next page page above previous page

Next: SMTP Authentication Up: Lecture 6 Previous: SMTP Service Extensions

SMTP Security

SMTP service extensions support

Transport layer security can be invoked as follows:

STARTTLS
220 TLS go ahead

Client communicates subsequent SMTP requests using TLS (SSL).

Authentication

RFC 2554 defines several SMTP service extensions for authentication.

Most widely used scheme solicits username and password in base64:

220 ex4.mail.win.hw.ac.uk Microsoft ESMTP MAIL Service
EHLO macs.hw.ac.uk
250-PIPELINING
250-AUTH=LOGIN
 ...
250 OK
AUTH LOGIN
334 VXNlcm5hbWU6
aHVtYmVydAo=
334 UGFzc3dvcmQ6
UXVpbHR5Cg==
235 Authentication successful.

where base64 encoded strings mean:

VXNlcm5hbWU6Username:
aHVtYmVydAo=humbert
UGFzc3dvcmQ6Password:
UXVpbHR5Cg==Quilty
Lecture 6XHTML 1.0Slide 5