Hello,
I'm getting an authentication error when trying to send a test email from another email domain I use. Interestingly enough, there's no log being cut on the email server from my test emails, though I'd argue it does in fact work since I see the occasional IMAP connect from my phone, complete with the login attempt, in Splunk. To me, an untrained eye, it looks like it's trying to use MD5 despite me saying no security in the settings. I'd like to try and send the authentication plain text as the server is ancient and doesn't play well otherwise. This thing is seriously a relic from the 90's.
I've left all the security settings disabled, I just have the mail server, my username, and my password entered. I can watch the attempt leave and Sophos claims the password was wrong (I like to think I have it typed in correctly). TCPDump below, I'm not sure what it's trying to send out though.
19:47:47.499403 Port2, OUT: IP (tos 0x0, ttl 64, id 45772, offset 0, flags [DF], proto TCP (6), length 52) cpe-74-79-100-200.twcny.res.rr.com.40112 > mail.dreamscape.com.587: Flags [S], cksum 0x39f6 (incorrect -> 0x772a), seq 3083597119, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 0x0000: 0001 5c89 5646 0001 2e6e 651d 0800 4500 ..\.VF...ne...E. 0x0010: 0034 b2cc 4000 4006 4e28 4a4f 64c8 d8ab .4..@.@.N(JOd... 0x0020: b20c 9cb0 024b b7cb f53f 0000 0000 8002 .....K...?...... 0x0030: 7210 39f6 0000 0204 05b4 0101 0402 0103 r.9............. 0x0040: 0307 ..19:47:47.532003 Port2, IN: IP (tos 0x8, ttl 53, id 0, offset 0, flags [DF], proto TCP (6), length 52) mail.dreamscape.com.587 > cpe-74-79-100-200.twcny.res.rr.com.40112: Flags [S.], cksum 0xa45b (correct), seq 2439486694, ack 3083597120, win 5840, options [mss 1380,nop,nop,sackOK,nop,wscale 7], length 0 0x0000: 0001 2e6e 651d 0001 5c89 5646 0800 4508 ...ne...\.VF..E. 0x0010: 0034 0000 4000 3506 0bed d8ab b20c 4a4f .4..@.5.......JO 0x0020: 64c8 024b 9cb0 9167 9ce6 b7cb f540 8012 d..K...g.....@.. 0x0030: 16d0 a45b 0000 0204 0564 0101 0402 0103 ...[.....d...... 0x0040: 0307 ..19:47:47.532056 Port2, OUT: IP (tos 0x0, ttl 64, id 45773, offset 0, flags [DF], proto TCP (6), length 40) cpe-74-79-100-200.twcny.res.rr.com.40112 > mail.dreamscape.com.587: Flags [.], cksum 0x39ea (incorrect -> 0xfac8), seq 1, ack 1, win 229, length 0 0x0000: 0001 5c89 5646 0001 2e6e 651d 0800 4500 ..\.VF...ne...E. 0x0010: 0028 b2cd 4000 4006 4e33 4a4f 64c8 d8ab .(..@.@.N3JOd... 0x0020: b20c 9cb0 024b b7cb f540 9167 9ce7 5010 .....K...@.g..P. 0x0030: 00e5 39ea 0000 ..9...19:47:47.571595 Port2, IN: IP (tos 0x8, ttl 53, id 47948, offset 0, flags [DF], proto TCP (6), length 73) mail.dreamscape.com.587 > cpe-74-79-100-200.twcny.res.rr.com.40112: Flags [P.], cksum 0x493c (correct), seq 1:34, ack 1, win 46, length 33 0x0000: 0001 2e6e 651d 0001 5c89 5646 0800 4508 ...ne...\.VF..E. 0x0010: 0049 bb4c 4000 3506 508b d8ab b20c 4a4f .I.L@.5.P.....JO 0x0020: 64c8 024b 9cb0 9167 9ce7 b7cb f540 5018 d..K...g.....@P. 0x0030: 002e 493c 0000 3232 3020 626f 7267 2e6e ..I<..220.borg.n 0x0040: 6f72 7468 6c61 6e64 636f 6d2e 636f 6d20 orthlandcom.com. 0x0050: 4553 4d54 500d 0a ESMTP..19:47:47.571638 Port2, OUT: IP (tos 0x0, ttl 64, id 45774, offset 0, flags [DF], proto TCP (6), length 40) cpe-74-79-100-200.twcny.res.rr.com.40112 > mail.dreamscape.com.587: Flags [.], cksum 0x39ea (incorrect -> 0xfaa7), seq 1, ack 34, win 229, length 0 0x0000: 0001 5c89 5646 0001 2e6e 651d 0800 4500 ..\.VF...ne...E. 0x0010: 0028 b2ce 4000 4006 4e32 4a4f 64c8 d8ab .(..@.@.N2JOd... 0x0020: b20c 9cb0 024b b7cb f540 9167 9d08 5010 .....K...@.g..P. 0x0030: 00e5 39ea 0000 ..9...19:47:47.571731 Port2, OUT: IP (tos 0x0, ttl 64, id 45775, offset 0, flags [DF], proto TCP (6), length 57) cpe-74-79-100-200.twcny.res.rr.com.40112 > mail.dreamscape.com.587: Flags [P.], cksum 0x39fb (incorrect -> 0xe2b8), seq 1:18, ack 34, win 229, length 17 0x0000: 0001 5c89 5646 0001 2e6e 651d 0800 4500 ..\.VF...ne...E. 0x0010: 0039 b2cf 4000 4006 4e20 4a4f 64c8 d8ab .9..@.@.N.JOd... 0x0020: b20c 9cb0 024b b7cb f540 9167 9d08 5018 .....K...@.g..P. 0x0030: 00e5 39fb 0000 6568 6c6f 2073 6f70 686f ..9...ehlo.sopho 0x0040: 732e 636f 6d0d 0a s.com..19:47:47.608984 Port2, IN: IP (tos 0x8, ttl 53, id 47949, offset 0, flags [DF], proto TCP (6), length 40) mail.dreamscape.com.587 > cpe-74-79-100-200.twcny.res.rr.com.40112: Flags [.], cksum 0xfb4d (correct), seq 34, ack 18, win 46, length 0 0x0000: 0001 2e6e 651d 0001 5c89 5646 0800 4508 ...ne...\.VF..E. 0x0010: 0028 bb4d 4000 3506 50ab d8ab b20c 4a4f .(.M@.5.P.....JO 0x0020: 64c8 024b 9cb0 9167 9d08 b7cb f551 5010 d..K...g.....QP. 0x0030: 002e fb4d 0000 0000 0000 0000 ...M........19:47:47.610105 Port2, IN: IP (tos 0x8, ttl 53, id 47950, offset 0, flags [DF], proto TCP (6), length 173) mail.dreamscape.com.587 > cpe-74-79-100-200.twcny.res.rr.com.40112: Flags [P.], cksum 0x9fa0 (correct), seq 34:167, ack 18, win 46, length 133 0x0000: 0001 2e6e 651d 0001 5c89 5646 0800 4508 ...ne...\.VF..E. 0x0010: 00ad bb4e 4000 3506 5025 d8ab b20c 4a4f ...N@.5.P%....JO 0x0020: 64c8 024b 9cb0 9167 9d08 b7cb f551 5018 d..K...g.....QP. 0x0030: 002e 9fa0 0000 3235 302d 626f 7267 2e6e ......250-borg.n 0x0040: 6f72 7468 6c61 6e64 636f 6d2e 636f 6d0d orthlandcom.com. 0x0050: 0a32 3530 2d41 5554 483d 4c4f 4749 4e20 .250-AUTH=LOGIN. 0x0060: 4352 414d 2d4d 4435 2050 4c41 494e 0d0a CRAM-MD5.PLAIN.. 0x0070: 3235 302d 4155 5448 204c 4f47 494e 2043 250-AUTH.LOGIN.C 0x0080: 5241 4d2d 4d44 3520 504c 4149 4e0d 0a32 RAM-MD5.PLAIN..2 0x0090: 3530 2d53 5441 5254 544c 530d 0a32 3530 50-STARTTLS..250 0x00a0: 2d50 4950 454c 494e 494e 470d 0a32 3530 -PIPELINING..250 0x00b0: 2038 4249 544d 494d 450d 0a .8BITMIME..19:47:47.610524 Port2, OUT: IP (tos 0x0, ttl 64, id 45776, offset 0, flags [DF], proto TCP (6), length 55) cpe-74-79-100-200.twcny.res.rr.com.40112 > mail.dreamscape.com.587: Flags [P.], cksum 0x39f9 (incorrect -> 0x1852), seq 18:33, ack 167, win 237, length 15 0x0000: 0001 5c89 5646 0001 2e6e 651d 0800 4500 ..\.VF...ne...E. 0x0010: 0037 b2d0 4000 4006 4e21 4a4f 64c8 d8ab .7..@.@.N!JOd... 0x0020: b20c 9cb0 024b b7cb f551 9167 9d8d 5018 .....K...Q.g..P. 0x0030: 00ed 39f9 0000 4155 5448 2043 5241 4d2d ..9...AUTH.CRAM- 0x0040: 4d44 350d 0a MD5..19:47:47.642576 Port2, IN: IP (tos 0x8, ttl 53, id 47951, offset 0, flags [DF], proto TCP (6), length 98) mail.dreamscape.com.587 > cpe-74-79-100-200.twcny.res.rr.com.40112: Flags [P.], cksum 0x71e8 (correct), seq 167:225, ack 33, win 46, length 58 0x0000: 0001 2e6e 651d 0001 5c89 5646 0800 4508 ...ne...\.VF..E. 0x0010: 0062 bb4f 4000 3506 506f d8ab b20c 4a4f .b.O@.5.Po....JO 0x0020: 64c8 024b 9cb0 9167 9d8d b7cb f560 5018 d..K...g.....`P. 0x0030: 002e 71e8 0000 3333 3420 5044 6b77 4d7a ..q...334.PDkwMz 0x0040: 4d75 4d54 5135 4d54 517a 4e6a 4132 4e30 MuMTQ5MTQzNjA2N0 0x0050: 4269 6233 4a6e 4c6d 3576 636e 526f 6247 Bib3JnLm5vcnRobG 0x0060: 4675 5a47 4e76 6253 356a 6232 302b 0d0a FuZGNvbS5jb20+..19:47:47.642963 Port2, OUT: IP (tos 0x0, ttl 64, id 45777, offset 0, flags [DF], proto TCP (6), length 94) cpe-74-79-100-200.twcny.res.rr.com.40112 > mail.dreamscape.com.587: Flags [P.], cksum 0x3a20 (incorrect -> 0xbc66), seq 33:87, ack 225, win 237, length 54 0x0000: 0001 5c89 5646 0001 2e6e 651d 0800 4500 ..\.VF...ne...E. 0x0010: 005e b2d1 4000 4006 4df9 4a4f 64c8 d8ab .^..@.@.M.JOd... 0x0020: b20c 9cb0 024b b7cb f560 9167 9dc7 5018 .....K...`.g..P. 0x0030: 00ed 3a20 0000 596e 4a35 6232 3467 4e44 ..:...YnJ5b24gND 0x0040: 4931 5954 646c 4d6a 4179 597a 5268 5a54 I1YTdlMjAyYzRhZT 0x0050: 4d7a 5a44 5177 597a 417a 596d 4534 4d54 MzZDQwYzAzYmE4MT 0x0060: 4132 5a47 4d7a 4d32 553d 0d0a A2ZGMzM2U=..19:47:47.714479 Port2, IN: IP (tos 0x8, ttl 53, id 47952, offset 0, flags [DF], proto TCP (6), length 40) mail.dreamscape.com.587 > cpe-74-79-100-200.twcny.res.rr.com.40112: Flags [.], cksum 0xfa49 (correct), seq 225, ack 87, win 46, length 0 0x0000: 0001 2e6e 651d 0001 5c89 5646 0800 4508 ...ne...\.VF..E. 0x0010: 0028 bb50 4000 3506 50a8 d8ab b20c 4a4f .(.P@.5.P.....JO 0x0020: 64c8 024b 9cb0 9167 9dc7 b7cb f596 5010 d..K...g......P. 0x0030: 002e fa49 0000 0000 0000 0000 ...I........19:47:49.679986 Port2, IN: IP (tos 0x8, ttl 53, id 47953, offset 0, flags [DF], proto TCP (6), length 58) mail.dreamscape.com.587 > cpe-74-79-100-200.twcny.res.rr.com.40112: Flags [P.], cksum 0x4c4a (correct), seq 225:243, ack 87, win 46, length 18 0x0000: 0001 2e6e 651d 0001 5c89 5646 0800 4508 ...ne...\.VF..E. 0x0010: 003a bb51 4000 3506 5095 d8ab b20c 4a4f .:.Q@.5.P.....JO 0x0020: 64c8 024b 9cb0 9167 9dc7 b7cb f596 5018 d..K...g......P. 0x0030: 002e 4c4a 0000 3533 3520 6175 7468 2066 ..LJ..535.auth.f 0x0040: 6169 6c75 7265 0d0a ailure..19:47:49.680144 Port2, OUT: IP (tos 0x0, ttl 64, id 45778, offset 0, flags [DF], proto TCP (6), length 46) cpe-74-79-100-200.twcny.res.rr.com.40112 > mail.dreamscape.com.587: Flags [P.], cksum 0x39f0 (incorrect -> 0x1177), seq 87:93, ack 243, win 237, length 6 0x0000: 0001 5c89 5646 0001 2e6e 651d 0800 4500 ..\.VF...ne...E. 0x0010: 002e b2d2 4000 4006 4e28 4a4f 64c8 d8ab ....@.@.N(JOd... 0x0020: b20c 9cb0 024b b7cb f596 9167 9dd9 5018 .....K.....g..P. 0x0030: 00ed 39f0 0000 7175 6974 0d0a ..9...quit..
Telnet to the server, looks like the TCPDump comes back with the right options but I'm not sure how to go about testing CRAM-MD5, LOGIN and PLAIN do work, I tested it during that telnet session using Perl to Base64 encode the credentials. Fairly confident CRAM-MD5 might be broken on the server to be honest.
Connected to mail.dreamscape.com.Escape character is '^]'. 220 borg.northlandcom.com ESMTP ehlo test250-borg.northlandcom.com250-AUTH=LOGIN CRAM-MD5 PLAIN250-AUTH LOGIN CRAM-MD5 PLAIN250-STARTTLS250-PIPELINING250 8BITMIME
This thread was automatically locked due to age.
