Skip to content

TASk-3786: outbound_smtp_auth supporting XOAUTH2 #792

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

TASk-3786: outbound_smtp_auth supporting XOAUTH2 #792

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
0bb72d1
outbound_smtp_auth supporting XOAUTH2
juliebin May 20, 2025
57bcc46
minor format update
juliebin May 20, 2025
380899f
minor update on hook usage
juliebin May 20, 2025
cd59139
to be deprecated outbound-smtp-auth_v0
juliebin May 21, 2025
f9de702
nit
juliebin May 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions content/momentum/4/modules/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
lastUpdated: "03/01/2025"
lastUpdated: "05/30/2025"
title: "Category File"
type: "custom"
name: "Modules Reference"
Expand Down Expand Up @@ -63,7 +63,7 @@ description: "Table of Contents 71 1 Introduction 71 2 ac auth Authentication Ha
| [openarc](/momentum/4/modules/openarc) | Open Source ARC |
| [opendkim](/momentum/4/modules/opendkim) | Open Source DKIM |
| [outbound_audit](/momentum/4/modules/outbound-audit) | Outbound traffic analytics |
| [outbound_smtp_auth(modules.outbound_smtp_auth.php) |
| [outbound_smtp_auth](/momentum/4/modules/outbound-smtp-auth) | Outbound authentication |
| [persist_io](/momentum/4/modules/persistio) | Persistent IO Wrapper |
| [pipe_io](/momentum/4/modules/pipeio) | Pipe IO Wrapper |
| [pipe_transport](/momentum/4/modules/pipe-transport) | Module |
Expand Down
72 changes: 43 additions & 29 deletions content/momentum/4/modules/outbound-smtp-auth.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,84 +1,94 @@
---
lastUpdated: "03/26/2020"
lastUpdated: "05/30/2025"
title: "outbound_smtp_auth"
description: "This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail It currently supports the AUTH LOGIN and AUTH PLAIN methods of authentication You can specify the parameters in configuration or in lua..."
description: "This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail It currently supports the AUTH LOGIN, AUTH PLAIN and AUTH XOAUTH2 methods of authentication You can specify the parameters in configuration or in lua..."
---

<a name="idp22419360"></a>
<a name="modules.outbound_smtp_auth"></a>

This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail. It currently supports the 'AUTH LOGIN' and 'AUTH PLAIN' methods of authentication. You can specify the parameters in configuration or in lua, or use a combination of both.
This module enables users to specify authentication parameters for a given set of messages so that
Momentum will authenticate against the peer server when it sends outbound mail. It currently
supports the `AUTH LOGIN`, `AUTH PLAIN` and `AUTH XOAUTH2` methods of authentication.
You can specify the parameters in configuration or in lua, or use a combination of both.

### Note

This module makes heavy use of message contexts to facilitate authentication. If it is enabled, you risk having extra I/O unless `keep_message_dicts_in_memory` is on.

**Configuration Change. ** This feature is available in Momentum 4.2 and later.
**Configuration Change** This module is refactored in Momentum 5.1, but this feature is available in
Momentum 4.2 and later. `AUTH XOAUTH2` support is added in 5.1.

### <a name="modules.outbound_smtp_auth.configuration"></a> Configuration

Configuration variables are listed below. These values can all be changed and overridden by setting context variables with the same name as the options in lua. All variables are valid in the binding group, binding, domain, and global scopes.
Configuration variables are listed below. These values can all be changed and overridden by setting
message context variables with the same name as the options in lua.
All variables are valid in the binding group, binding, domain, and global scopes.

<dl class="variablelist">

<dt>outbound_smtp_auth_key</dt>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this parameter does not apply to the new outbound_smtp_auth module, then a notice should be given to the reader about removing it from an existing configuration (i.e. valid for the old module), like this one:

Domain "messagesystems.com" {
  (...)
  Outbound_SMTP_AUTH_Key = "somestring"
}


<dd>

A unique key that can be used in lua to look up authorization details in a database. It enables you to easily trigger custom behavior based on a configuration scope. The default value is `false`.

</dd>

<dt>outbound_smtp_auth_pass</dt>

<dd>

The password that will be passed to the remote server. The default value is `false`.
The password or auth token (e.g. for `AUTH XOAUTH2`) that will be passed to the remote server.
It has no default value.

### Note

Setting the password in configuration will leave it as plaintext. To set the password more securely, dynamically retrieve it from a data store in lua and set it in the context variable that corresponds to this option.
Setting the password in configuration will leave it as plaintext.
To set the password more securely, it's recommended to dynamically retrieve it from a data store
in lua and set it in the context variable that corresponds to this option.

</dd>

<dt>outbound_smtp_auth_type</dt>

<dd>

Determines what authentication protocol should be used. The only supported values are 'PLAIN' and 'LOGIN'. The default value is `false`.
Determines what authentication protocol should be used. The only supported values are `PLAIN`,
`LOGIN` and `XOAUTH2`. It has no default value.

</dd>

<dt>outbound_smtp_auth_user</dt>

<dd>

The username that will be passed to the remote server. The default value is `false`.
The username that will be passed to the remote server. It has no default value.

</dd>

</dl>

### <a name="modules.outbound_smtp_auth.usage"></a> Usage

A hook `outbound_smtp_auth_config(msg)` is added by this module to allow per message auth settings.
The settings in `ec_message` context will override the configuration values.
This hook is called in delivery/scheduler thread before sending SMTP `AUTH` command.
Please avoid blocking or lengthy operations when implementing this hook.

Basic examples of usage are provided below.

The following example shows how you can extend the new hook and set the username and password in lua.
The following example shows how you can extend the new hook and set the username and password in lua
for each message.

<a name="modules.outbound_smtp_auth.example.set_username_pw"></a>
<a name="modules.outbound_smtp_auth.example.set_username_pw"></a>


```
function mod:outbound_smtp_auth_config(msg, ac, vctx)
print('NOTICE: outbound_smtp_auth_config Lua hook called');
print('NOTICE: msg:['.. tostring(msg) ..']')
msg:context_set(VCTX_MESS, 'outbound_smtp_auth_user', 'foo')
msg:context_set(VCTX_MESS, 'outbound_smtp_auth_pass', 'bar')
function mod:outbound_smtp_auth_config(msg)
--print('NOTICE: outbound_smtp_auth_config Lua hook called');
msg:context_set(VCTX_MESS, 'outbound_smtp_auth_type', 'XOAUTH2')
-- credential taken from example here:
-- https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth
msg:context_set(VCTX_MESS, 'outbound_smtp_auth_user', '[email protected]')
msg:context_set(VCTX_MESS, 'outbound_smtp_auth_pass', 'EwBAAl3BAAUFFpUAo7J3Ve0bjLBWZWCclRC3EoAA')
end
```

The following example shows how to use the new configuration variables to set distinct authorization parameters for two different domains.

<a name="modules.outbound_smtp_auth.example.set_auth_parms"></a>
<a name="modules.outbound_smtp_auth.example.set_auth_parms"></a>


```
Expand All @@ -90,13 +100,17 @@ Domain "messagesystems.com" {
Outbound_SMTP_AUTH_Type = "LOGIN"
Outbound_SMTP_AUTH_User = "msys"
Outbound_SMTP_AUTH_Pass = "msys"
Outbound_SMTP_AUTH_Key = "somestring"
}

Domain "sparkpost.com" {
Outbound_SMTP_AUTH_Type = "PLAIN"
Outbound_SMTP_AUTH_user = "sparkpost"
Outbound_SMTP_AUTH_pass = "sparkpost"
Outbound_SMTP_AUTH_Key = "someotherstring"
}
```

Domain "bird.com" {
Outbound_SMTP_AUTH_Type = "XOAUTH2"
Outbound_SMTP_AUTH_user = "[email protected]"
Outbound_SMTP_AUTH_pass = "EwBAAl3BAAUFFpUAo7J3Ve0bjLBWZWCclRC3EoAA"
}
```
105 changes: 105 additions & 0 deletions content/momentum/4/modules/outbound-smtp-auth_v0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
---
lastUpdated: "03/26/2020"
title: "outbound_smtp_auth_v0"
description: "This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail It currently supports the AUTH LOGIN and AUTH PLAIN methods of authentication You can specify the parameters in configuration or in lua..."
---

<a name="idp22419360"></a>

** This module is deprecated and replaced by the new
[outbound_smtp_auth](/momentum/4/modules/outbound-smtp-auth) module since 5.1. **

This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail. It currently supports the 'AUTH LOGIN' and 'AUTH PLAIN' methods of authentication. You can specify the parameters in configuration or in lua, or use a combination of both.

### Note

This module makes heavy use of message contexts to facilitate authentication. If it is enabled, you risk having extra I/O unless `keep_message_dicts_in_memory` is on.

**Configuration Change. ** This feature is available in Momentum 4.2 and later.

### <a name="modules.outbound_smtp_auth_v0.configuration"></a> Configuration

Configuration variables are listed below. These values can all be changed and overridden by setting context variables with the same name as the options in lua. All variables are valid in the binding group, binding, domain, and global scopes.

<dl class="variablelist">

<dt>outbound_smtp_auth_key</dt>

<dd>

A unique key that can be used in lua to look up authorization details in a database. It enables you to easily trigger custom behavior based on a configuration scope. The default value is `false`.

</dd>

<dt>outbound_smtp_auth_pass</dt>

<dd>

The password that will be passed to the remote server. The default value is `false`.

### Note

Setting the password in configuration will leave it as plaintext. To set the password more securely, dynamically retrieve it from a data store in lua and set it in the context variable that corresponds to this option.

</dd>

<dt>outbound_smtp_auth_type</dt>

<dd>

Determines what authentication protocol should be used. The only supported values are 'PLAIN' and 'LOGIN'. The default value is `false`.

</dd>

<dt>outbound_smtp_auth_user</dt>

<dd>

The username that will be passed to the remote server. The default value is `false`.

</dd>

</dl>

### <a name="modules.outbound_smtp_auth_v0.usage"></a> Usage

Basic examples of usage are provided below.

The following example shows how you can extend the new hook and set the username and password in lua.

<a name="modules.outbound_smtp_auth_v0.example.set_username_pw"></a>


```
function mod:outbound_smtp_auth_v0_config(msg, ac, vctx)
print('NOTICE: outbound_smtp_auth_v0_config Lua hook called');
print('NOTICE: msg:['.. tostring(msg) ..']')
msg:context_set(VCTX_MESS, 'outbound_smtp_auth_user', 'foo')
msg:context_set(VCTX_MESS, 'outbound_smtp_auth_pass', 'bar')
end
```

The following example shows how to use the new configuration variables to set distinct authorization parameters for two different domains.

<a name="modules.outbound_smtp_auth_v0.example.set_auth_parms"></a>


```
outbound_smtp_auth_v0 { }

Keep_Message_Dicts_In_Memory = true

Domain "messagesystems.com" {
Outbound_SMTP_AUTH_Type = "LOGIN"
Outbound_SMTP_AUTH_User = "msys"
Outbound_SMTP_AUTH_Pass = "msys"
Outbound_SMTP_AUTH_Key = "somestring"
}

Domain "sparkpost.com" {
Outbound_SMTP_AUTH_Type = "PLAIN"
Outbound_SMTP_AUTH_user = "sparkpost"
Outbound_SMTP_AUTH_pass = "sparkpost"
Outbound_SMTP_AUTH_Key = "someotherstring"
}
```
Loading