SMTP CRAM-MD5 for pre-existing accounts broken
Problem reported by Scarab - 5/4/2023 at 7:34 AM
Issue: Outgoing SMTP connections using CRAM-MD5 authentication for pre-existing accounts is failing after upgrading to build 8517 from build 8496. CRAM-MD5 authentication works fine with POP3/IMAP for the same accounts and SMTP authentication using CRAM-MD5 works for newly created accounts. Clients affected are Apple iOS Mail, MacOS Mail, Mozilla Thunderbird and web applications such as WP-SMTP-Mail & Fluent SMTP.

Error: detailed SMTP logs in SmarterMail show the error "Exception: String reference not set to an instance of a String. Parameter name: s   at System.Text.Encoding.GetBytes(String s)   at MailService.TcpServerLib.SMTP.SMTPSession.CramMD5Validation(Domain domain, User user, String digest, String md5Hash)   at MailService.TcpServerLib.SMTP.SMTPSession.ProcessAuthData(String authData) rsp: 535 Authentication failed.

Work-Around: Changing authentication type in the client from "MD5 Challenge-Response" or "Encrypted Password" to "Password" or "Plain-Text" works around the issue for affected clients. Also using SmarterMail's "CHANGE PASSWORD" function and resaving the existing password immediately resolves the problem (although it would appear that SETTINGS > PASSWORD REQUIREMENTS > PREVENT PREVIOUS PASSWORD REUSE is also not working as this should be preventing changing the password to the same existing password).

2 Replies

Reply to Thread
JerseyConnect Team Replied
Did you do the password changes as an admin or the end user? If I'm remembering correctly from testing password requirements several years ago, the prevent password reuse didn't apply to admins setting other user's password.
echoDreamz Replied
This is fixed in the latest build. 

Reply to Thread