Article delegate-en <_A4872@delegate-en.ML_>
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[delegate-en/4872] [Reference:<_A4776@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: SMTP AUTH LOGIN
13 Jul 2010 16:20:25 GMT =?iso-8859-1?Q?Jes=FAs_DIEGO_FERN=C1NDEZ?= <pu4jabdyi.ml@ml.delegate.org>


Mr Sato,

Thanks to your action with 9.9.7 (AUTH LOGIN) we have been able to deploy Delegate as a gateway between simple smtp clients and SSL+Auth BPOS email server. We just finished the stress tests and the results have been very satisfactory.

We only found one problem:
- When using SMTP with TLS and AUTH-LOGIN, Delegate sends two consecutive EHLO commands to the server. One after the TLS negotiation (to refresh the EHLO, mandatory by rfc) and one before the login command.
- The BPOS smtp server has a protection against "abusive clients": it delays 5 second the answer of the consecutive EHLO commands.
- The result was that each email had an extra delay of 5 seconds during the connection.

We solved it with a workaround: commenting-out the 3 lines where you preserve/clear/restore the EHLO cache:

static int doAUTH_LOGIN_SV(PCStr(myhost),FILE *log,FILE *ts,FILE *fs,PVStr(resp)){
/*         const char *cache = EHLO_cache;*/
            int doauth = SMTP_doauth;
            IStr(caps,4*1024);
            const char *dp;

/*         EHLO_cache = 0; */
            SMTP_doauth = 0;
            HELO_withSV("EHLO",myhost,log,ts,fs,AVStr(caps));
/*         EHLO_cache = cache; */
            SMTP_doauth = doauth;

            lineScan(caps,resp);
            if( strstr(caps,"250-AUTH") ){
                        if( strstr(caps,"LOGIN") ){
                                   return 1;
                        }
            }
            return 0;
}


Of course this is only a good workaround if the connection is explicit TLS, which is our case; I am sure that, in other situations, the modification could have an impact (if not, you would not have bothered to preserve the EHLO cache).

Please consider in future releases a definitive solution to this problem. For the moment we will stick to version 9.9.7-modified.

Regards,

Jesús Diego.

-----Original Message-----
From: Yutaka Sato [mailto:feedback@delegate.org] 
Sent: Tuesday, March 30, 2010 6:19 AM
To: feedback@delegate.org
Cc: Jesús DIEGO FERNÁNDEZ
Subject: Re: [DeleGate-En] SMTP AUTH LOGIN

Hi,

In message <_A4775@delegate-en.ML_> on 03/30/10(02:44:15)
you =?iso-8859-1?Q?Jes=FAs_DIEGO_FERN=C1NDEZ?= <pu4jabdyi.ml@ml.delegate.org> wrote:
 |We were planning to use Delegate to send emails from internal machines (no-ssl, no-authentication) to BPOS. However we are facing a problem:
 |
 |-          BPOS smtp service only supports AUTH LOGIN function after STARTTLS (no support for AUTH PLAIN even if the RFC says that it must).
 |
 |-          Delegate only supports AUTH PLAIN when acting as a client (the source code of SMTP_sendMYAUTH is clear about it).
 |
 |Questions:
 |-          Can we expect to get support for AUTH LOGIN in future releases?
 |-          If not, any suggested workaround?

When I implemented it about 7 years ago, AUTH PLAIN was the only method 
available in any server implementation of SMTP-AUTH (even without EHLO).
So I coded so.  Now I'll extend it as the enclosed patch to do AUTH LOGIN
if it is listed in the response to EHLO.
I uploaded 9.9.7-pre37 with the patch applied (and 9.9.7 to be released
in this month).

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

*** dist/src/delegate9.9.7-pre36/src/smtp.c	Wed Mar 24 09:24:37 2010
--- ./src/smtp.c	Tue Mar 30 12:37:19 2010
***************
*** 1467,1472 ****
--- 1467,1520 ----
  	return 0;
  }
  
+ int strtoB64(PCStr(str),int slen,PVStr(b64),int bsiz,int withnl);
+ static int SMTP_authLOGIN(Connection *Conn,FILE *log,FILE *ts,FILE *fs,PCStr(auth),PVStr(resp)){
+ 	IStr(user,128);
+ 	IStr(pass,128);
+ 	IStr(userb,256);
+ 	IStr(passb,256);
+ 	int code;
+ 
+ 	fieldScan(auth,user,pass);
+ 	strtoB64(user,strlen(user),AVStr(userb),sizeof(userb),0);
+ 	strtoB64(pass,strlen(pass),AVStr(passb),sizeof(passb),0);
+ 
+ 	SMTP_putserv(log,fs,ts,BVStr(resp),"AUTH LOGIN\r\n");
+ 	if( (code = atoi(resp)) != 334 ){
+ 		return code;
+ 	}
+ 
+ 	SMTP_putserv(log,fs,ts,BVStr(resp),"%s\r\n",userb);
+ 	if( (code = atoi(resp)) != 334 ){
+ 		return code;
+ 	}
+ 
+ 	SMTP_putserv(log,fs,ts,BVStr(resp),"%s\r\n",passb);
+ 	if( (code = atoi(resp)) != 235 ){
+ 		return code;
+ 	}
+ 	return code;
+ }
+ static int doAUTH_LOGIN_SV(PCStr(myhost),FILE *log,FILE *ts,FILE *fs,PVStr(resp)){
+ 	const char *cache = EHLO_cache;
+ 	int doauth = SMTP_doauth;
+ 	IStr(caps,4*1024);
+ 	const char *dp;
+ 
+ 	EHLO_cache = 0;
+ 	SMTP_doauth = 0;
+ 	HELO_withSV("EHLO",myhost,log,ts,fs,AVStr(caps));
+ 	EHLO_cache = cache;
+ 	SMTP_doauth = doauth;
+ 
+ 	lineScan(caps,resp);
+ 	if( strstr(caps,"250-AUTH") ){
+ 		if( strstr(caps,"LOGIN") ){
+ 			return 1;
+ 		}
+ 	}
+ 	return 0;
+ }
  static int SMTP_sendMYAUTH(Connection *Conn,FILE *log,FILE *ts,FILE *fs)
  {	CStr(authb,256);
  	const char *ap;
***************
*** 1483,1488 ****
--- 1531,1544 ----
  		if( gethostNAME(fileno(ts),AVStr(myhost)) <= 0 )
  			gethostname(myhost,sizeof(myhost));
  		getFQDN(myhost,AVStr(myhost));
+ 
+ 		if( doAUTH_LOGIN_SV(myhost,log,ts,fs,AVStr(resp)) ){
+ 			SMTP_authLOGIN(Conn,log,ts,fs,authb,AVStr(resp));
+ 			if( atoi(resp) == 235 ){
+ 				return 0;
+ 			}
+ 		}
+ 
  		SMTP_putserv(log,fs,ts,AVStr(resp),"EHLO %s\r\n",myhost);
  		if( atoi(resp) != 250 ){
  			return -1;

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V