Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

SMTP Authentication Solution (for Microsoft Exchange at least)

 [1/1] from: gjones05::mail::orion::org at: 21-Apr-2001 12:26


Nick Kitson previously requested in formation on SMTP authorization support in REBOL. Feedback indicated that it is not currently supported, but encouraged one of us to give it a go. As explained earlier by Holger, "There are five different incompatible formats, not all of which are documented...We will probably add support in the next Core release." Nick's server apparently uses Microsoft Exchange server, and as promised, there is indeed remarkably little documented about accessing SMTP through authentication. A Microsoft knowledge base article recommends disabling authentication at increased security if non-Microsoft clients must be used. I found nothing else officially nor unoffically through several www searches and newsgroup archive searches (yes, google finally has reopened archive searches of the old deja archives!!). I was about to give up, but with Nick's cool logical assessment of what must be true and his gentle encouragment, I persisted. Using several RFC's and a telnet session, here's what I uncovered is Microsoft's scheme. Telnet transcript with comments added S: = "server" C: = "client" S: 220-my-smtp.mail.dom Microsoft SMTP MAIL ready at Sat, 21 Apr 2001 02:04:43 +0 S: 800 Version: 5.5.1877.467.46 S: 220 ESMTP spoken here C: EHLO my-client-host-url #ESMTP recommends this version of HELO, #but Microsoft Exchange will respond to either #however, it does not give the recommended response to HELO, #it gives different and non-standard server repsonse, #but authorization can still proceed S: 250-my-smtp.mail.dom Hello [x.x.x.x] S: 250-AUTH=LOGIN S: 250-AUTH MBS_BASIC LOGIN S: 250-AUTH=MBS_BASIC LOGIN S: 250-SIZE 10485760 S: 250-ETRN S: 250-PIPELINING S: 250-8bitmime S: 250-TURN S: 250 ATRN C: AUTH LOGIN #I believe the client can choose which method from the list above #I arbitrarily chose "LOGIN", which seems to only require base #64 encoding, which is good news. I could find *no* documentation #for MBS_BASIC S: 334 VXNlcm5hbWU6 C: xxxxxxxxxxxx #base 64 encoding of user name (real encoding left off intentionally) S: 334 UGFzc3dvcmQ6 C: xxxxxxxx #base 64 encoding of user password (real encoding left off intentionally) S: 235 Authentication successful That was the hard part, at least for me. I made a blind stab as to the method of encoding based on how Microsoft's FTP server authenticates, namely base 64 encoding. It worked. It was remarkably simple to make a quick hacks of RT's 'smtp scheme and 'send function to check to see if it worked, and it did. So I spent a little more time deciding how to avoid protocol and command conflicts and how to request the authenticating username and password. Here is what I derived. I left tabs in; sorry if your client doesn't expand tabs. After you copy the info, the tabs should still be there. Following are the two files named esmtp.r and esend.r. The scripts document where changes where made to RT code, and why. REBOL [ Title: "esmtp scheme" Author: "Rebol Technologies, with modifications by G. Scott Jones" Email: [gjones05--mail--orion--org] Date: 21-Apr-2001 File: %esmtp.r Version: 0.1.0 Purpose: "A modified, extended version of smtp scheme" History: [ 0.1.0 [21-Apr-2001 "Modified RT 'system/schemes/smtp" "GSJ"] ] Comment: {The bulk of this code is simply a copy of Rebol Technolgies' code in /Core 2.5.0.3.1. The only changes I made are as follows. I changed the name of the scheme to 'esmtp, which was an arbitrary choice. I added additional check pairs in the open-check block to handle Microsoft's Exchange Server's SMTP authentication scheme. On first use, I added prompts requesting for the authenticating username and password. These are stored in memory for current session only for subsequent use. These are passed to smtp server using base 64 encoding. I chose to use separate function name and scheme inorder to avoid incompatibilty or confusion with Rebol Techologies' current or future implementations. This version is known to work with Microsoft Exchange Server 5.5, using base 64 encoded authentication. --Scott Jones (21-Apr-2001) } Usage: {Place this file in your REBOL directory, along with a copy of esend.r. At either the interpreter prompt or the user.r file, type: do %esmtp.r do %esend.r ;separate file Then use 'esend as you would use 'send. The first time the function is used, you will be prompted for the smtp authentication username and password. These values are stored in clear text in the current REBOL session for later usage, but the values are not saved to disk for security reasons. } ] system/schemes: make system/schemes [ ESMTP: make object! [ scheme: 'ESMTP host: none port-id: 25 user: none pass: none target: none path: none proxy: make object! [ host: none port-id: none user: none pass: none type: none bypass: none ] access: none allow: none buffer-size: none limit: none handler: make object! [ port-flags: 524288 ;added additional pairs open-check: [none "220" ["EHLO" system/network/host] "250" "AUTH LOGIN" 334 (enbase/base port/user 64) "334" (enbase/base port/pass 64) "235"] close-check: ["QUIT" "221"] write-check: [none "250"] init: func [ "Parse URL and/or check the port spec object" port "Unopened port spec" spec {Argument passed to open or make (a URL or port-spec)} /local scheme ][ if url? spec [net-utils/url-parser/parse-url port spec] scheme: port/scheme port/url: spec if none? port/host [ net-error reform ["No network server for" scheme "is specified"] ] if none? port/port-id [ net-error reform ["No port address for" scheme "is specified"] ] ] open: func [ {Open the socket connection and confirm server response.} port "Initalized port spec" /locals sub-port data in-bypass find-bypass bp ][ net-utils/net-log ["Opening tcp for" port/scheme] if not system/options/quiet [print ["connecting to:" port/host]] find-bypass: func [host bypass /local x] [ if found? host [ foreach item bypass [ if all [x: find/match/any host item tail? x] [return true] ] ] false ] in-bypass: func [host bypass /local item x] [ if any [none? bypass empty? bypass] [return false] if not tuple? load host [host: form system/words/read join dns:// host] either find-bypass host bypass [ true ] [ host: system/words/read join dns:// host find-bypass host bypass ] ] either all [port/proxy/host bp: not in-bypass port/host port/proxy/bypass find [socks4 socks5 socks] port/proxy/type] [ port/sub-port: net-utils/connect-proxy port 'connect ] [ sub-port: system/words/open/lines [ scheme: 'tcp host: either all [port/proxy/type = 'generic bp] [port/proxy/host] [port/proxy/host: none port/host] user: port/user pass: port/pass port-id: either all [port/proxy/type = 'generic bp] [port/proxy/port-id] [port/port-id] ] port/sub-port: sub-port ] port/sub-port/timeout: port/timeout ;added prompts to obtain authenticated username and password and store either user = none [ user: port/user: ask "Enter SMTP authentication username: " ][ port/user: user ] either pass = none [ pass: port/pass: ask "Enter SMTP authentication password: " ][ port/pass: pass ] port/sub-port/user: port/user port/sub-port/pass: port/pass port/sub-port/path: port/path port/sub-port/target: port/target net-utils/confirm/multiline port/sub-port open-check port/state/flags: port/state/flags or port-flags ] open-proto: func [ {Open the socket connection and confirm server response.} port "Initalized port spec" /locals sub-port data in-bypass find-bypass bp ][ net-utils/net-log ["Opening tcp for" port/scheme] if not system/options/quiet [print ["connecting to:" port/host]] find-bypass: func [host bypass /local x] [ if found? host [ foreach item bypass [ if all [x: find/match/any host item tail? x] [return true] ] ] false ] in-bypass: func [host bypass /local item x] [ if any [none? bypass empty? bypass] [return false] if not tuple? load host [host: form system/words/read join dns:// host] either find-bypass host bypass [ true ] [ host: system/words/read join dns:// host find-bypass host bypass ] ] either all [port/proxy/host bp: not in-bypass port/host port/proxy/bypass find [socks4 socks5 socks] port/proxy/type] [ port/sub-port: net-utils/connect-proxy port 'connect ] [ sub-port: system/words/open/lines [ scheme: 'tcp host: either all [port/proxy/type = 'generic bp] [port/proxy/host] [port/proxy/host: none port/host] user: port/user pass: port/pass port-id: either all [port/proxy/type = 'generic bp] [port/proxy/port-id] [port/port-id] ] port/sub-port: sub-port ] port/sub-port/timeout: port/timeout port/sub-port/user: port/user port/sub-port/pass: port/pass port/sub-port/path: port/path port/sub-port/target: port/target net-utils/confirm/multiline port/sub-port open-check port/state/flags: port/state/flags or port-flags ] close: func [ {Quit server, confirm and close the socket connection} port "An open port spec" ][ port: port/sub-port net-utils/confirm port close-check system/words/close port ] write: func [ {Default write operation is a command, so check handshake.} port "An open port spec" data "Data to write" /local here ][ port: port/sub-port either here: find/match data "DATA" [ net-utils/confirm port data-check insert port here insert port "." ] [ net-utils/net-log data insert port data ] net-utils/confirm port write-check ] read: func [ port "An open port spec" data "A buffer to use for the read" ][ net-utils/net-log ["low level read of " port/state/num "bytes"] read-io port/sub-port data port/state/num ] get-sub-port: func [ port "An open port spec" ][ port/sub-port ] awake: func [ prot "An open port spec" ][ none ] get-modes: func [ port "An open port spec" modes "A mode block" ][ system/words/get-modes port/sub-port modes ] set-modes: func [ port "An open port spec" modes "A mode block" ][ system/words/set-modes port/sub-port modes ] data-check: ["DATA" "354"] ] status: none size: none date: none url: none sub-port: none locals: none state: none timeout: none local-ip: none local-service: none remote-service: none last-remote-service: none direction: none key: none strength: none algorithm: none block-chaining: none init-vector: none padding: none async-modes: none remote-ip: none local-port: none remote-port: none backlog: none device: none speed: none data-bits: none parity: none stop-bits: none rts-cts: true user-data: none awake: none passive: none cache-size: 5 ] ] Second file code: REBOL [ Title: "esend - smtp client" Author: "Rebol Technologies, with modifications by G. Scott Jones" Email: [gjones05--mail--orion--org] Date: 21-Apr-2001 File: %esend.r Version: 0.1.0 Purpose: "A modified version of 'send for ESMTP" History: [ 0.1.0 [21-Apr-2001 "Modified RT 'send" "GSJ"] ] Comment: {The bulk of this code is simply a copy of Rebol Technolgies' code in /Core 2.5.0.3.1. The only changes I made are as follows. I changed the name of the function in order to distinquish this version of 'send that uses an extended smtp scheme from the original. The additional change is that 'esend uses 'esmtp scheme, which is located in a separate file. I chose to use separate function name and scheme inorder to avoid incompatibilty or confusion with Rebol Techologies' current or future implementations. This version is known to work with Microsoft Exchange Server 5.5, using base 64 encoded authentication. --Scott Jones (21-Apr-2001) } Usage: {Place this file in your REBOL directory, along with a copy of esmtp.r. At either the interpreter prompt or the user.r file, type: do %esmtp.r ;separate file do %esend.r Then use 'esend as you would use 'send. The first time the function is used, you will be prompted for the smtp authentication username and password. These values are stored in clear text in the current REBOL session for later usage, but the values are not saved to disk for security reasons. } ] esend: func [ {Send a message to an address (or block of addresses)} address [email! block!] "An address or block of addresses" message "Text of message. First line is subject." /only "Send only one message to multiple addresses" /header "Supply your own custom header" header-obj [object!] "The header to use" /local smtp-port content do-send ][ do-send: func [port data] [ foreach item reduce data [ if string? item [replace/all item "^/." "^/.."]] insert port reduce data ] smtp-port: open [scheme: 'esmtp] if email? address [address: reduce [address]] message: content: either string? message [copy message] [mold message] if not header [ header-obj: make system/standard/email [ subject: copy/part message any [find message newline 50] ] ] if none? header-obj/from [ if none? header-obj/from: system/user/email [net-error "Email header not set: no from address"] ] if none? header-obj/to [header-obj/to: make string! 20] if none? header-obj/date [header-obj/date: to-idate now] either only [ do-send smtp-port ["MAIL FROM: <" header-obj/from ">"] foreach addr address [ if email? addr [ do-send smtp-port ["RCPT TO: <" addr ">"] ] ] insert insert message net-utils/export header-obj newline do-send smtp-port ["DATA" message] ][ foreach addr address [ if email? addr [ do-send smtp-port ["MAIL FROM: <" header-obj/from ">"] do-send smtp-port ["RCPT TO: <" addr ">"] head insert clear header-obj/to addr remove/part message content content: insert message net-utils/export header-obj content: insert content newline do-send smtp-port ["DATA" message] ] ] ] close smtp-port ] I suggest saving these files in the rebol install directory. The headers document how the files can be loaded from the interpreter prompt or from the user.r file on start-up. Then you simply use the command esend as you would use send. Example: esend [luke--rebol--com] "Hello, Luke" Upon using the command for the first time, you will be prompted to supply your authenticating user name and password. These are saved in memory for the session, but are not saved to disk for security reasons. I hope this description has been helpful to those looking for an SMTP authentication work-around and helpful to RT as a starting point on developing a more robust solution for a future release. --Scott Jones