Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6444
  • Last Modified:

SMTP-auth via telnet

hi there

im coding an smtp client in java and need to find out how to send SMTP authentication to servers. i know its a base64 encoded challenge / response - i just dont know what to send it! ive looked through the rfc 2554 but cant find it (maybe ive been working on this too long and have overlooked it).

can anyone help?

thanks in advance
0
grimkin
Asked:
grimkin
  • 2
  • 2
1 Solution
 
dansotoCommented:
Link to SMTP commands...

http://www.the-welters.com/professional/smtp.html


Link to sample Java App using these commands..

http://www.objectsfusion.com/applets/applets/guestbooksource.html

Is this what you are looking for?

Dan Soto
New Orleans, LA
0
 
grimkinAuthor Commented:
hi,

thanks for your comments. i already have the smtp client coded as far as simple smtp goes, what im looking for is information on how to code the SMTP-AUTH commands.
e.g.

client: EHLO myHost

server: 250-smtp.foobar.com Pleased to meet you
server: 250-ETRN
server: 250-STARTTLS
server: 250-HELP
server: 250-EXPN
server: 250-PIPELINING
server: 250-8BITMIME
server: 250-DSN
server: 250-AUTH LOGIN
server: 250-AUTH=LOGIN
server: 250 SIZE 10485760

client: auth login

server: 334 VXNlcm5hbWU6  <-- some kind of base64 challenge

and thats as far as i get, as im not sure what to do next to authorise/what kind of response to send. all ideas appreciated!
0
 
dansotoCommented:
Interesting reading in some articles I just went through.  Anyways, here's what I can gather from http://www.jonfullmer.com/smtpauth/ ......

What you are supposed to send next is the base64 encoded username.  Then after it's response (in base64), the encoded password.  This site includes links to base64 coders and decoders as well as some other useful info.  I think this may get you on your way.

Let me know if this helps.

Dan Soto
New Orleans, LA
0
 
mwaremanCommented:
Connect
SEND   EHLO domain.com
250
SEND   AUTH LOGIN
334
SEND   username
334
SEND   password
235
<You are now authenticated>
SEND   MAIL FROM etc...etc..


The trick is - the Username AND the Password need to be Base64 encoded...

I found code to do the Base64 at http://www.di-mgt.com.au/crypto.html.

Hope this helps...

Michael.
0
 
grimkinAuthor Commented:
hi guys,

both of these comments helped and both gave links to really good resources ...

errr how do i accept both answers ?!?
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now