SMTP Authentication
SMTP -AUTH ( SMTP authentication, also known as ASMTP ) is an extension of the ESMTP protocol that allows a mail server authentication by the client using their user name and password.
Normally can pass through an SMTP Auth enabled server only authenticated sender mails, which helps to prevent the misuse of the mail server for spam. Share this refers to sending an e -mail to recipients outside the jurisdiction of the mail server you are using (see SMTP relay server). At the same time can be tracked in the log files indicating who used an SMTP server for mail relay.
The server offers various authentication mechanisms, of which the client chooses one. The server provides the client then depending on the mechanism of a challenge or has him to continue. Depending on the method chosen, there is a encryption.
The SMTP authentication ( RFC 2554 which makes obsolete ) held in RFC 4954.
Authentication Procedures
Various mechanisms are available for authentication on the server. Depending on the SMTP server and its configuration, various methods offered by the server.
PLAIN
The PLAIN authentication is standardized in RFC 4616. In this case, user name ( for authorization ), User Name ( for authentication) and password unencrypted. The three strings are grouped in a string and Base64-encoded.
LOGIN
In the LOGIN authentication, as in the PLAIN authentication, the username and password unencrypted Base64 - encoded transfer. In contrast to the PLAIN authentication the two strings are transmitted in two steps.
CRAM -MD5
The CRAM- MD5 authentication is standardized in RFC 2195.
SCRAM -SHA -1
The SCRAM -SHA - 1 authentication is standardized in RFC 5802.
NTLM
The authentication is done via NTLM.
Example
The following session demonstrates the ESMTP authentication using the LOGIN method. Thus there is a Base64 encoding of the username "john ". Note: Base64 encoding represents no encryption
> 220 mail.example.org ESMTP
Example.net < EHLO
> 250 - example.org example.net Hello
> 250 AUTH CRAM -MD5 LOGIN PLAIN
< AUTH LOGIN
> 334 VXNlcm5hbWU6
< == AGFucw
> 334 UGFzc3dvcmQ6
< C2Nobml0emVsbWl0a2FydG9mZmVsc2FsYXQ =
> 235 ok
< MAIL FROM:
334 User Name: Hans 334 Password: schnitzelmitkartoffelsalat see also
- SMTP - after- POP