This config will describe a procedure to login to SMTP server using AUTH DIGEST-MD5 CRAM-MD5 encryption authentication method via telnet. First, we need to install all prerequisites:
# apt-get install telnet sasl2-bin
Using telnet command we will connect to SMTP server. The sasl2-bin
package contains gen-auth
command which we will use to generate our BASE64 encoded response to server’s authentication challenge. Lets’ start by using telnet
command to connect to our server:
$ telnet 10.1.1.11 25 Trying 10.1.1.11... Connected to 10.1.1.11. Escape character is '^]'. 220 mail.localhost.localdomain ESMTP Postfix (Ubuntu)
We are now connected. The next step is to check what authentication methods are supported by the server:
EHLO testing 250-mail.localhost.localdomain 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-c 250-AUTH=DIGEST-MD5 CRAM-MD5 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
From the above output we can see that the server is capable of AUTH DIGEST-MD5 CRAM-MD5
login authentication. When using AUTH DIGEST-MD5 CRAM-MD5
authentication method no plain password is exchanged between server and client. Instead, the server generates a one-time BASE64 encoded “challenge” to the client. Let’s first generate a challenge question:
AUTH CRAM-MD5 334 PDU3NjQ0Mzc2Mi4zMjkwNzRAbWFpbC5saW51eGNvbnN1bHRpbmcuY29tLmF1Pg==
Now using a separate terminal we will use gen-auth
command to generate response using authentication method, username and password as arguments:
# gen-auth CRAM-MD5 lubos@localhost.localdomain mypassword challenge: PDU3NjQ0Mzc2Mi4zMjkwNzRAbWFpbC5saW51eGNvbnN1bHRpbmcuY29tLmF1Pg== bHVib3NAbGludXhjb25zdWx0aW5nLmNvbS5hdSBiZWY2Mjk3OGY0OWUyN2E1NmJhMjMyNTJkMmZlNTc4MA==
Next, we simply reply with the BASE64 encoded encoded string generated by gen-auth
command:
AUTH CRAM-MD5 334 PDU3NjQ0Mzc2Mi4zMjkwNzRAbWFpbC5saW51eGNvbnN1bHRpbmcuY29tLmF1Pg== bHVib3NAbGludXhjb25zdWx0aW5nLmNvbS5hdSBiZWY2Mjk3OGY0OWUyN2E1NmJhMjMyNTJkMmZlNTc4MA== 235 2.7.0 Authentication successful