I'm using OpenSSL to connect to mail server.
POP3 works fine but I have problems with IMAP. Based on CAPABILITY command server supports PLAIN, NTLM and GSS-API authentication methods.
I want to use PLAIN because it's easier than others.
I have read it's needed to use <NUL> for it.
I have run the next variations, but no success:
? login user pass
? login <nul>user<nul>pass
? <nul>login <nul>user<nul>pass
What am I doing wrong?
? login [email protected] mypassword\r\n
often servers don't require " @box.zone " part, you can just type login
mymailbox or mymailbox@domain is purely an administrative/implementation decision on the server side. It tends to be useful for server admins to make their user names be the full e-mail address when the same server is used for multiple domains. –
Sugared None of the previous answers actually said how to use PLAIN authentication, so I did some more digging. It turns out that authentication information is expected in base64. It's probably easiest to explain by example. Assume a username of "bob" and a password of "munchkin".
We'll first need to encode in base64. On a Linux-ish system, it goes likes this:
echo -en "\0bob\0munchkin" | base64
This incorporates the null characters as required, and also does the base64 encoding. We get this string out: AGJvYgBtdW5jaGtpbg==.
Now, we can do the actual authentication (S = Server, C = Client):
S: * OK The Microsoft Exchange IMAP4 service is ready.
C: D0 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=NTLM AUTH=GSSAPI AUTH=PLAIN CHILDREN IDLE NAMESPACE LITERAL+
S: D0 OK CAPABILITY completed.
C: D1 AUTHENTICATE PLAIN
S: +
C: AGJvYgBtdW5jaGtpbg==
S: D1 OK AUTHENTICATE completed
And you're done!
May be this will help
/* RFC 4616.2. PLAIN SASL Mechanism.
The mechanism consists of a single message, a string of [UTF-8]
encoded [Unicode] characters, from the client to the server. The
client presents the authorization identity (identity to act as),
followed by a NUL (U+0000) character, followed by the authentication
identity (identity whose password will be used), followed by a NUL
(U+0000) character, followed by the clear-text password. As with
other SASL mechanisms, the client does not provide an authorization
identity when it wishes the server to derive an identity from the
credentials and use that as the authorization identity.
message = [authzid] UTF8NUL authcid UTF8NUL passwd
Example:
C: a002 AUTHENTICATE "PLAIN"
S: + ""
C: {21}
C: <NUL>tim<NUL>tanstaaftanstaaf
S: a002 OK "Authenticated"
*/
IMAP not easy to code, literal string and xxx response formats ... .
It's easier to use some free IMAP client.
? login [email protected] mypassword\r\n
often servers don't require " @box.zone " part, you can just type login
mymailbox or mymailbox@domain is purely an administrative/implementation decision on the server side. It tends to be useful for server admins to make their user names be the full e-mail address when the same server is used for multiple domains. –
Sugared © 2022 - 2024 — McMap. All rights reserved.