Acronyms
SMTP Simple Mail Transport Protocol
MTA Mail Transport Agent
MDA Mail Delivery Agent
MSA Mail Submission Agent
SASL Simple Authentication Security Layer
GSSAPI Generic Security Services Application Program Interface
CRAM Challenge Response Authentication Mechanism
MDA Mail Delivery Agent
MSA Mail Submission Agent
SASL Simple Authentication Security Layer
GSSAPI Generic Security Services Application Program Interface
CRAM Challenge Response Authentication Mechanism
SCRAM Salted Challenge Response Authentication Mechanism
Introduction
What is it? SMTP AUTH is a mechanism which can be additionally enabled for authentication between various elements of an email system consisting of MTA, MDA, and MUA. MTA and MDA would have SMTP and MUA would be an end point agent called Mail client. SMTP AUTH includes authentication between SMTP-to-SMTP or SMTP- to-Mail client. It is provided by “SMTP service extension” (ESMTP). ESMTP can work with or without TLS (STARTTLS) and is only concerned with authentication. If the whole channel is to be made confidential then TLS should be used
ELHO keyword (in place of HELO) initiates the SMTP AUTH. The mechanism is started by ‘EHLO’ command and subsequent ‘AUTH’ keyword command with options initiates a SASL authentication mechanism. SASL is a generic abstraction layer and not application dependent and hence provides separate authentication layer for applications (SASL aware applications). RFC 4954 spells out the SMTP AUTH standard.
Advantages
a. Authentication between Mail servers and other elements in the email distribution chain.
b. Provides mobile users who switch hosts the ability to use the same MTA without the need to reconfigure their mail client's settings each time.
c. User based external email access rather than IP based.
Mechanisms for SMTP AUTH
Commonly used SASL mechanisms with ESMTP are:
- PLAIN : A single string from client to server is sent which is a Base64 representation of the credentials. RFC 4954 use of TLS for using this machanism.
- LOGIN : Again uses Base64 encoding however, credentials are exchanged in a set of client - server dialog.
- GSSAPI : For use with mechanisms like kerberos.
- CRAM-MD5 : Better than PLAIN and LOGIN mechanisms. Plaintext attacks possible and does not authenticate the server(refer RFC 4954). Also requires that password be stored in plain text in many implementations.
- DIGEST-MD5 : MOre secure than CRAM-MD5 as it uses nounce. This mechanism also requires that password be stored in plain text in many implementations.
- SCRAM family (SCRAM-SHA-1 was a replacement for DIGEST-MD5).
- EXTERNAL : for external authentication.
Other registered mechanisms are listed at http://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml
Extract of example from RFC4954 where S -> Server Message and C-> client message
“4.1. Examples
Here is an example of a client attempting AUTH using the [PLAIN] SASL
mechanism under a TLS layer, and making use of the initial client
response:
S: 220-smtp.example.com ESMTP Server
C: EHLO client.example.com
S: 250-smtp.example.com Hello client.example.com
S: 250-AUTH GSSAPI DIGEST-MD5
S: 250-ENHANCEDSTATUSCODES
S: 250 STARTTLS
C: STARTTLS
S: 220 Ready to start TLS
... TLS negotiation proceeds, further commands
protected by TLS layer ...
C: EHLO client.example.com
S: 250-smtp.example.com Hello client.example.com
S: 250 AUTH GSSAPI DIGEST-MD5 PLAIN
C: AUTH PLAIN dGVzdAB0ZXN0ADEyMzQ=
S: 235 2.7.0 Authentication successful “
TCP 587 is generally used by MSA and generally indicates SMTP AUTH usage. SMTP AUTH can also be used on tcp port 25. MTA to MTA would generally use tcp port 25. If SMTPS is being used then port 465(not approved by IANA) may be used indicating use of TLS. Therefore SMTP AUTH may impact the perimeter or network security devices and may require a redrafting of access rules. Corresponding configuration would also be required on mail clients.
Recommendations
CRAM-MD5 is listed as Limited and Digest-MD5 is listed as obsolete by IANA (http://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml ).
Both CRAM-MD5 and DIGEST-MD5 require weak hashes or unsalted passwords to be stored for carrying out the authentication. Also MD5 has been proven to have certain vulnerabilities. Considering these facts, SCRAM-SHA-1 or SCRAM-SHA-1-PLUS or better as listed in the IANA site should be considered if the Servers support. ‘PLUS’ refers to additional feature of channel-binding which prevents MiTM attacks.
References:
RFCs and IANA
Simple Authentication and Security Layer (SASL)
SMTP Service Extension for Authentication. This document obsoletes RFC 2554.
ESMTP and LMTP Transmission Types Registration
SMTP Service Extension for Secure SMTP over Transport Layer Security.
SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication and Security Layer (SASL) Mechanisms
(SCRAM-SHA-1and SCRAM-SHA-1-PLUS)Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms
Others
Other email authentication mechanisms apart from SMTP AUTH