[Top] [All Lists]

Re: Proprietary or non-standard SMTP AUTH mechanisms

2012-01-12 14:47:48

We have a few proprietary SMTP AUTH mechanism. The design goal was to lower the development overhead for coding the standard mechanisms, or the need for encryption and SSL libraries for our proprietary mail/user clients. For an example, the GUI Frontend Navigator client:

provided by our operators to their users, uses an internal SMTP AUTH mechanism to send mail to its online backend connected local server only. In the past, only IP was used, but with dynamic IPs or mail bot clients moved around, SMTP AUTH helps here.

Murray S. Kucherawy wrote:
Are there any known proprietary or other non-standard SMTP AUTH mechanisms that 
deviate from the syntax specified un RFC4954?

For example, is there an unofficial SMTP AUTH mechanism that allows unencoded 
binary data in the challenges or responses?  A vendor controlling both the 
client and the server could get away with something like that, but something 
standards-based analyzing that traffic might be confused by it.



Hector Santos
jabber: hector(_at_)jabber(_dot_)isdg(_dot_)net