cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: AUTH LOGIN with SMTP

From: Steve Holme <steve_holme_at_hotmail.com>
Date: Thu, 15 Mar 2012 14:03:49 +0000

Hi Gokhan,

> Based on my analysis on a reported issue, it is looking that curl does not
> handle AUTH LOGIN as cleverly as it could.

That's correct... Libcurl always sends the initial response in the AUTH command when in fact this is optional.

> I searched a bit but could not find an RFC corresponding to "AUTH LOGIN"
> method although there are RFCs for AUTH PLAIN, AUTH CRAM-MD5 and
> AUTH DIGEST-MD5.

I think it is mentioned in RFC-2554 but it is also described here for AUTH NTLM as well:

http://curl.haxx.se/rfc/ntlm.html#ntlmSmtpAuthentication

As a side note, this page states "However, this did not appear to work properly when tested against Exchange.", I can verify that the AUTH NTLM command may be sent with or without the initial response in Exchange Server 2010.

Daniel: Are you able to update this page to reflect the change in later versions of Exchange? I appreciate that the page is currently a mirror of what's on: http://davenport.sourceforge.net

> So, how do you see this picture? My experience with the "another SMTP client"
> (above) seemed a better approach to me if there is no RFC describing what is
> good for all of us.

I implemented a fix for this as part of the AUTH NTLM work I did last summer, unfortunately, that part never made it into the SMTP module as a new CURLOPT couldn't be warranted at the time.

I am open to suggestions of ways to implement a "Send AUTH command with initial response" flag and then I can implement the fix - as it is a really simple one or two line change ;-)

Kind Regards

Steve

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-03-15