Question for PINK users : AUTH schemes your ISP uses?

Ryan Clarke

Hello. This is an open question to our PINK users. As you know the PINK does not currently support auths for SMTP servers (to send email)- There is a reason for this: SMTP (the protocol) does not facilitate authentication. It was never in the protocol, so work arounds have been developed- most use a variant of the following: When you log into a POP3 mail account you authenticate. The Mail server remembers that you've logged in and the IP you've logged in from. If mail is sent within the next pre-determined amount of time, from the same IP address with the same return email address your mail is allowed to be sent. If you never correctly authenticate via POP3 then it won't let you send mail.

There is an RFC 2554 extension that is less widely supported as well.

The problem is that our customers (you guys) may use any (or neither) of these methods for SMTP auth based on what your ISP uses. (This is why auth was not included in the first version of the PINK firmware in the first place.)

So the question is, what do your ISPs use? Do you know? How would you suggest we implement authentication? There were many requests for this here in the forums, but never any responses on what anyone's ISP actually does for authentication.

Thoughts?

Ryan

▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Ryan Clarke
Parallax Tech Support

RClarke@Parallax.com

steve_b

Parallax could run their own mail server for PINK uses....just a shot!

My ISP requires me to log in....outside of that, I don't know much else.
I'm sure a call to support would get me some odd responses as they might think I'm trying to spoof their system.

▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
·

Steve

"Inside each and every one of us is our one, true authentic swing. Something we was born with. Something that's ours and ours alone. Something that can't be learned... something that's got to be remembered."

Gadgetman

I don't use a PINK, but that doesn't stop me from responding...
(Friday night here and nothing to do... I need to get a life...)

The system I have seen most often is that the SMTP server assumes you have the right to send email if you use an IP-address belonging to the same ISP as the SMTP server belongs to.
That, and POP3 authentication, of course.

▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Don't visit my new website...

Joe M

I use comcast for my cable connection, and all they require is that you are in their IP space.

-Joe

Ryan Clarke

Yes, I assumed this to be the case- Which is why we went ahead and released the first PINK firmware the way it is. But we did see quite a few users both posting here in the forums and via email upset that they could not send email without authentication.

Ryan

▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Ryan Clarke
Parallax Tech Support

RClarke@Parallax.com

rockin_rick

I think that it would be really cool if PINK could also receive email (via POP3), and process it (place the body or subject or both into a register(s)). This would (mostly) solve the send mail auth. problem while adding functionality to PINK. With this setup, I could have 2 way comms with my cell phone (set up with an email address). PINK could send the cell a message, and I could respond and control whatever via cell phone.

Rick

neoteric

I run several email systems for customers on all types of ISP's.· They cannot send email from any of my servers unless they authenticate both with a username and a password.·· I am not the system administrator, but I do know that to send email from my server, you must authenticate with both.· This prevents spammers from using our email system to send spam, once they know a users emal address.· If you need more information, contact me via PM and I·can set up a conversation with our sysadmin.

bottomgun

Earthlink SMTP mail requires:
1. Username;
2. Password; and
3. Use of outgoing server port 587

R/J²

▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Respectfully,

Jay K. Jeffries

Ryan Clarke

Yes, but again here the U/N and PASS setup is not via SMTP (the protocol does not allow for it)-

Ryan

▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Ryan Clarke
Parallax Tech Support

RClarke@Parallax.com

John R.

I will agree that the SMTP protocol does not allow for a user name and password. I'm not sure what is used, but my provider (sbc.global.net - run by Yahoo!) and other providers I've used in the past require me to log on to the SMTP server with the same username/password as the POP3 account. As a reference, Outlook, and Outlook express deal with this just fine. I do not believe this is based on logging into the POP3 account first, but a separate login for the SMTP server, independant (but with the same credentials) of the POP3.

I've attached the screen shot of this setup tab.

I'll confess ignorance to what it does, just say that it works, and has worked with multiple ISPs.

▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
John R.

8 + 8 = 10

John Abshier

My ISP is Roadrunner from Time Warner Cable.· Outlook and Outlook express have fields for a user name and password.· I don't know how this authorization works.· Perhaps you could contact some of the larger ISP and ask them.· I don't know how useful a sniffer would be.· I am hoping that the transaction is encrypted.

John R.

I just did a "sniff" of Outlook sending a message through smtp.sbcglobal.yahoo.com

I am not going to claim to be an expert at reading this stuff, but it sure looks like the conversation was all in SMTP, adn went something like this:

From To Protocol Description

Me SBC TCP Open SMTP
SBC Me TCP OK, why not?
Me SBC TCP Let's go!
SBC Me SMTP Response: 220 smtp106.sbc.mail.re2.yahoo.com ESMTP
Me SBC SMTP Command: AUTH LOGIN
SBC Me SMTP Response: 334 [noparse][[/noparse]giberish 1]
Me SBC SMTP Message Body [noparse][[/noparse]contains giberish 2]
SBC Me SMTP Response: 334 [noparse][[/noparse]giberish 3]
Me SBC SMTP Message Body [noparse][[/noparse]contains giberish 4]
SBC Me TCP smtp > 2337 [noparse][[/noparse]ACK]
SBC Me SMTP Response: 235 ok, go ahead (#2.0.0)
Me SBC SMTP Command: MAIL FROM...........

I am assuming that the two Message Bodies were encrypted username and passwords. On two successive messages giberish 1, 2, 3 and 4 were identical from message to message (but different from each other).

The following links may be useful:
www.sendmail.org/~ca/email/auth.html#authsecwarn1 (AUTH in Sendmail)
tp.isi.edu/in-notes/rfc2554.txt (SMTP Service Extension - RFC 2554)

Based on the second link, I would tend to say that while "pure" SMTP might not offer authentication, This RFC adds the possibility of authentication to SMTP (or maybe more properly ESMTP). It is dated 1999, and from the first link, it has apparently been in sendmail since version 8.10 as early as Sept. 1999. Ryan referrs to this RFC, and seems to think it is "less widely supported".

I am not disputing this, but "around these parts" (Wisconsin) it appears to be what most of the providers are using. It is also supported by all the e-mail clients I am aware of. If you look at my screen shot of the e-mail parameters, you'll see options for the other method Ryan mentions as well (check POP first). I have helped "family and friends" set up clients for several minor and all the major ISPs in the area, and they all have used this (separate login) for SMTP authentication.

▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
John R.

8 + 8 = 10

John R.

As a follow up thought: I believe ISPs will find using the IP address as a means of "authentication" less usefull as we move foreward. I realized this as I was thinking about all the places I've connected with my laptop, from coast to coast. With high speed access in hotels, "internet cafes", etc., I would not have my "normal" address. Yet by using RFC 2554 (or login via POP before send), I can still gain access via my preferred e-mail client.

For those of you who have an IP address based configuration for SMTP, how do your ISPs deal with you "traveling"? This could also become a factor for PINKy when used on/in a portable data logger.

▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
John R.

8 + 8 = 10

Joe M

Hey John- I tunnel smtp over SSH when I travel to get access to my mail server.



-Joe

GearHead

See the link below. The section on SMTP Servers.

http://www.microsoft.com/windows/IE/community/columns/mailserver.mspx

Both MSN and Comcast use the method of POP before SMTP. In·most cases if the ISP requires you to authentication to receive mail and all you are trying to do is send mail, it will connect to the POP server first for authentication.

JJ

Post Edited (GearHead) : 3/8/2006 8:11:58 AM GMT

John R.

JJ and Ryan;

I am not trying to be confrontational, but trying to educate myself. You both indicate that the SMTP AUTH is not commonly used, or that other methods are "usually" used.

Here is Wisconsin, the following use the AUTH part of SMTP (or ESMTP if you perfer): Charter Cable, Road Runner (Time Warner Cable), Yahoo (DSL via SBC, AT&T, formerly Ameritech and others), Prodigy (if they are still around), along with local providers PowerCom, PowerWeb, WebConnect, NConnect and a host of others. I can remember working with one user who was authorized by IP address range, and noone that we had to use the "check POP before send".

This is based on my experiences helping "family and friends" and assisting co-workers get things set up (I'm an IT Manager).

Based on my experiences here, and especially with the "big" providers listed, my statement would be "almost all ISPs are using the "build in" SMTP Authentication (RFC 2554).

Is this just a regional thing? Does the "primary" method change by region? Is this all just "chance" on my end? Are your statements based on your "local" trends? If it is regional, do the "big boys" (e.g. Charter, Time Warner, Yahoo) use different methods in different areas?

Please, PLEASE understand, I am asking to learn, not to challange.

▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
John R.

8 + 8 = 10