-
-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LOGIN fallback doesn't occur if rejected pre-continuation #2648
Comments
salut, the problem is obviously not dependent on your individual k-9 installation. i have the same result with my installation on a kitkat (where imap authentication is okay in general) when i use test/invalid credentials (varius username patterns) with imap.scarlet.be. is there staff at scarlet to answer that question? |
It ought to be falling back to login which appears to work:
I believe with valid details The fact they advertise |
Good evening Philip, Should we interprete, that k-9 is capable to follow such a method fallback (for whatever reason a server may require it), and that both fslori's and my failures to LOGIN were credentials errors? Is perhaps
an indicator that the LOGIN username requires the pattern user@domain.xy for server (domain.xy) determination ability? Finally, if you agree that this could have been the case, why then did k-9 both at fslori and me not display the final response but rather the intermediate response about the method fallback? |
Yes K-9 should be doing the fallback I described (hence why I re-titled the bug and left it open). I don't have an account with I'll look into why K-9 reported the error it did today by testing it with K-9 - as the trace shows I ran that from my Mac using OpenSSL. |
Hi there, Thank you both for following this up! I am not familiar enough with the aspects of server connection, but I can add that:
|
I'm fairly sure that this issue is fixed by the PR I raised. They respond with Either this code path is rarely used in the real world or most providers, even though they don't support |
Hello fslori, you are welcome! I'll not write you for the test credentials, because i am no k-9 staff. ... Just in case anybody should write to you now, pretending his name was "AEaut" :] |
@philipwhiuk: OK, thanks for making the pull request! I will await its review and merging. Perhaps I will then compile it myself with |
Announcing support for Instead, we could allow the user to specify what authentication method to use. Right now we offer the options "Normal password", "Encrypted password" and "Client certificate" during setup. Using a client certificate should complement the password authentication and thus be a separate setting (see #793). That leaves us with "Normal password" and "Encrypted password", which are not terribly useful options. In my opinion the default should be "Automatic" where we select the option we like best and use that. Additionally, we list the individual authentication methods we support. That would allow users affected by this bug to manually select the Any objections to this approach of working around the issue at hand? |
Is there even any point to a non automatic setting? As long as we don't transmit the password in actual plaintext, we should use whatever works and doesn't bother the user. For the extra security, a checkable setting like "force challenge response login" sounds more understandable than a dropdown that offers "encrypted" and something else, where anyone that chooses something else feels bad about that. |
I'd hide the setting by default. "Automatic" should work fine for most people. The option to manually specify the authentication method would basically be an expert setting and only be there to work around server bugs or do intentionally stupid things like sending a plain text password over an unencrypted connection. |
like vincent i don't understand why an automatic fallback in case of a "NO" response should not be implemented (since it's implemented in other clients). if it is because of password security concerns, then how about an automatic routine trying all the standards that are somehow "safe", and if they all fail, then reporting this to the user (sort of layer/popup/...) + asking him whether the routine shall continue by trying one (or all) other "unsafe" method(s). Is there any chance to bear in mind and prevent "fail2ban"(-like) restrictions that may (increasingly) apply after a number of login/auth attempts that failed due to invalid credentials? Can such failures be distinguished against other failures (such as due to non-support of login/auth methods)? I'm thinking about account settings to limit the number of failed login/auth attempts (during a certain period). |
I don't like the idea of trying every supported method after the server said "no" to your authentication request the first time. A well-behaving server wouldn't change its answer. |
A comment just to keep you all informed. Last week, I assembled @philipwhiuk 's commits in his A few months ago, I've informed staff at scarlet about the server issue, but got no response. |
Hi everybody, I have instaled this k-9 app and it's impossible to read mail from scarlet but sending is ok. what can_i do touse correctly k-9 ? |
Contact scarlet.be support and tell them to fix their server software. Right now there's no way to use it with K-9 Mail. |
Maibe do you know that scarlet.be use a mailbox with alias, seem same that prtonmail.com |
See #3933 |
Expected behavior
There should be no problem in connecting to the
imap.scarlet.be
server and fetch incoming mails (it works in Thunderbird and in mySecureMail). These are the required settings, from the provider, which seem just normal (provider's info in Dutch / provider's info in French):Incoming e-mail (IMAP) : imap.scarlet.be Port : 993 (SSL enabled)
Outgoing e-mail (SMTP) : smtp.scarlet.be Port: 465 (SSL and “server requires authentication” enabled)
Actual behavior
In K-9 Mail I'm only succesful at sending email, not receiving. The following error pops up at setup:
I also get the error when, afterwards, I try small variations in the settings (such as disabling 'autodetect IMAP namespace'), in account settings > fetching mail > incoming server.
Note
I posted this issue on the community mail group as well.
Environment
K-9 Mail version: 5.207
Android version: 6.0.1
Account type (IMAP, POP3, WebDAV/Exchange): IMAP
The text was updated successfully, but these errors were encountered: