432DP-2330/3030MAR 2005Ver.2.1DP-2310/30109.16. SMTP Service Extension for Authentication (SMTP Auth)- Extended FeatureSMTP is widely deployed and high-quality implementations have proven to be very robust. However, theInternet community now considers some services to be important that SMTP AUTH is an SMTP serviceextension (ESMTP) whereby an SMTP client may indicate an authentication mechanism to the server,perform an authentication protocol exchange, and optionally negotiate a security layer for subsequentprotocol interactions. This extension is a profile of the Simple Authentication and Security Layer (SASL). Touse SASL, a protocol includes a command for identifying and authenticating a user to a server and foroptionally negotiating protection of subsequent protocol interactions.The AUTH command indicates an authentication mechanism to the server. If the server supports therequested authentication mechanism, it performs an authentication protocol exchange to authenticate andidentify the user. Optionally, it also negotiates a security layer for subsequent protocol interactions. If therequested authentication mechanism is not supported, the server rejects the AUTH command with a 504reply.The authentication protocol exchange consists of a series of server challenges and client answers that arespecific to the authentication mechanism. A server challenge, otherwise known as a ready response, is a334 reply with the text part containing a BASE64 encoded string. The client answer consists of a lineClient Server250-smtp.example.com250 AUTH LOGIN DIGEST-MD5 CRAM-MD5AUTH CRAM-MD5ZnJlZCA5ZTk1YWVlMDljNDBhZjJiODRhMGMyYjNiYmFlNzg2ZQ==Establish TCP connection (TCP port No. 25)220 smtp.example.com ESMTP server readyEHLO jgm.example.comContinue to follow the SMTP procedure334PENCeUxFREJoU0NnbmhNWitOMjNGNndAZWx3b29kLmlubm9zb2Z0LmNvbT4=235 Authentication successfulSMTP AUTH overviewGenrates Digest parameterChallenge + PASSWD with HMAC (keyed-Hashing for MessageAuthentication Code) roduces a 16 octet digest value of:USERProduces a Challenge334 PENCeUxFREJoU0NnbmhNWitOMjNGNndAZWx3b29kLmlubm9zb2Z0LmNvbT4=Challenge ResponseBASE64 decoded stringBASE64 encoded stringFredZnJlZCA5ZTk1YWVlMDljNDBhZjJiODRhMGMyYjNiYmFlNzg2ZQ==9e95aee09c40af2b84a0c2b3bbae786e