Authentication mechanisms

Sparrow supports SMTP-AUTH and APOP mechanism.

SMTP-AUTH

The authentication only once as long as the session continues is effective. The session continues between TCP connected and TCP closed.

Explains SMTP-AUTH with sample user as follows.

user: testuser
pass: TestUser00
domain: localhost

Sparrow doesn't correspond to RCPT-AUTH though this specification refers to RFC2554.

CRAM-MD5

01 C:AUTH CRAM-MD5
02 S:334 PDI3NDguMjE3MzY1OTI1QGxvY2FsaG9zdD4==
03 C:dGVzdHVzZXIgMTliNThlM2JhMTQwY2I5NDI1Mjg5NjQ3YjFkYThhZjc=
04 S:235 Authentication successful

Decoded strings

01 C:AUTH CRAM-MD5
02 S:334 <2748.217365925@localhost>
03 C:testuser 19b58e3ba140cb9425289647b1da8af7
04 S:235 Authentication successful

PLAIN

01 C:AUTH PLAIN AHRlc3R1c2VyAFRlc3RVc2VyMDA=
02 S:235 Authentication successful

Decoded strings

01 C:AUTH PLAIN <\0>TestUser<\0>TestUser00
02 S:235 Authentication successful

Though the client should transmit <authorize-id>, <authenticate-id>, and <password> if original, but the Sparrow doesn't use <authorize-id>.

The format is following according to RFC2595.
<authorize-id><\0><authenticate-id><\0><password>

It doesn't come recommended.

LOGIN

01 C:AUTH LOGIN
02 S:334 VXNlcm5hbWU6
03 C:dGVzdHVzZXI=
04 S:334 UGFzc3dvcmQ6
05 C:VGVzdFVzZXIwMA==
06 S:235 Authentication successful

Decoded strings

01 C:AUTH LOGIN
02 S:334 Username:
03 C:testuser
04 S:334 Password:
05 C:TestUser00
06 S:235 Authentication successful

This authentic method is necessary to make it correspond to Outlook Express. However, it doesn't come recommended.

APOP

01 S:+OK <3284.223037520@localhost>
02 C:APOP testuser fce30c559101f86a4376f46b93ba2c3e
03 S:+OK testuser logged in(127.0.0.1).

More detail, see RFC1939.