[Top] [All Lists]

Re: Query Regarding SMTP Authentication

2005-09-19 18:57:53

At 11:07 +0100 on 09/19/2005, Paul Smith wrote about Re: Query Regarding SMTP Authentication:

At 22:45 18/09/2005, Vijayan wrote:

Can any one please tell me abt SMTP authentication.. how to get the
encryption code.. or how to do the authentication..?

also how to find the server, whether it need authentiation or not...?

and what authentication mechanism it follows.. ?

I suggest you read RFC 2554 ( . That will answer these questions.

only with user's mailID and server name can we do authentication...???

You need a 'shared secret' as well (ie password)

If you read 2554 you will note that it provides for the Server to offer a list of methods that the Server supports to allow the Client to supply the Password. This list usually is "PLAIN" and "LOGIN" (and sometimes CRAM-MD5). Depending on how paranoid you are, only CRAM-MD5 is actually secure. The other two methods not only send out a constant (CRAM-MD5 is a one-time encryption) but if someone is monitoring the connection the Password can be extracted from the constant.