Wednesday, August 30, 2023

OT thunderbird oddities

Hi,

This is a off topic but I am a thunderbird user when I don't use mutt.
(using mutt right now, but the thunderbird window is open). I upgraded my
home network from 7.3 to the latest snapshot in the last two days and I saw
a that thunderbird did change, but oh it did change in behaviour too!

Last year almost to the day (August 30th, 2022) mozilla changed the code to
parsing the APOP greeting and I'd like to point out how I make use of that.

https://hg.mozilla.org/comm-central/diff/737cf4def8c2298f83504b7e99a2d1b9b6d9c1f5/mailnews/local/src/Pop3Client.jsm

So in the APOP greeting the statusText is allowed any character between 0x0
and 0x7f in this format /<[\x00-\x7F]+@[\x00-\x7F]+>/. I have modified
my POP3s server now to give out these characters (it did give out base32
before but yesterday I saw disconnects on that for some reason by thunderbird).

This is the greeting that thunderbird for some odd reason disconnected on:

--->
0000: 2b 4f 4b 20 3c 72 68 68 61 6d 61 35 39 62 67 6a +OK <rhhama59bgj
0010: 63 68 64 33 33 40 6c 76 61 68 38 74 65 63 6d 61 chd33@lvah8tecma
0020: 31 69 64 30 6e 71 32 37 6d 72 31 33 31 33 3e 0d 1id0nq27mr1313>.
0030: 0a
<---

I thought it was strange, maybe my tls'ized popa3d needed recompiling only?
So here is what I have done for this greeting:

--->
0812/stern$ openssl s_client -connect pop3.delphinusdns.org:995 -quiet|cat -v
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = pop3.delphinusdns.org
verify return:1
+OK <$CMK^Gu3Z^^^A)j^]&h^Lf@vch^ZE^P$3g>^M
<---

What's weird is with this recompile and change we say in germany that
thunderbird is "pudelwohl" (comfy like a poodle dog). And I don't have any
more disconnects before authentication attempts.

It's not entirely compatible with say fetchmail (the first incarnation with the
base32 was though) but I only use thunderbird for pop3 these days. And I
kicked my users off at the beginning of the year, so it's good.

I'm still boggled by the base32 trigger behaviour that thunderbird should
not authenticate. It wasn't always and that hexdump is all I have before I
changed the code.

Best Regards,
-peter

PS: for trivia, what does javascript do when given a 0x0 character? Does it
use that for terminating strings? I was thinking of modifying my popa3d server
to do that but it's more trouble than it's worth becuase it passes a lot to
vsnprintf().

--
Over thirty years experience on Unix-like Operating Systems starting with QNX.

No comments:

Post a Comment