Red Hat Bugzilla – Bug 430608
ssmtp cannot parse AuthPass with '=' or ':' in it
Last modified: 2008-11-26 21:11:00 EST
Description of problem:
The ssmtp config file parser strips out the '=' and ':' characters from the
AuthPass password. It appears this is done because the code is trying to be
"generic" to pre-parse a port specified on the "MailHub" option, but this causes
silent failure of SMTP authentication due to sending a truncated password.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. in /etc/ssmtp/ssmtp.conf set "AuthPass=Pass:Word=in:middle" where the actual
password is "Pass:Word=in:middle"
2. run ssmtp -d (+other sendmail options) to deliver an email
3. examine /var/log/maillog to see "Set AuthPass=Pass"
In /var/log/maillog "Set AuthPass=Pass" (and ssmtp delivery failure)
In /var/log/maillog "Set AuthPass=Pass:Word=in:middle" (and ssmtp delivery OK)
Patch to fix this for me to be attached. It might also be desirable to examine
the other "values" to see if they can be similarly affected.
Created attachment 293223 [details]
don't use the parsed value, use the raw "rightside" value for password
I'll announce upstream
The problems seems to be already known upstream, but they have not yet released
a patched version.
Could you please test using the rpms available (for rawhide) at
In case you want to build your own, the src rpm is available at
Sorry, I meant rpms available at
(In reply to comment #3)
> The problems seems to be already known upstream, but they have not yet released
> a patched version.
> Could you please test using the rpms available (for rawhide) at
> http://koji.fedoraproject.org/koji/getfile?taskID=379755&name=build.log ?
> In case you want to build your own, the src rpm is available at
The rawhide RPM doesn't install on my FC8 because of different library versions.
I downloaded, built, and tested the .src.rpm and was able to reproduce the
broken behaviour (password being truncated). Looking at the source code of this
release shows no changes in the parsing or handling of the auth_pass value at
all (it is still "tokenized" with = and : before being used), so I don't see any
way that the problem could be fixed.
Bug reported upstream: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463196
This message is a reminder that Fedora 8 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 8. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora
'version' of '8'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version prior to Fedora 8's end of life.
Bug Reporter: Thank you for reporting this issue and we are sorry that
we may not be able to fix it before Fedora 8 is end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora please change the 'version' of this
bug to the applicable version. If you are unable to change the version,
please add a comment here and someone will do it for you.
Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.
The process we are following is described here:
patch applied in ssmtp-11.7 which show in the repos soon
ssmtp-2.61-11.7.fc8 has been submitted as an update for Fedora 8.
ssmtp-2.61-11.7.fc9 has been submitted as an update for Fedora 9.
ssmtp-2.61-11.7.fc10 has been submitted as an update for Fedora 10.
ssmtp-2.61-11.7.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
ssmtp-2.61-11.7.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
ssmtp-2.61-11.7.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.