it... https://wiki.wireshark.org/TLS#tls-decryption > fetchmail: IMAP< * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID > ENABLE IDLE SPECIAL-USE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] imap > ready - cma-tmc > fetchmail: IMAP> A0001 LOGIN "mpope" * > fetchmail: IMAP< A0001 NO [AUTHENTICATIONFAILED] Authentication failed. So... your provider will need to support you. |