At 11:07 +0100 on 09/19/2005, Paul Smith wrote about Re: Query
Regarding SMTP Authentication:
At 22:45 18/09/2005, Vijayan wrote:
Sir,
Can any one please tell me abt SMTP authentication.. how to get the
encryption code.. or how to do the authentication..?
also how to find the server, whether it need authentiation or not...?
and what authentication mechanism it follows.. ?
I suggest you read RFC 2554 (http://www.faqs.org/rfcs/rfc2554.html)
. That will answer these questions.
only with user's mailID and server name can we do authentication...???
You need a 'shared secret' as well (ie password)
If you read 2554 you will note that it provides for the Server to
offer a list of methods that the Server supports to allow the Client
to supply the Password. This list usually is "PLAIN" and "LOGIN" (and
sometimes CRAM-MD5). Depending on how paranoid you are, only CRAM-MD5
is actually secure. The other two methods not only send out a
constant (CRAM-MD5 is a one-time encryption) but if someone is
monitoring the connection the Password can be extracted from the
constant.