Alternate Authentication Mechanisms

Giganews Newsgroups
Subject: Alternate Authentication Mechanisms
Posted by:  Frank Bishop (francis12…@fairpoint.net)
Date: Tue, 13 Oct 2009

I have been working with implementing the sending of email and SASL
authentication and need a little clarification

In order to determine which authentication mechanisms a particular
server has I can use telnet and run the EHLO command

One server responded with
250-TURN
250-SIZE 25600000
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK

Another with
250-smtp0.av-mx.com
250-SIZE 29360128
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN CRAM-MD5
250-AUTH=PLAIN LOGIN CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Another with
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 STARTTLS

So they all seem to support LOGIN

I can test PLAIN and CRAM-MD5

and GSSAPI and NTLM are not yet implemented in INDY 10.5.7

What does the = in

250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN

denote ?

Or I can just let indy try them in the order I add them to the
SASLMechanisms collection

So what might be a reasonable order based on experience?

    IdSASLCRAMMD5 := TIdSASLCRAMMD5.Create(IdSMTP);
    IdSASLCRAMMD5.UserPassProvider := IdUserPassProvider;

    IdSASLCRAMSHA1 := TIdSASLCRAMSHA1.Create(IdSMTP);
    IdSASLCRAMSHA1.UserPassProvider := IdUserPassProvider;

    IdSASLPlain := TIdSASLPlain.Create(IdSMTP);
    IdSASLPlain.UserPassProvider := IdUserPassProvider;

    IdSASLLogin := TIdSASLLogin.Create(IdSMTP);  // same as sasDefault
    IdSASLLogin.UserPassProvider := IdUserPassProvider;

    IdSASLSKey := TIdSASLSKey.Create(IdSMTP);
    IdSASLSKey.UserPassProvider := IdUserPassProvider;

    IdSASLOTP := TIdSASLOTP.Create(IdSMTP);
    IdSASLOTP.UserPassProvider := IdUserPassProvider;

    IdSASLAnonymous := TIdSASLAnonymous.Create(IdSMTP);
    // doesnt use a IdUserPassProvider

    IdSASLExternal := TIdSASLExternal.Create(IdSMTP);
    // doesnt use a IdUserPassProvider

with IdSMTP.SASLMechanisms.Add do
begin
  SASL := IdSASLCRAMMD5;
  SASL := IdSASLCRAMSHA1;
  SASL := IdSASLPlain;
  SASL := IdSASLLogin;
  SASL := IdSASLSKey;
  SASL := IdSASLOTP;
  SASL := IdSASLAnonymous;
  SASL := IdSASLExternal;
end;

and indy 10.5.7 has IdSASLDigest (but I havent got a stable use of that yet)

plus I use Indy 10.2.3 at this location so at this point I think leaving
off  SASL := IdSASLExternal; and  SASL := IdSASLDigest is reasonable
till I understand them better

---------------------------------------------------------------------------------------------
// Without any try finally or try except blocks to simplify example code

procedure SendEmail1;
var IdMailMessage : TIdMessage;
    MyEmailServer, MyEmailServerUsername, MyEmailServerPassword : string;
    MyEmailSendAs, MyEmailFrom, MyEmailTo : string;
    IdUserPassProvider: TIdUserPassProvider;
    IdSASLLogin :  TIdSASLLogin;
    IdSMTP : TIdSMTP;
begin
  // Set Up Server Particulars
  MyEmailServer := 'xxx.com';
  MyEmailServerUsername := 'xxx';
  MyEmailServerPassword := 'xxx';

// Set Up Email Particulars
  MyEmailSendAs := 'xxx.com';  // standard email format

MyEmailFrom := '"An Email From Me"';
  // plain text form  wrap in "" to maintain spaces

  MyEmailTo := 'xxx.net';    // standard email format

  IdMailMessage := TIdMessage.Create(nil);

    IdMailMessage.From.Text := MyEmailFrom;
    IdMailMessage.Sender.Text := MyEmailSendAs;
    IdMailMessage.Recipients.EMailAddresses := MyEmailTo;
    IdMailMessage.Subject := 'The Subject Goes Here';
    IdMailMessage.Body.Text := 'The Body Goes Here' + #13#10
                              + 'An Example of a Second Line';

    IdSMTP := TIdSMTP.Create(nil);

      // Set up SMTP
      IdSMTP.Host := MyEmailServer;
      IdSMTP.Port := 25;
      IdSMTP.AuthType := satSASL;  // satNone, satDefault, satSASL

      IdSMTP.UseEhlo := True;
// ? isnt this set to true when using satSASL

      // Set Up Authentication For Email
      IdUserPassProvider := TIdUserPassProvider.Create(IdSMTP);
      IdUserPassProvider.Username := MyEmailServerUsername;
      IdUserPassProvider.Password := MyEmailServerPassword;

      { Wire Up UserPassProvider to SASL Mechanism }
      IdSASLLogin := TIdSASLLogin.Create(IdSMTP);
      IdSASLLogin.UserPassProvider := IdUserPassProvider;

      { Wire Up other SASL Mechanisms Here }
      {}

      with IdSMTP.SASLMechanisms.Add do
      begin
        SASL := IdSASLLogin;  // same as satDefault both use AUTH LOGIN
        { Add other SASL Mechanisms Here }
        {}
      end; { with IdSMTP.SASLMechanisms.Add }

        IdSMTP.Connect;

            IdSMTP.Send(IdMailMessage);

            IdSMTP.Disconnect;

      IdSMTP.Free;

// Note IdSASLLogin and IdUserPassProvider free occurs
// with parent IdSMTP

    IdMailMessage.Free;

end; { procedure }

Replies