Hi Maurizio, > It seems to occur in the authentication phase. > > I attached 2 syslog snippets obtained with 'transcript yes':
Thanks, that clarified the picture. You have forgotten to mention that you were using PLAIN. I was able to reproduce the bug when I switched to it. I have fixed the bug in commit 6f0dfc97a0[1]. > - auth_cram-md5.log is the result of two authentication attempt in "encrypted" > mode: the client reports that password wasn't accepted and I tried to input > it a second time, then I cancelled the attempt. As a matter of fact it was the *server* that reported that authentication didn't succeed, because it (the server) "wasn't able to get the password". Let me explain. CRAM-MD5 (as well as DIGEST-MD5 and others) requires that the user password be kept on the server in *unencrypted* form. As such, these authentication types cannot use system user database, PAM, or the like. To use these authentication types, you will have to keep user names and their corresponding cleartext passwords in a separate file or in an SQL database. You will need to apply the patch above, no matter what auth type you use. Regards, Sergey [1] https://git.savannah.gnu.org/cgit/mailutils.git/commit/?id=6f0dfc97a0484029d8719cd6fd629fa7f4af814c
