From 7ecc3f68ce9218e3881eadc4a5d213905018a16d Mon Sep 17 00:00:00 2001 From: Mechiel Lukkien Date: Thu, 3 Oct 2024 20:29:40 +0200 Subject: [PATCH] for the smtp login method, use challenges "Username:" and "Password:" as attempt to improve interoperability there is only an internet-draft about the required behaviour. it says clients should ignore the strings. some clients do check the string. most servers appear to use "Username:" and "Password:" as challenge. we'll follow them, hoping to improve interoperability. for issue #223 by gdunstone, and with analysis from wneessen of go-mail. thanks! --- smtpserver/server.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/smtpserver/server.go b/smtpserver/server.go index 866cb47a2..16492765b 100644 --- a/smtpserver/server.go +++ b/smtpserver/server.go @@ -1136,16 +1136,17 @@ func (c *conn) cmdAuth(p *parser) { // Read user name. The I-D says the client should ignore the server challenge, but // also that some clients may require challenge "Username:" instead of "User - // Name". We can't sent both... + // Name". We can't sent both... Servers most commonly return "Username:" and + // "Password:", so we do the same. // I-D says maximum length must be 64 bytes. We allow more, for long user names // (domains). - encChal := base64.StdEncoding.EncodeToString([]byte("User Name")) + encChal := base64.StdEncoding.EncodeToString([]byte("Username:")) username := string(xreadInitial(encChal)) username = norm.NFC.String(username) // Again, client should ignore the challenge, we send the same as the example in // the I-D. - c.writelinef("%d %s", smtp.C334ContinueAuth, base64.StdEncoding.EncodeToString([]byte("Password"))) + c.writelinef("%d %s", smtp.C334ContinueAuth, base64.StdEncoding.EncodeToString([]byte("Password:"))) // Password is in line in plain text, so hide it. defer c.xtrace(mlog.LevelTraceauth)()