Re: SMTP-Auth

Giganews Newsgroups
Subject: Re: SMTP-Auth
Posted by:  Remy Lebeau (TeamB) (no.spam@no.spam.com)
Date: Wed, 17 Aug 2005

"Lukas" <luk…@gms.info> wrote in message
news:30E10CDDA6D6E240luk…@gms.info...

> When UserLogin is raised I get apassword, ausername and
> asender.password an asender.username. What is the difference?

The ASender parameter provides access to all of the data that has been
stored for the Context, whatever that happens to be.  The ASender.Username
and ASender.Password have not been assigned yet when the OnUserLogin event
is triggered.  You can only validate against the AUserName and APassword
parameters, which will then be assigned to the Context after the OnUserLogin
event has exited, if validation was successful.

> Here is some code ( I want to read the smtp-settings into a variable)

You don't need to use your own variables.  The Context already stores them
for you.

> If I set a seperate ausername (let´s say <a>) and apassword (<b>)
> for smtp-auth in Outlook I receive the value <a> in both username-variable
> and password-variable.

The only way that can happen is if Outlook actually sent <a> for the
password.  However, it is sends <b> instead, then you will receive <b> for
the APassword parameter as expected.

> How do I find out, if the smtp-settings are set to e.g.:
> - same settings as POP3

There is no way to find that.  That information is not transmitted.  That is
part of Outlook's local configuration when deciding what it needs to
transmit.

> - SMTP requires auth YES/NO

When you connect to an SMTP server and issue an EHLO command, the server
will report whether it supports authentication, and which authentication
schemes it recognizes.  That does not, however, specify whether
authentication is actually required or not.  Many servers support
authentication without requiring it.  However, if a server requires
authentication then your own server will also have to require authentication
in order to gather the login information prior to connecting to the target
server.  Since you won't know ahead of time whether a server requires
authentication or not, your server will still have to gather the login
information ahead of time, which means that your server will have to require
authentication always.

> - SPA YES/NO

That will be included in the respose for the EHLO command as one of the
supported authentication schemes, specifically NTLM.  Again, that only
specifies whether the server supports it, but not whether it is required.
Also, most servers don't use SPA anyway as it is a Microsoft-only feature
(not everyone uses Microsoft servers), and is also not as secure as it
claims.

> - Before sending do a POP3-Login

The only way to know that is to attempt the SMTP send first and then see if
an error occurs, and whether the error text says anything about needing POP3
first.  But that means parsing server-specific error text, which is not very
reliable.  Otherwise, you will just have to know ahead of time whether POP3
is needed, such as by user input in your server's configuration.

> How can I find out smtp-host and smtp-port of an email-account?

The only way to do that is to look at the email address that is sending a
message and then do a DNS lookup on the address's domain.  That will tell
you the email server's host but not the port number.  Most servers use
standardized ports (SMTP uses port 25 by default), but not all do (which is
why Outlook and other clients allow the user to specify the port nubmers
manually).  In which case, your server will have to be pre-configured for
that information ahead of time.  Which means that your server will likely
need to require authentication so that you know which user is sending
messages through your server.  Then you can maintain your own list of
usernames and which servers the messages need to be forwarded to.

Gambit

Replies

In response to

SMTP-Auth posted by Lukas on Wed, 17 Aug 2005