|
|
msg40365 - (view) |
Author: Gerhard Häring (ghaering) *  |
Date: 2002-06-21 10:27 |
Unfortunately, my original SMTP auth patch doesn't work
so well in real life. There are two methods to
advertise the available auth methods for SMTP servers:
old-style: AUTH=method1 method2 ...
RFC style: AUTH method1 method2
Microsoft's MUAs are b0rken in that they only
understand the old-style method. That's why most SMTP
servers are configured to advertise their
authentication methods in old-style _and_ new style.
There are also some especially broken SMTP servers like
old M$ Exchange servers that only show their auth
methods via the old style.
Also the (sadly but true) very widely used M$ Exchange
server only supports the LOGIN auth method (I have to
use that thing at work, that's why I came up with this
patch). Exchange also supports some other proprietary
auth methods (NTLM, ...), but we needn't care about these.
My argument is that the Python SMTP AUTH support will
get a lot more useful to people if we also support
1) the old-style AUTH= advertisement
2) the LOGIN auth method, which, although not
standardized via RFCs and originally invented by
Netscape, is still in wide use, and for some servers
the only method to use them, so we should support it
Please note that in the current implementation, if a
server uses the old-style AUTH= method, our SMTP auth
support simply breaks because of the esmtp_features
parsing.
I'm randomly assigning this patch to Barry, because
AFAIK he knows a lot about email handling. Assign
around as you please :-)
|
|
msg40366 - (view) |
Author: Gerhard Häring (ghaering) * |
Date: 2002-06-21 10:43 |
Logged In: YES
user_id=163326
This also includes a slightly modified version of patch #552605.
Even better would IMO be to add an additional parameter to
base64.encode* and the corresponding binascii functions that
avoids the insertion of newline characters.
|
|
msg40367 - (view) |
Author: Jason R. Mastaler (jasonrm) |
Date: 2002-06-22 03:53 |
Logged In: YES
user_id=85984
A comment on the old-style advertisement.
You say that Microsoft's MUAs only understand the
old-style method. I haven't found this to be the case.
tmda-ofmipd is an outgoing SMTP proxy that supports
SMTP authentication, and I only use the RFC style
advertisement. This works perfectly well with MS
clients like Outlook 2000, and Outlook Express 5.
Below is an example of what the advertisement looks
like.
BTW, no disagreement about supporting the old-style
advertisement in smtplib, as I think it's prudent, just
making a point.
# telnet aguirre 8025
Trying 172.18.3.5...
Connected to aguirre.la.mastaler.com.
Escape character is '^]'.
220 aguirre.la.mastaler.com ESMTP tmda-ofmipd
EHLO aguirre.la.mastaler.com
250-aguirre.la.mastaler.com
250 AUTH LOGIN CRAM-MD5 PLAIN
QUIT
221 Bye
Connection closed by foreign host.
|
|
msg40368 - (view) |
Author: Martin v. Löwis (loewis) * |
Date: 2002-06-30 15:41 |
Logged In: YES
user_id=21627
I cannot understand why the behaviour of MS MUAs is relevant
here at all; smtplib only talks to MTAs (or MSAs).
If MTAs advertise the AUTH extension in the new syntax in
addition to the old syntax, why is it not good to just
ignore the old advertisement? Can you point to a specific
software package (ideally even a specific host) which fails
to interact with the current smtplib correctly?
|
|
msg40369 - (view) |
Author: Barry A. Warsaw (barry) * |
Date: 2002-06-30 15:59 |
Logged In: YES
user_id=12800
Martin, (some? most?) MUAs post messages by talking directly
to their outgoing SMTPd, so that's probably why Gerhard
mentions it.
On the issue of base64 issue, see the comment in bug
#552605, which I just took assignment of. I'll deal with
both these bug reports soon.
|
|
msg40370 - (view) |
Author: Martin v. Löwis (loewis) * |
Date: 2002-06-30 16:20 |
Logged In: YES
user_id=21627
I still cannot see why support for the old-style AUTH lines
is necessary. If all SMTPds announce their supported
mechanisms with both syntaxes, why is it then necessary to
even look at the old syntax?
I'm all for adding support for the LOGIN method.
|
|
msg40371 - (view) |
Author: Gerhard Häring (ghaering) * |
Date: 2002-06-30 21:14 |
Logged In: YES
user_id=163326
Martin,
the reason why we need to take into account both old and
RFC-style auth
advertisement is that there are some smtp servers, which
advertise different
auth mechanisms in the old vs. RFC-style line. In
particular, the MS Exchange
server that I have to use at work and I think that this is
even the default
configuration of Exchange 2000. In my case, it advertises
its LOGIN method only
in the AUTH= line.
I'll shortly upload a patch that takes this into account.
|
|
msg40372 - (view) |
Author: Gerhard Häring (ghaering) * |
Date: 2002-06-30 22:34 |
Logged In: YES
user_id=163326
Updated patch. Changes to the previous patch:
- Use email.base64MIME.encode
to get rid of the added
newlines.
- Merge old and RFC-style auth methods
in self.smtp_features instead of
parsing old-style auth lines
seperately.
- Removed example line for changing auth
method priorities (we won't list all
permutations of auth methods ;-)
- Removed superfluous logging call of
chosen auth method.
- Moved comment about SMTP features
syntax into the right place again.
|
|
msg40373 - (view) |
Author: Martin v. Löwis (loewis) * |
Date: 2002-07-17 13:39 |
Logged In: YES
user_id=21627
That existing SMTP servers announce LOGIN only in the
old-style header is a good reason to support those as well;
I hence recommend that this patch is applied.
Microsoft is, strictly speaking, conforming to the RFC by
*not* reporting LOGIN in the AUTH header: only registered
SASL mechanism can be announced there, and LOGIN is not
registered; see
http://www.iana.org/assignments/sasl-mechanisms
|
|
msg40374 - (view) |
Author: Martin v. Löwis (loewis) * |
Date: 2002-07-24 13:05 |
Logged In: YES
user_id=21627
In
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=581165&group_id=5470
pierslauder reports success with this patch; see his
detailed report for remaining problems.
|
|
msg40375 - (view) |
Author: Gerhard Häring (ghaering) * |
Date: 2002-08-06 06:55 |
Logged In: YES
user_id=163326
Uh-oh. I made a stupid error in the code, sending the
username twice. One more lesson I learnt: never use username
== password for testing :-/
|
|
msg40376 - (view) |
Author: Gerhard Häring (ghaering) * |
Date: 2002-08-29 14:33 |
Logged In: YES
user_id=163326
Here's a backport for Python 2.2. I did the diff against
Python 2.2.1 and hope it still applies to the maintenance line.
Arguments for backporting:
- missing handling of old-style advertisement is a bug
because it makes SMTP auth unusable for a wide range of servers
- backporting support for AUTH LOGIN is safe
|
|
msg40377 - (view) |
Author: Martin v. Löwis (loewis) * |
Date: 2002-09-24 16:16 |
Logged In: YES
user_id=21627
There is another such patch as #613708.
It would be good to make progress on this patch. Barry, what
is stopping this from being integrated?
|
|
msg40378 - (view) |
Author: Barry A. Warsaw (barry) * |
Date: 2002-09-25 04:06 |
Logged In: YES
user_id=12800
I've simply not had time to devote to this patch. If you
feel so inclined, please take it from me, otherwise I will
try to find some time for it soon.
|
|
msg40379 - (view) |
Author: Martin v. Löwis (loewis) * |
Date: 2002-10-06 17:56 |
Logged In: YES
user_id=21627
Committed for 2.2 as 1.46.4.5
It appears that Piers Lauder already committed version 2 of
the patch as 1.59; I've committed the missing change as
1.63. Please review both committs for correctness.
|
|
msg40380 - (view) |
Author: Gerhard Häring (ghaering) * |
Date: 2002-10-06 21:07 |
Logged In: YES
user_id=163326
They both seem to be ok.
|
➜
