Overview of SMTP Authentication
In this section we will demonstrate how to add SMTP authentication protocol support to Hydra. Mail servers commonly use SMTP authentication to identify a user as being valid prior to accepting email for delivery.
A number of different standards for SMTP authentication exist, many
of which are not RFC standards. We are demonstrating an
authentication method using the
AUTH
LOGIN
method, as
shown in Example 3-1.
Example 3-1. An SMTP AUTH session
220-mail.xxxxxxxx.com ESMTP Exim 4.34 #1 Wed, 23 Jun 2004 17:35:13 -0700 EHLO mail.myserver.com 250-mail.xxxxxxxx.com Hello mail.myserver.com [192.168.0.156] 250-SIZE 52428800 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP AUTH LOGIN 334 VXNlcm5hbWU6 bXl1c2VybmFtZQ== 334 UGFzc3dvcmQ6 bXlwYXNzd29yZA== 235 Authentication succeeded
The AUTH
LOGIN
authentication
method is well supported by many common SMTP servers, and as such, it
is a good protocol to use. The protocol is a simple process that uses
unencrypted credentials. Even though the protocol is insecure, a
number of mail servers support it in their default configurations as
a lowest-common-denominator protocol for SMTP authentication.
The protocol can be demonstrated by using the
telnet
command to port 25 on an available mail
server. The mail server then responds with a connection message:
220-mail.xxxxxxxx.com ESMTP Exim 4.34 #1 Wed, 23 Jun 2004 17:35:13 -0700
The mail server responds with a header containing the SMTP response code 220. Similar to ...
Get Network Security Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.