An extension to the venerable SMTP protocol
which allows untrusted internet hosts to relay
mail through a mailserver
, after a successful challenge-response
, described by RFC 2554
, a typical SMTP
server (eg the kind your ISP
probably provides to let you send your email
) will not let machines outside the ISP send emails. This means you can't, for example, send mail through your normal SMTP
server while you are travelling, or just using a different ISP.
RFC 2554 (interestingly only filed in March 1999
) allows authentication into the SMTP transfer, so that you can relay your messages from anywhere after providing your username and password (typically the same ones you use to retreive your POP3
It allows both secure authentication (eg 'CRAM-MD5
') and insecure plaintext.
Most mail tool
s support it automatically. For example in Netscape 6
, it's disguised as the option 'always supply username and password' under 'outgoing mail server'.
Take a look at it!
If you're sufficiently bored, you can watch AUTH at work:
- Telnet to a mailserver (how?) on port 25.
- Type 'EHLO your.host.name'
- One of the lines it spits back at you should list the kinds of AUTH supported, eg:
250-AUTH SCRAM-MD5 LOGIN CRAM-MD5 NTLM
- Type 'AUTH CRAM-MD5' (or another style)
- Hit enter a few times, and giggle at the random ascii challenge stuff it's sending you.
- That's it. (I don't know how to authenticate by hand yet - I believe even the plaintext is encoded base64, which is a pain for this example.)
Stay tuned to find out how to set this up with exim
forwarding to a smart host
on a different network (as soon as I figure the silly thing out!)