Package: ssmtp Version: 2.62-3 Severity: normal
If the '#' character appear anywhere in your password, and that you put it in the /etc/ssmtp/ssmtp.conf file using the AuthPass option, an empty password will be sent instead and the authentication will fails with a message such as: 535 5.7.0 Error: authentication failed: authentication failure sendmail: Authorization failed (535 5.7.0 Error: authentication failed: authentication failure) But if you pass the exact same password using directly "sendmail -v -ap my#password", then it will works as expected. At first, I tought that maybe I had to escape it like this: \#, but after some more investigations I realized that whenever a password contain a '#', only 2 bytes are returned to the mailhub. Those 2 bytes are likely a carriage return, but I was too lazy to check. My guess is that if a '#' character appear anywhere on a line, then the full line is considered as a comment. To test this idea, I used a username such as AuthUser=some#User and as expected, the username is never sent to the mailhub. This affect both Lenny and Etch, and the latest version in Squeeze (2.63-1) is probably affected as well. Here is basically the config file I used: # /etc/ssmtp/ssmtp.conf root=postmaster mailhub=your.smtp.server.tld hostname=whatever.tld UseTLS=YES UseSTARTTLS=YES FromLineOverride=YES AuthUser=someUser AuthPass=my#password Thank you, Simon Valiquette -- System Information: Debian Release: 5.0.2 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
