3
Vote

C# SmtpClient Authentication rejected

description

The most common 'AUTH LOGIN' mechanism looks like this
S: 220 esmtp.example.com ESMTP
C: ehlo client.example.com
S: 250-esmtp.example.com
S: 250-PIPELINING
S: 250-8BITMIME
S: 250-SIZE 255555555
S: 250 AUTH LOGIN PLAIN CRAM-MD5
C: auth login
S: 334 VXNlcm5hbWU6
C: avlsdkfj
S: 334 UGFzc3dvcmQ6
C: lkajsdfvlj
S: 535 authentication failed (#5.7.1)
From all the ESMTP Authentication mechanisms the offered, the client selects 'auth login'. The ESMTP server issues then a '334 VXNlcm5hbWU6' where 'VXNlcm5hbWU6' is a BASE64 encoded string 'Username:'. The client provides the BASE64 encoded user name and the sever responses with the request for the 'Password:' ('334 UGFzc3dvcmQ6'). In the sample above, random input is given and the server finally rejects the authentication request.

However, there exists a different, RFC compliant version of this behavior, where the client initially sends the userid already with the AUTH LOGIN method:
C: AUTH LOGIN ZHVtbXk=
S: 334 UGFzc3dvcmQ6
C: Z2VoZWlt
The C# SmtpClient uses the latter and this authentication method is currently rejected by smtp4dev.

Also the C# SmtpClient uses lowercase 'login' instead of 'LOGIN' which is also not recognized by the current implementation of smtp4dev server (version 2.1.1.0) (nothing a simple ToUpper cannot solve).

I have made some "hacks" to make this authentication work, but it would be better if these issues would be resolved in the trunk.

Here's the authentication hack:
public AuthMechanismProcessorStatus ProcessResponse(string data)
{
            if (State == States.Initial && !String.IsNullOrEmpty(data))
            {
                State = States.WaitingForUsername;
            }

comments

HughJeffner wrote Feb 17, 2015 at 6:37 PM

Ran across this as well, too bad this project looks abandoned