Pegasus Mail & Mercury

Hi all,

I've just set up a mobile to send using the imap accountname/password combination and have entered that in the authsmtp file. It doesn't work and I have logged the transaction:

 11:42:44.875: Connection from 212.183.134.208, Thu Jul 02 11:42:44 2009<lf>
11:42:44.875: << 220 xxxxxxxxxxxxx ESMTP server ready.<cr><lf>
11:42:44.360: >> EHLO [10.46.87.196]<cr><lf>
11:42:44.360: << 250-xxxxxxxxxxxxx Hello [10.46.87.196]; ESMTPs are:<cr><lf>250-TIME<cr><lf>
11:42:44.360: << 250-SIZE 25000000<cr><lf>
11:42:44.360: << 250-AUTH CRAM-MD5 LOGIN<cr><lf>
11:42:44.360: << 250-AUTH=LOGIN<cr><lf>
11:42:44.360: << 250 HELP<cr><lf>
11:42:45.438: >> AUTH CRAM-MD5<cr><lf>
11:42:45.438: << 334 PC0yNzE0Mzg1OC4zNDZAZGF2aWRoYXRoYXdheS5jby51az4=<cr><lf>
11:42:46.938: >> amFtZXNoQGRodGwuY28udWsgYmUxMWQ1ZjViZTM3ZjE0Yzk2NGFhYTk4YjU1ZjY0YzU=<cr><lf>
11:42:46.938: << 501 Authentication failed - bad user or password.<cr><lf>
11:42:46.422: >> QUIT<cr><lf>
11:42:46.422: << 221 xxxxxxxxxxxxx Service closing channel.<cr><lf>
11:42:46.438: --- Connection closed normally at Thu Jul 02 11:42:46 2009. ---
11:42:46.438:

I've re-entered the password several times....

Is it possible to unencrypt the user/pass above? Any other ideas?

Cheers, Gordon

This is base64 encoded except the password is encoded in MD5.  You can easily get the username though.

11:42:45.438: >> AUTH CRAM-MD5<cr><lf>
11:42:45.438: << 334 PC0yNzE0Mzg1OC4zNDZAZGF2aWRoYXRoYXdheS5jby51az4=<cr><lf>

<-27143858.346@davidhathaway.co.uk>

11:42:46.938: >> amFtZXNoQGRodGwuY28udWsgYmUxMWQ1ZjViZTM3ZjE0Yzk2NGFhYTk4YjU1ZjY0YzU=<cr><lf>

jamesh@dhtl.co.uk be11d5f5be37f14c964aaa98b55f64c5

You might try using a simple username rather than the full SMTP address here.  That said, this may be one of those servers that advertise CRAM-MD5 but then do not implement it.  Upgrade to PB1 and you can tell PMail not to use this protocol. From v4.5x help.

 Do not use CRAM-MD5 authentication even if it is advertised  This one's a bit technical, so please bear with us... The process of logging into the SMTP server to authenticate your identity can take a variety of forms: the server "advertises" the forms it understands, and Pegasus Mail looks through that list, choosing the most secure form it recognizes. Some forms are very "weak", in that they either transmit your credentials as clear text or in a form that can be easily broken, while other forms are "strong", in the sense that it is very difficult to work out your credentials simply by observing the exchange of data between the two programs. Unfortunately, one of the strongest forms of authentication, called CRAM-MD5, is commonly misconfigured on SMTP servers, even at quite reputable ISPs - the server will advertise that it supports it, but will actually fail any attempt to use it. Getting the ISP to realize that they are at fault is a lost cause in most cases - it's almost always easier simply to check this control, which tells Pegasus Mail never to use CRAM-MD5 for this server. You should be aware that you reduce the security of your connection by checking this control: CRAM-MD5 is the only commonly-used authentication form that offers reasonable security, and by disabling it, you force Pegasus Mail to use less secure methods... But sometimes you may decide that being able to send mail is more important than being able to do it securely. The choice is yours.