Vijayan wrote:
my server supports 3 types of authentications
LOGIN, CRAM-MD5 and PLAIN.
The latter shouldn't work without STARTTLS.
for LOGIN and CRAM-MD5 server sends some encrypted data.
Encoded. Base-64. Nothing special, for a nice example see
<http://www.technoids.org/saslmech.html>
"LOGIN" is no SASL mechanism, and "PLAIN" must not be used
outside of TLS, that leaves "CRAM-MD5" for ESMTPA in your
scenario.
what to do with this encrypted data..??
For "CRAM-MD5" read the proposed standard (RfC 2195), it has
an example for IMAP. If you're looking for some code I can
offer a REXX MD5 test suite (it also includes OTP and some
DIGEST-MD5 tests, but not the new I18N stringprep stuff):
<http://purl.net/xyzzy/src/md5.cmd>
any other mechanisms available that which SMTP Servers can
support??
Sure, problem is that clients (MUAs) won't support it. For
ESMTPA "CRAM-MD5" is the only game in town. If that's not
good enough for your purposes you need ESMTPSA (S = secure),
or in other words TLS + PLAIN.
Bye, Frank
http://tools.ietf.org/html/2195