An extension to the
venerable SMTP protocol which allows untrusted internet hosts to
relay mail through a
mailserver, after a successful
challenge-response, described by
RFC 2554.
The problem:
Without
AUTH, a typical
SMTP server (eg the kind your
ISP probably provides to let you send your
email) will not let machines outside the ISP send emails. This means you can't, for example, send mail through your normal
SMTP server while you are travelling, or just using a different ISP.
The solution:
RFC 2554 (interestingly only filed in
March 1999) allows authentication into the SMTP transfer, so that you can relay your messages from anywhere after providing your username and password (typically the same ones you use to retreive your
POP3 mail).
It allows both secure authentication (eg '
CRAM-MD5') and insecure plaintext.
Most
mail tools support it automatically. For example in
Netscape 6/
Mozilla, it's disguised as the option 'always supply username and password' under 'outgoing mail server'.
Take a look at it!
If you're sufficiently bored, you can watch AUTH at work:
- Telnet to a mailserver (how?) on port 25.
- Type 'EHLO your.host.name'
- One of the lines it spits back at you should list the kinds of AUTH supported, eg:
250-AUTH SCRAM-MD5 LOGIN CRAM-MD5 NTLM
- Type 'AUTH CRAM-MD5' (or another style)
- Hit enter a few times, and giggle at the random ascii challenge stuff it's sending you.
- That's it. (I don't know how to authenticate by hand yet - I believe even the plaintext is encoded base64, which is a pain for this example.)
Stay tuned to find out how to set this up with
exim forwarding to a
smart host on a different network (as soon as I figure the silly thing out!)