Stephan Krings <stephan(_at_)xmn-berlin(_dot_)de>:
I'm thinking about implementing the SMTP AUTH extension (RFC 2554) for
fetchmail, if there's interest in this feature. It's mentioned on the
ToDo-list for fetchmail, so I guess there is...
I've already looked through parts of the code and I think I have a
basic idea, how to do it. But two questions remain for me:
- How to hook this into the configuration? The current option for
specifying the SMTP-host is a list of servers, like
"smtphost server1,server2/port". One could extend this to something
like "smtphost server1 auth:secret,server2 auth:secret". But it's
not particulary nice.
I would strongly prefer that you *not* have passwords in the invocation
line, as this will tempt people to do insecure things in scripts.
Fetchmail already has code to read .netrc files. Use that -- require your
users to declare their authentication secrets there.
- The internal data-structure for keeping the servers is a "struct
idlist", which is a little bit narrow to also pack username,
password etc. into it, although it might work. The other option
would be to introduce a more elaborate data-structure for that. But
that would mean, that quite a lot of other code must be modified.
I think it would be cleaner to define a new data structure for describing
target servers. I'd welcome a patch that implemented this.
Any bias from anyone? Or should I just go ahead and do it the way I
like it?
It sounds from RFC2554 as though this shouldn't require any new fetchmail
switches. Write your code to trigger on the presence of "Authentication"
in the EHLO response. When fetchmail sees this, it should automatically
mine the appropriate authentication secret out of .netrc and do the
RFC 2554 protocol client thing. The functions already supported for
CRAM-MD5 and other non-password authentication modes to the mailserver
should give you the right building blocks for implementing the analogous
functions when talking to an SMTP server.
--
<a href="http://www.tuxedo.org/~esr/";>Eric S. Raymond</a>
As the Founding Fathers knew well, a government that does not trust its honest,
law-abiding, taxpaying citizens with the means of self-defense is not itself
worthy of trust. Laws disarming honest citizens proclaim that the government
is the master, not the servant, of the people.
-- Jeff Snyder