stackoom
  简体   繁体   中英

SMTP Mail Server Authentication

 原文  2012-09-04 15:08:38       authentication/ smtp/ mail-server

Question

Can some please describe to me the SMTP authentication in broad terms keeping in mind the below.

When someone asks 'what authentication are you using?'

What are they referring to? Which variant of SMTP protocol like ESMTP and POP-before-SMTP?

How many variants are there? and within those protocols I am reading about things like Auth Mechanisms (Auth login, Auth plain, CRAM-MD 5) ?

Can someone shed some light at a broad level here?

1 answers

solution1
 0 ACCPTED  2012-09-05 07:44:51

There are many layers and many aspects here. There are multiple relevant ESMTP extensions and multiple authentication schemes.

How you connect affects which authentication scheme makes sense. Generally speaking, if you have an encrypted connection, plaintext passwords are unproblematic, because the connection-level encryption takes care of preventing eavesdropping.

If you don't have an encrypted connection, ideally you will not want to transfer the password in any form at all. There are various authentication schemes involving challenge-response mechanisms or session password exchange in order to authenticate securely even over an unencrypted channel.

POP-before-SMTP was at one time popular because there were no adequate standards for authenticating SMTP. These days, it should be considered merely historical, although there are probably still some sites using this mechanism. The idea is to defer authentication to the POP protocol, which requires user authentication anyway; then when the user has authenticated over POP, the SMTP port is also permitted from the same IP address for a limited time. Obviously, if the user doesn't have or want to use POP, this is cumbersome, and some users are on NAT so that the IP address seen by the remote server is not uniquely theirs, but once upon a time, this arrangement fit quite naturally into how people connected to the Internet via dial-up PPP using their own ISP's POP and SMTP services only.

These days, for new systems, the default should be to set up a separate encrypted and authenticated Mail Submission Agent port 587 in accordance with RFC 6409. Some systems run a traditional SMTP server on port 465 over an encrypted channel, but this should be considered a legacy arrangement.

See further http://en.wikipedia.org/wiki/SMTP_Authentication and http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol both of which I relied on heavily for this write-up.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to send a mail directly to SMTP server without authentication? Cannot authenticate to SMTP server with windows authentication Sending mail using Gmail - exception “The SMTP server requires a secure connection” When smtp mail returns a “password not accepted from server” Tomcat/Spring no longer sending emails to SMTP server using authentication Is appuse 2.2.1 possible to use a smtp server which need authentication? SMTP mail sending not working Setting up Mercury Mail Server to require authentication for non-local mail only and not local mail Gmail smtp incorrect authentication SMTP Authentication problem
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM