[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Flexible mail-relay protection

To: zmailer@nic.funet.fi
Subject: Re: Flexible mail-relay protection
From: mea@nic.funet.fi
Date: Fri, 23 Apr 1999 01:08:41 +0300 (EET DST)
In-Reply-To: <19990422213245Z10064-3606+221@nic.funet.fi> from "mea@nic.funet.fi" at Apr 23, 99 00:32:43 am

...
> 	I have tried to look for the M$ specifications about
> 	what the Exchange servers mean with their EHLO
> 	response:
> 		AUTH=LOGIN
> 
> 	If you can find M$ document at it, I would be very gratefull,
> 	indeed.

   IRC is a miracle place -- even when using it only among our "small"
corporate coder and keeper teams in the middle of the night...  There
wasn't M$ document known, but something else to explain RFC 2554:

  http://help.netscape.com/products/server/messaging/3x/info/smtpauth.html

The salient part explaining it all:

S: 220 jimi-hendrix.mcom.com ESMTP server (Netscape Messaging Server - Version 3.0) ready Fri, 2 May 1997 09:38:41 -0700 
C: ehlo jimi 
S: 250-jimi-hendrix.mcom.com 
S: 250 AUTH=LOGIN 
C: auth login 
S: 334 VXNlcm5hbWU6                  base64 "Username:" 
C: bXluYW1l                          base64 "myname" 
S: 334 Uc2VjcmV0                     base64 "Password:" 
C: GFzc3dvcmQ6                       base64 "secret" 
S: 235 Authentication successful

  Ok, so that is plain-text login over the wire, but in systems where
the password is stored in encrypted form that is the best we can do :-/
(I don't count Base64 obfuscation as security; a determined snooper/cracker
 can decode those easily..)

/Matti Aarnio <mea@nic.funet.fi>

References:
- Re: Flexible mail-relay protection
  - From: mea@nic.funet.fi

Prev by Date: Re: Flexible mail-relay protection
Next by Date: RE: how do i stop successful delivery notifications
Prev by thread: Re: Flexible mail-relay protection
Next by thread: unsubscribe zmailer
Index(es):
- Date
- Thread