search

jetmore / swaks

Swaks - Swiss Army Knife for SMTP
http://jetmore.org/john/code/swaks/
GNU General Public License v2.0
848 stars 86 forks source link

CRAM-MD5 authentication - how to use it? #38

Closed mq2195 closed 2 years ago

mq2195 commented 2 years ago

How to set it up?

Why I think it is CRAM-MD5? Because server replies: 50-AUTH=LOGIN PLAIN CRAM-MD5

Where it works: Thunderbird with settings: SSL/TLS and "Encrypted password"

For swaks -ap argument I am using the same string as for "Encrypted password" in Thunderbird

swaks -t ... -f ... -s ... -p 465 --auth CRAM-MD5 -au user1 -ap *** -tlsc -tlsp tlsv1_2 \
--h-Subject "test" --body "email body" --h-X-TMP-B01 "script 1" -pp

=== Trying ...:465...
=== Connected to ... .
=== TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
=== TLS no local certificate set
=== TLS peer DN="..."
<~  220 ... ESMTP
 ~> EHLO ...
<~  250-...
<~  250-STARTTLS
<~  250-PIPELINING
<~  250-8BITMIME
<~  250-SIZE 104857600
<~  250-AUTH=LOGIN PLAIN CRAM-MD5
<~  250 AUTH LOGIN PLAIN CRAM-MD5
 ~> AUTH CRAM-MD5
<~  334 PDI...Pg==
 ~> cG9...Mw==
<~* 535 authentication failed
*** No authentication type succeeded
 ~> QUIT
<~  221 ...
=== Connection closed with remote host.

How can I use "Encrypted password" from Thunderbird (that is what I have) with swaks?

thunderbird: 91.2.0
os: rocky 8 (centos 8)
swaks version 20181104.0 (from epel)
jetmore commented 2 years ago

There's no trick to it - you specify username, password, and CRAM-MD5 and it should just work. I'm confused by how you refer to "Encrypted password", are you providing swaks the plaintext version of your password or something else? It needs to be the plaintext version, which, when using CRAM-MD5, swaks will encrypt before sending over the network.

It's possible that swaks is doing something wrong. For instance, maybe your password has special characters in it, etc, but I'm not going to be able to troubleshoot it without knowing your actual username and password, sorry. Are you in a position to set up a test account so that you could share the test account's unimportant credentials with me? To be clear, I don't need to log into anything, I just can't debug the CRAM-MD5 transaction without knowing what the inputs are

mq2195 commented 2 years ago

I'm confused by how you refer to "Encrypted password"

There are two of us... It came from Thunderbird... In the server settings, there is Authentication method. Available choices are: Normal password, Encrypted password and others. Now I know it has nothing to do with SMTP PLAIN or SMTP CRAM-MD5 authentications.

My initial testing was done with postmaster account, which as it turned out has a special (mis)configuration. After proper testing I was able to make it work.

My problem was: -au user1 vs -au user1@example.org

Sorry for wasting your time...