for the smtp login method, use challenges "Username:" and "Password:"…

… as attempt to improve interoperability there is only an internet-draft about the required behaviour. it says clients should ignore the strings. some clients do check the string. most servers appear to use "Username:" and "Password:" as challenge. we'll follow them, hoping to improve interoperability. for issue #223 by gdunstone, and with analysis from wneessen of go-mail. thanks!
mjl- · Oct 3, 2024 · 7ecc3f6 · 7ecc3f6
1 parent bbc419c
commit 7ecc3f6
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/smtpserver/server.go b/smtpserver/server.go
@@ -1136,16 +1136,17 @@ func (c *conn) cmdAuth(p *parser) {
 
 		// Read user name. The I-D says the client should ignore the server challenge, but
 		// also that some clients may require challenge "Username:" instead of "User
-		// Name". We can't sent both...
+		// Name". We can't sent both... Servers most commonly return "Username:" and
+		// "Password:", so we do the same.
 		// I-D says maximum length must be 64 bytes. We allow more, for long user names
 		// (domains).
-		encChal := base64.StdEncoding.EncodeToString([]byte("User Name"))
+		encChal := base64.StdEncoding.EncodeToString([]byte("Username:"))
 		username := string(xreadInitial(encChal))
 		username = norm.NFC.String(username)
 
 		// Again, client should ignore the challenge, we send the same as the example in
 		// the I-D.
-		c.writelinef("%d %s", smtp.C334ContinueAuth, base64.StdEncoding.EncodeToString([]byte("Password")))
+		c.writelinef("%d %s", smtp.C334ContinueAuth, base64.StdEncoding.EncodeToString([]byte("Password:")))
 
 		// Password is in line in plain text, so hide it.
 		defer c.xtrace(mlog.LevelTraceauth)()