SMTP-AUTH

SMTP-AUTH

SMTP-AUTH is an extension of the Simple Mail Transfer Protocol (SMTP) to include an authentication step through which the client effectively logs in to the mail server during the process of sending mail. Servers which support SMTP-AUTH can usually be configured to require clients to use this extension, ensuring the true identity of the sender is known.SMTP-AUTH is defined in RFC 4954.

Overview

SMTP-AUTH provides an access control mechanism. It can be used to allow legitimate users to relay mail while denying relay service to unauthorized users, such as spammers. It does not guarantee the authenticity of either the SMTP envelope sender or the RFC 2822 "From:" header. For example, spoofing, in which one sender masquerades as someone else, is possible even with SMTP-AUTH.

The SMTP-AUTH extension also allows one mail server to indicate to another that the sender has been authenticated when relaying mail. In general this requires the recipient server to trust the sending server, meaning that this aspect of SMTP-AUTH is rarely used on the Internet. The recipient of an e-mail message cannot tell whether the sender was authenticated, so use of SMTP-AUTH is only a very partial solution to the problem of spam.

While SMTP-AUTH is generally a security improvement over unauthenticated SMTP, it can also introduce a weakness. If authenticated users are allowed to submit messages from IP addresses where unauthenticated users are not — that is, if authenticated users are allowed to relay mail — then an attacker who subverts one user's account is then able to use the authenticated server as an open mail relay. Thus, in such a configuration, every user's password becomes a key to the mail system's security. Spammers have attacked SMTP-AUTH mail servers by bruteforcing common usernames and passwords. A good password policy can effectively prevent such an attack.

See also

* CRAM-MD5 (a SASL mechanism for ESMTPA) RFC 2195
* Simple Authentication and Security Layer (SASL) RFC 4422
* Simple Mail Transfer Protocol (SMTP) RFC 2821
* Extended SMTP (discusses ESMTP keywords like AUTH)

External links

* RFC 4954 - SMTP Service Extension for Authentication (obsoletes RFC 2554 )
* RFC 3848 - SMTP and LMTP Transmission Types Registration (with ESMTPA)
* RFC 4409 - Message Submission for Mail (obsoletes RFC 2476 )
* [http://www.technoids.org/saslmech.html Negotiating an SMTP AUTH Mechanism] (examples)


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • SMTP-Auth — (SMTP Authentifizierung, auch als ASMTP bezeichnet) ist eine Erweiterung des ESMTP Protokolls, die einem Mailserver eine Authentifizierung des Clients anhand seines Nutzernamens und Kennworts ermöglicht. Über einen SMTP Auth fähigen Server können …   Deutsch Wikipedia

  • SMTP-AUTH — Internet message access protocol authentication SMTP AUTH est une extension du protocole SMTP. C est un protocole de transfert des courriels sur Internet qui inclut une étape d authentification au cours de laquelle le client se connecte… …   Wikipédia en Français

  • SMTP AUTH — Internet message access protocol authentication SMTP AUTH est une extension du protocole SMTP. C est un protocole de transfert des courriels sur Internet qui inclut une étape d authentification au cours de laquelle le client se connecte… …   Wikipédia en Français

  • SMTP — (Simple Mail Transfer Protocol) Familie: Internetprotokollfamilie Einsatzgebiet: Einspeisung von E Mail (Mail Submission), Abholung von E Mail eventuell über mehrere Stationen (Mail Transfer) Ports: 25/TCP 587/TCP (Alternative für Mail Clients)… …   Deutsch Wikipedia

  • SMTP-Engine — SMTP (Simple Mail Transfer Protocol) Familie: Internetprotokollfamilie Einsatzgebiet: Einspeisung von E Mail (Mail Submission), Abholung von E Mail eventuell über mehrere Stationen (Mail Transfer) Ports: 25/TCP 587/TCP (Alternative für Mail… …   Deutsch Wikipedia

  • SMTP — Название: Simple Mail Transfer Protocol Уровень (по модели OSI): Прикладной Семейство: TCP/IP Порт/ID: 25/TCP Назначение протокола: Отправка электронной почты Спецификация: RFC 5321 Ос …   Википедия

  • SMTP-After-POP — oder POP Before SMTP ist ein Verfahren, bei dem die im POP3 Protokoll vorhandene Authentifizierung für das Standard SMTP Protokoll mit verwendet wird, dem eine solche Authentifizierungsmethode fehlt. Bei SMTP After POP greift ein Benutzer… …   Deutsch Wikipedia

  • Auth — or AUTH has multiple meanings: * Tony Auth, cartoonist * Authentication and authorization in computer security ** Ident, an Internet protocol ** SMTP AUTH * Aristotle University of Thessaloniki …   Wikipedia

  • SMTP-Relay-Server — Als SMTP Relay Server, Mail Relay Server oder Smarthost wird ein Mail Server (B) bezeichnet, der von einem Sender (A) E Mail annimmt und an beliebige Dritte (C) weiterleitet. A (Sender ) → B (Relay Server) → C (Empfänger) Ein korrekt… …   Deutsch Wikipedia

  • SMTP — Simple Mail Transfer Protocol Pile de protocoles 7 • Application 6 • Présentation 5 • Session 4 • …   Wikipédia en Français

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”