Julian Mehnle writes:
Sam Varshavchik wrote:Julian Mehnle writes: > Here, it is "AUTH: LOGIN [EMAIL PROTECTED], TLS: > TLSv1/SSLv3,128bits,RC4-MD5". But what's the general format? What > assumptions can I make when trying to parse the "AUTH" part?
There are a couple of other things that can appear there, but there's not much else.
"LOGIN" is the SASL authentication method used to authenticate. You could also see CRAM-MD5, and a few other things in there, if you enabled those.
TLS: indicates the STARTTLS. If you enabled SMTP over SSL on port 465 you'll see SSL: instead of TLS:.
The only other thing you can get in there is "IDENT: foo", if Courier received a response to the identd query on the source IP address.
IDENT: would appear before AUTH:, if both are present.
Thanks for the info so far. Also, am I right that the various items can be split on /,\s+/, and that this pattern and closing parentheses (")") won't appear in them? Or do I have to handle balanced quotes and brackets/parentheses?
I think that if you see the second physical line in the received header begin with whitespace, then a "(", and end with a ")", you can safely process everything inside.
Unless your mailbox names include commas you won't see commas in the AUTH: part. Theoretically, a remote ident query could come back with something that contains commas.
You'll probably need to be a bit smart in parsing this.
pgpG2UJuqyvNE.pgp
Description: PGP signature
