Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for the optional <initial-reponse> argument to the AUTH LOGIN command #94

Closed
usonianhorizon opened this issue Feb 9, 2024 · 3 comments
Closed

Add support for the optional <initial-reponse> argument to the AUTH LOGIN command #94

usonianhorizon opened this issue Feb 9, 2024 · 3 comments
Labels
enhancement New functionality slated to be implemented someday
Milestone
next-auth

Comments

@usonianhorizon
Copy link

usonianhorizon commented Feb 9, 2024
edited
Loading

According to RFC-4954 (and RFC-2554 before that), the AUTH LOGIN command has an optional <initial-response> argument:

AUTH mechanism [initial-response]

      Arguments:
...
          initial-response: An optional initial client response.
...
          The optional initial response argument to the AUTH command is
          used to save a round-trip when using authentication mechanisms
          that support an initial client response.

When supplied, the SMTP server need not reply with a 334 VXNlcm5hbWU6 but proceed directly with a request for password 334 UGFzc3dvcmQ6

I'd like to request an option be added to SWAKS to use this form of AUTH LOGIN when interacting with SMTP servers.

I have used the recipes at SMTP 101: Manual SMTP Sessions Section 3: TLS to create an expect script to test this version of AUTH LOGIN:

#!/usr/bin/env expect

spawn openssl s_client -connect <smtp_server-fqdn>:587 -crlf -quiet -starttls smtp

expect "250 HELP\r"
send "EHLO <client-name>\r"
expect "250 HELP\r"
send "AUTH LOGIN <base64enc-username>\r"
expect "334 UGFzc3dvcmQ6\r"
send "<base64enc-passwd>\r"
expect "235 2.0.0 Authentication succeeded\r"

which is run after initiating the communications and issuing the STARTTLS command in order to get the SMTP server switch to TLS:

$ telnet <smtp_server-fqdn> 587
Trying <smtp_server-IP>...
Connected to <smtp_server-fqdn>.
Escape character is '^]'.
220 <smtp_server-fqdn> ESMTP OpenSMTPD
EHLO <client-name>
250-<smtp_server-fqdn> Hello <client-name> [<client-IP>]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH LOGIN PLAIN
250-CHUNKING
250-STARTTLS
250 HELP
STARTTLS
220 TLS go ahead
@jetmore jetmore added this to the next-auth milestone Feb 9, 2024
@jetmore jetmore added the enhancement New functionality slated to be implemented someday label Feb 9, 2024
jetmore added a commit that referenced this issue Feb 10, 2024
@jetmore
implement LOGIN-INITIAL auth type #94
1ce5a2e
@jetmore
Copy link
Owner

jetmore commented Feb 10, 2024

@usonianhorizon try this version: https://raw.githubusercontent.com/jetmore/swaks/94-support-login-initial-response/swaks

You would use it the same as you have been, except you specify the auth type LOGIN-INITIAL (--auth LOGIN-INITIAL). Let me know if this works as expected and I'll merge it for the next release

@jetmore jetmore added the feedback waiting for external response label Feb 10, 2024
@usonianhorizon
Copy link
Author

This version worked like a charm!

Transcript enclosed.

swaks-initial-response.log

Regards.

@jetmore jetmore removed the feedback waiting for external response label Feb 10, 2024
@jetmore
Copy link
Owner

jetmore commented Feb 10, 2024

Great, I'll merge it and it will be in the next release. In the mean time you can keep using that dev version

jetmore added a commit that referenced this issue Feb 10, 2024
@jetmore
Merge pull request #95 from jetmore/94-support-login-initial-response
8a05259 
implement LOGIN-INITIAL auth type #94
@jetmore jetmore closed this as completed Feb 10, 2024
@niklasfink niklasfink mentioned this issue Mar 3, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New functionality slated to be implemented someday
Projects
None yet
Milestone
next-auth
Development

No branches or pull requests
2 participants
@jetmore @usonianhorizon