[Exim] Playing with SMTP AUTH & CRAM-MD5

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Paul Makepeace
Datum:  
To: exim-users
Betreff: [Exim] Playing with SMTP AUTH & CRAM-MD5
In a quest to understand SMTP AUTH and CRAM-MD5 I wrote a Perl program
that uses Digest::HMAC_MD5 to perform the digest and response
generation. I've included it below for anyone else that might be
interested. At the end, there is a sample exim4.conf snippet (actually
I suppose this is the only exim-specific bit :-) and a SMTP transaction
plus demonstration of the digest program in action.

Enjoy,
Paul


#!/usr/bin/perl -w
use strict;

# Paul Makepeace <http://paulm.com>, 2002-10-12
# Takes user, key, and base-64 encoded challenge and returns base-64
# encoded CRAM. See,
# IMAP/POP AUTHorize Extension for Simple Challenge/Response:
# RFC 2195 http://www.faqs.org/rfcs/rfc2195.html
# SMTP Service Extension for Authentication:
# RFC 2554 http://www.faqs.org/rfcs/rfc2554.html

# Args: tim tanstaaftanstaaf PDE4OTYuNjk3MTcwOTUyQHBvc3RvZmZpY2UucmVzdG9uLm1jaS5uZXQ+
# should yield: dGltIGI5MTNhNjAyYzdlZGE3YTQ5NWI0ZTZlNzMzNGQzODkw

use Digest::HMAC_MD5 qw(hmac_md5_hex);
use MIME::Base64     qw(decode_base64 encode_base64);


die "$0 user key challenge\n" unless @ARGV == 3;

my ($user, $key, $challenge) = @ARGV;
my $challenge_data = decode_base64($challenge);
my $hmac_digest    = hmac_md5_hex($challenge_data, $key);
my $response       = encode_base64("$user $hmac_digest");


print <<INFO;
Challenge: $challenge_data
HMAC digest: $hmac_digest
CRAM Base64: $response
INFO

__END__

begin authenticators
cram:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${if eq{$1}{paulm}{secret}fail}
#server_secret = ${lookup {${local_part:$1}} lsearch {/etc/mail/cram-md5/${domain:$1}}{$value}}
#client_name = tantrix
#client_secret = secret_as_well


$ exim -bh 127.0.0.1
220 mail.realprogrammers.com ESMTP "No Spam, muthafukkaz!" Fri, 11 Oct 2002 15:40:21 -0700
ehlo paulm.com
250-tantrix.realprogrammers.com Hello localhost [127.0.0.1]
250-SIZE 52428800
250-PIPELINING
250-AUTH CRAM-MD5
250 HELP
auth cram-md5
334 PDIwNDU4LjEwMzQzNzYwMjhAdGFudHJpeC5yZWFscHJvZ3JhbW1lcnMuY29tPg==

[
$ perl hmac_md5.pl paulm secret PDIwNDU4LjEwMzQzNzYwMjhAdGFudHJpeC5yZWFscHJvZ3JhbW1lcnMuY29tPg==
Challenge: <20458.1034376028@???>
HMAC digest: 0de568c202a2a6b64153963a43b3ddd9
CRAM Base64: cGF1bG0gMGRlNTY4YzIwMmEyYTZiNjQxNTM5NjNhNDNiM2RkZDk=
]

cGF1bG0gMGRlNTY4YzIwMmEyYTZiNjQxNTM5NjNhNDNiM2RkZDk=
>>> CRAM-MD5: user name = paulm
>>>           challenge = <20458.1034376028@???>
>>>           received  = 0de568c202a2a6b64153963a43b3ddd9
>>>           digest    = 0de568c202a2a6b64153963a43b3ddd9

235 Authentication succeeded
quit

--
Paul Makepeace ....................................... http://paulm.com/

"If not now, then fold it in half and stuff it in."
-- http://paulm.com/toys/surrealism/