SMTP, Secure Password Authentication (SPA)

0 votes
asked Mar 31, 2015 by Sven Andersen (120 points)

How do I send mail with Rebex SMTP using Secure Password Authentication (SPA).
I cannot find any solution in documentation, forum or Internet in general.

Applies to: Rebex Secure Mail

1 Answer

0 votes
answered Mar 31, 2015 by Lukas Pokorny (86,990 points)

"Secure Password Authentication" is a term that was used by Microsoft to refer to NTLM authentication supported by Microsoft's e-mail clients and servers. Later, it covered GSSAPI and Kerberos authentication as well.

Although the term is no longer used very much nowadays, it remains in Microsoft Outlook's "Require logon using Secure Password Authentication (SPA)" checkbox that forced the client to use NTLM, GSSAPI/NTLM, GSSAPI/Kerberos or GSSAPI/Negotiate authentication methods.

All of these authentication methods are supported by Rebex Secure Mail (for SMTP, IMAP and POP3) and it's quite simple to reproduce the behavior of Outlook's "Require logon using SPA" checkbox:

var methods = client.GetSupportedAuthenticationMethods();
if (Array.IndexOf(methods, SmtpAuthentication.GssApi) >= 0)
    client.Login(userName, password, SmtpAuthentication.GssApi);
else if (Array.IndexOf(methods, SmtpAuthentication.Ntlm) >= 0)
    client.Login(userName, password, SmtpAuthentication.Ntlm);
else
    throw new MyException("SPA authentication not available.");

However, since TLS/SSL is now commonplace, a better approach might be to simply have a "Requre secure login" checkbox or setting instead that uses NTLM or GSSAPI on non-secure connections, but allows other authentication methods as well on secure connections:

var methods = client.GetSupportedAuthenticationMethods();
if (Array.IndexOf(methods, SmtpAuthentication.GssApi) >= 0)
    client.Login(userName, password, SmtpAuthentication.GssApi);
else if (Array.IndexOf(methods, SmtpAuthentication.Ntlm) >= 0)
    client.Login(userName, password, SmtpAuthentication.Ntlm);
else if (client.IsSecured)
    client.Login(userName, password, SmtpAuthentication.Auto);
else
    throw new MyException("Secure authentication not available.");
...