Re: CSSMTP and AUTH LOGIN smtp command
In 1328881573.60206.yahoomail...@web171202.mail.ir2.yahoo.com, on 02/10/2012 at 01:46 PM, Eric Loriaux eric_lori...@yahoo.fr said: I'm currently trying to use CSSMTP with an SMTP server that will require AUTH LOGIN. Our IBM support saids it is not supported y CSSMTP and indeed it doesn't work. RFC 4954 is half a decade old and RFC 2554 is over a decade old; it is hardly surprising that mail servers are requiring SMTP-AUTH. RFC 4409 and RFC 6409 require a Mail Submission Agent to enforce its use in most cases. It shouldn't be too hard to make a business case if you submit a requirement to IBM. For that purpose, a special command is supposed to be added to the usual SMTP command sequence (just after EHLO command), that is : AUTH LOGIN Be aware that RFC 4954 specifies Note: A server implementation MUST implement a configuration in which it does NOT permit any plaintext password mechanisms, unless either the STARTTLS [SMTP-TLS] command has been negotiated or some other mechanism that protects the session from password snooping has been provided. Server sites SHOULD NOT use any configuration which permits a plaintext password mechanism without such a protection mechanism against password snooping. So even if plaintext is enough for the time being, any requirement you submit to IBM should ask for a full implementation. Have you had the same problem ? Yes. What did you do ? I asked the vendor of my e-mail client to add SMTP-AUTH support. In my case plaintext was adequate, but I wouldn't be surprised if I had to upgrade in the future. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: CSSMTP and AUTH LOGIN smtp command
shmuel+ibm-m...@patriot.net (Shmuel Metz , Seymour J.) writes: So even if plaintext is enough for the time being, any requirement you submit to IBM should ask for a full implementation. related, recent long-winded post in a different mailing list http://www.garlic.com/~lynn/2012b.html#71 Password shortcomings i've been somewhat paranoid for some quite some time ... part of it may have been requirement that IBM required that all links be encrypted ... in the mid-80s, there was claim that over half of link encryptors in the world were on the corporate internal network. misc. past posts mentioning internal network http://www.garlic.com/~lynn/subnetwork.html#internal recent post referencing realizing that there were three kinds of encryption: http://www.garlic.com/~lynn/2012.html#63 Reject gmail semi-related ... old email discussing doing pgp-like email http://www.garlic.com/~lynn/2007d.html#email810506 http://www.garlic.com/~lynn/2006w.html#email810515 -- virtualization experience starting Jan1968, online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: CSSMTP and AUTH LOGIN smtp command
CSSMTP and other TCP/IP applications are discussed on the IBMTCP-L mailing list.IBMTCP-L has over 1100 subscriber To subscribe, send mail to lists...@vm.marist.edu with the command in the e-mail message body: SUBSCRIBE IBMTCP-L Thanks, Mark Regan - Original Message - From: Eric Loriaux eric_lori...@yahoo.fr To: IBM-MAIN@bama.ua.edu Cc: Sent: Friday, February 10, 2012 8:46 AM Subject: CSSMTP and AUTH LOGIN smtp command Hi ! I'm currently trying to use CSSMTP with an SMTP server that will require AUTH LOGIN. Our IBM support saids it is not supported y CSSMTP and indeed it doesn't work. I'm trying currently trying to configure CSSMTP to send its mail to a Microsoft Exchange server using authentification. For that purpose, a special command is supposed to be added to the usual SMTP command sequence (just after EHLO command), that is : AUTH LOGIN YXJpYy5sb3JpZXV4QGItaG9sZGluZy5iZQ== cmljZXRyeP== AUTH LOGIN is a command that allows to be authenticated. It is supposed to be followed by the userid and the password (encoded Base64) on separate lines (don't try to decode the userid / password these are not the correct Base64 strings anyway ;) ) The problem is, when I'm spooling the message it fails. When examining the CSSMTP log I find the following error messages : Error Report for ISYSELOC (JOB42617) Job ISYSELOC/ /COPY (JOB42617) created by MAS1.ISYS180 at Thu, 02 Feb 2012 04:57:01 -0500 For DDname: SYSUT2 Dataset name: ISYS180.ISYSELOC.JOB42617.D102.? CSSMTPT_CSSMTPT generated the following messages: --- Line 2 Mail 0 : AUTH LOGIN 500 5.5.1 JES Unknown command, 'AUTH' --- Line 3 Mail 0 : YXJpYy5sb3JpZXV4QGItaG9sZGluZy5iZQ== 500 5.5.1 JES Unknown command, YXJpYy5sb3JpZXV4QGItaG9sZGluZy5iZQ== --- Line 4 Mail 0 : bmljZXRyeQ== 500 5.5.1 JES Unknown command, cmljZXRyeP== --- Line 5 Mail 1 : Undeliverable mail for eric.lori...@b-holding.be Message-Id: isyseloc.job42617.i...@msnet.railb.be.Feb022012.045701.102.1 Command: MAIL FROM:eric.lori...@b-holding.be Reply : 530 5.7.1 Client was not authenticated Mail was not delivered to the following recipients: eric.lori...@b-holding.be Completed at Thu, 02 Feb 2012 04:57:13 -0500 1 = mail messages found 0 = mail messages with errors 0 = recipients to whom mail was sent successfully 1 = recipients to whom mail messages could not be delivered Disposition of the JES file was HOLD CSSMTP and the test method used works perfectly well when sending emails without authentification to an SMTP server that allows it. Have you had the same problem ? What did you do ? Note : I know TLS allow encryption but this is not exactly what is expected as a solution by the team that manages the Exchange SMTP server Regards, Eric -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
