-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enforcement of ID
before SELECT
#25
Comments
Testing ... $ openssl s_client -crlf -connect imap.163.com:993
* OK IMAP4 ready
a login test@163.com abcdef
a NO LOGIN Login error or password error $ nc -C imap.163.com 143
* OK IMAP4 ready
a login test@163.com abcdef
a NO LOGIN Login error or password error It sounds a bit like "server reporting unencrypted login", but it doesn't seem to be the case as we get the same error with and w/o encryption. Do we need valid credentials to reproduce the |
ID
before `SELECT
ID
before `SELECTID
before SELECT
Do we need valid credentials to reproduce the `Unsafe Login. Please
contact ***@***.*** for help` message?
I would say yes, because the error comes straight after selecting a
mailbox (which requires auth).
I asked the person who report the bug to create a fake account for us. I
will also use it for testing email-lib.
|
I asked the person who report the bug to create a fake account for
us. I will also use it for testing email-lib.
I got testing credentials, where can I safely share them with you?
|
Can you write me a PM on Matrix? :-) |
Which action needs to be done for this issue? Contacting the mail provider? From my side I can add a config option to exchange ids after authentication. |
This is a vendor issue since they are implementing the standard wrong, so yes, contact them. |
Grr... sorry. I still have "Recheck 188.com" on my TODO list but so little time... Were you able to reproduce it with the credentials you got to clearly see it's the missing ID provoking the error? I think there is not a good way to mitigate this unfortunately... If you add an option to send ID, you have to maintain the option. But: How do you know when to activate it? Only for 188.com? Seems weird to give them free advertisement for bad behavior... Always sending ID just to mitigate this is not great either :-/ Fingers crossed they will fix it. |
No, I can do it tomorrow morning.
I thought to have a config entry that triggers the ids exchange after client creation (sth generic, not related to 163). Users should enable the option manually. This could be documented, in a dedicated 163 section. A bit like the Gmail section and App password. |
I confirm the defect:
It's even worse, 163 imposes you to send non-empty
As stated in RFC2871:
I will contact them and let you know. |
https://todo.sr.ht/~soywod/pimalaya/201
The text was updated successfully, but these errors were encountered: