Auth: CRAM-MD5

[Jonny007-MKD]

Hi,

as far as I understood your code you implement the smtp.Auth interface which is then used by the smtp package when calling c.Auth().

In auth.go you implement LOGIN and PLAIN mechanisms. Have you ever thought about implementing CRAM-MD5?

You would have to return CRAM-MD5 in Auth.Send, listen for the base64 encoded challenge in Auth.Next, decode it and return (base64 encoded) the username and a MD5 response à la

digest = MD5(('password' XOR opad), MD5(('password' XOR ipad), challenge)).

Details can be found in this Tutorial and RFC 2195.

[alexcesaro]

CRAM-MD5 is already implemented in the standard library.

I added an example to make it clear how to use it with Gomail.

[Jonny007-MKD]

Thank you, that's quite easy :)
What about auto detection of Auth? Like using CRAM-MD5 if supported by the server and falling back to LOGIN/PLAIN if not? Can I do this without connecting to the SMTP server on my own?

[alexcesaro]

I just added the automatic support of CRAM-MD5.

You should now be able to remove the Send method in Gogs. The only setting that is not supported in Gomail is the DisableHelo setting of Gogs. But it seems useless since the functions of the smtp package automatically call Client.hello().

[Jonny007-MKD]

Great, thanks! :)

I found some code (in smtp.go?) that says something like

if hostname != "" {
    c.Hello(hostname)
}

Is this redundant in gomail if the smtp package calls it?

[alexcesaro]

The smtp package calls the Hello with localhost as a parameter. If you want to call Hello with an other parameter you have to call it manually. That is why it is called in Gomail when LocalName is not empty.