Hello Folks,

Based on my analysis on a reported issue, it is looking that curl does not
handle AUTH LOGIN as cleverly as it could.

According to the traces I get with a specific SMTP server, curl is sending
base64 encoded user name with command "AUTH LOGIN <base64>" to the server.

- When the server is smart enough, it understands that we have sent him the
base64 encoded user name and it sends us "334 UGFzc3dvcmQ6" meaning "334
Password:". Then we sent him the base64 encoded password of user and
authentication proceeds well.

However:
- When the server is not smart enough, it may ignore the last part of "AUTH
LOGIN" and send us "334 VXNlcm5hbWU6" meaning "334 Username:", afterwards
we send him the password and rest does not happily end.

Attempt with another SMTP client (other than curl), issue is developing
like below.

- Client sends only "AUTH LOGIN", server sends "334 Username:", client
sends username, then server sends "334 Password:" then client sends
password.

I searched a bit but could not find an RFC corresponding to "AUTH LOGIN"
method although there are RFCs for AUTH PLAIN, AUTH CRAM-MD5 and AUTH
DIGEST-MD5.

So, how do you see this picture? My experience with the "another SMTP
client" (above) seemed a better approach to me if there is no RFC
describing what is good for all of us.

Thanks.

-- 
it is twice as difficult to debug a program as to write it. Therefore, if
you put all of your creativity and effort into writing the program, you are
not smart enough to debug it.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-03-15