I have an application written in .NET framework that sends emails using our STMP server.
I was researching another emailing issue which caused me to look at the SMTP logs.
Here is a sample SMPT log entry...
00:10:35 [64.77.200.185][43483994] rsp: 220 mail.MUNGEDSERVERNAME.org
00:10:35 [64.77.200.185][43483994] connected at 9/7/2011 12:10:35 AM
00:10:35 [64.77.200.185][43483994] cmd: EHLO Prospector
00:10:35 [64.77.200.185][43483994] rsp: 250-mail.MUNGEDSERVERNAME.org Hello [zz.zz.zzz.zzz] 250-SIZE 31457280 250-AUTH LOGIN CRAM-MD5 250 OK
00:10:36 [64.77.200.185][43483994] cmd: AUTH login <removed>
00:10:36 [64.77.200.185][43483994] rsp: 334 UGFzc3dvcmQ6
00:10:36 [64.77.200.185][43483994] rsp: 535 Authentication failed
00:10:36 [64.77.200.185][43483994] cmd: MAIL FROM:<EMAIL@MYEMAIL.com>
00:10:36 [64.77.200.185][43483994] rsp: 250 OK <EMAIL@MYEMAIL.com> Sender ok
00:10:36 [64.77.200.185][43483994] cmd: RCPT TO:<ANOTHEREMAIL@gmail.com>
00:10:36 [64.77.200.185][43483994] rsp: 250 OK <ANOTHEREMAIL@gmail.com> Recipient ok
00:10:36 [64.77.200.185][43483994] cmd: DATA
00:10:36 [64.77.200.185][43483994] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
00:10:37 [64.77.200.185][43483994] rsp: 250 OK
00:10:37 [64.77.200.185][43483994] Data transfer succeeded, writing mail to 45415707.eml
00:11:48 [64.77.200.185][43483994] disconnected at 9/7/2011 12:11:48 AM
My question is how come that the SEND succeeds even though the AUTH login cmd is returning rsp 535 Authentication failed.
By the way, this pattern (AUTH fails...send succeeds) is every logged attempt not just this one. Should this bother me? Does this indicate an insecure setup of our SMTP server?
Thanks.