CODEWITHSUNDEEP
imap
Secret
Secret

Reputation: 2647

How to connect IMAP using AUTHENTICATE PLAIN correctly?

I'm using OpenSSL to connect to mail server.

POP3 works fine but I have problems with IMAP. Based on CAPABILITY command server supports PLAIN, NTLM and GSS-API authentication methods.

I want to use PLAIN because it's easier than others. I have read it's needed to use <NUL> for it.

I have run the next variations, but no success:

? login user pass
? login <nul>user<nul>pass
? <nul>login <nul>user<nul>pass

What am I doing wrong?

Upvotes: 5

Views: 37892

Answers (3)

lid
lid

Reputation: 803

None of the previous answers actually said how to use PLAIN authentication, so I did some more digging. It turns out that authentication information is expected in base64. It's probably easiest to explain by example. Assume a username of "bob" and a password of "munchkin".

We'll first need to encode in base64. On a Linux-ish system, it goes likes this:

echo -en "\0bob\0munchkin" | base64

This incorporates the null characters as required, and also does the base64 encoding. We get this string out: AGJvYgBtdW5jaGtpbg==.

Now, we can do the actual authentication (S = Server, C = Client):

S: * OK The Microsoft Exchange IMAP4 service is ready.
C: D0 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=NTLM AUTH=GSSAPI AUTH=PLAIN CHILDREN IDLE NAMESPACE LITERAL+
S: D0 OK CAPABILITY completed.
C: D1 AUTHENTICATE PLAIN
S: +
C: AGJvYgBtdW5jaGtpbg==
S: D1 OK AUTHENTICATE completed

And you're done!

Upvotes: 40

user1131997
user1131997

Reputation:

? login [email protected] mypassword\r\n

often servers don't require " @box.zone " part, you can just type login

Upvotes: -6

Ivar
Ivar

Reputation: 39

May be this will help

/* RFC 4616.2. PLAIN SASL Mechanism.                
The mechanism consists of a single message, a string of [UTF-8]
encoded [Unicode] characters, from the client to the server.  The
client presents the authorization identity (identity to act as),
followed by a NUL (U+0000) character, followed by the authentication
identity (identity whose password will be used), followed by a NUL
(U+0000) character, followed by the clear-text password.  As with
other SASL mechanisms, the client does not provide an authorization
identity when it wishes the server to derive an identity from the
credentials and use that as the authorization identity.

message = [authzid] UTF8NUL authcid UTF8NUL passwd

Example:
C: a002 AUTHENTICATE "PLAIN"
S: + ""
C: {21}
C: <NUL>tim<NUL>tanstaaftanstaaf
S: a002 OK "Authenticated"
*/


IMAP not easy to code, literal string and xxx response formats ... .
It's easier to use some free IMAP client.

Upvotes: 3

Related Questions