From 0bb72d1567c6004c7bd103bebf24a521474c979c Mon Sep 17 00:00:00 2001 From: Julie Zhao Date: Tue, 20 May 2025 11:52:05 -0400 Subject: [PATCH 1/5] outbound_smtp_auth supporting XOAUTH2 --- .../momentum/4/modules/outbound-smtp-auth.md | 58 ++++++++++--------- 1 file changed, 32 insertions(+), 26 deletions(-) diff --git a/content/momentum/4/modules/outbound-smtp-auth.md b/content/momentum/4/modules/outbound-smtp-auth.md index 3af2c8ba9..053876f6d 100644 --- a/content/momentum/4/modules/outbound-smtp-auth.md +++ b/content/momentum/4/modules/outbound-smtp-auth.md @@ -1,42 +1,41 @@ --- lastUpdated: "03/26/2020" title: "outbound_smtp_auth" -description: "This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail It currently supports the AUTH LOGIN and AUTH PLAIN methods of authentication You can specify the parameters in configuration or in lua..." +description: "This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail It currently supports the AUTH LOGIN, AUTH PLAIN and AUTH XOAUTH2 methods of authentication You can specify the parameters in configuration or in lua..." --- - + -This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail. It currently supports the 'AUTH LOGIN' and 'AUTH PLAIN' methods of authentication. You can specify the parameters in configuration or in lua, or use a combination of both. +This module enables users to specify authentication parameters for a given set of messages so that +Momentum will authenticate against the peer server when it sends outbound mail. It currently +supports the `AUTH LOGIN`, `AUTH PLAIN` and `AUTH XOAUTH2` methods of authentication. + You can specify the parameters in configuration or in lua, or use a combination of both. ### Note This module makes heavy use of message contexts to facilitate authentication. If it is enabled, you risk having extra I/O unless `keep_message_dicts_in_memory` is on. -**Configuration Change. ** This feature is available in Momentum 4.2 and later. +** Configuration Change ** This module is refactored in Momentum 5.1, but this feature is available in Momentum 4.2 and later. ### Configuration -Configuration variables are listed below. These values can all be changed and overridden by setting context variables with the same name as the options in lua. All variables are valid in the binding group, binding, domain, and global scopes. +Configuration variables are listed below. These values can all be changed and overridden by setting + message context variables with the same name as the options in lua. + All variables are valid in the binding group, binding, domain, and global scopes.
-
outbound_smtp_auth_key
- -
- -A unique key that can be used in lua to look up authorization details in a database. It enables you to easily trigger custom behavior based on a configuration scope. The default value is `false`. - -
-
outbound_smtp_auth_pass
-The password that will be passed to the remote server. The default value is `false`. +The password or auth token (e.g. for `AUTH XOAUTH2`)that will be passed to the remote server. The default value is not set. ### Note -Setting the password in configuration will leave it as plaintext. To set the password more securely, dynamically retrieve it from a data store in lua and set it in the context variable that corresponds to this option. +Setting the password in configuration will leave it as plaintext. + To set the password more securely, dynamically retrieve it from a data store in lua and + set it in the context variable that corresponds to this option.
@@ -44,7 +43,8 @@ Setting the password in configuration will leave it as plaintext. To set the pas
-Determines what authentication protocol should be used. The only supported values are 'PLAIN' and 'LOGIN'. The default value is `false`. +Determines what authentication protocol should be used. The only supported values are 'PLAIN', + 'LOGIN' and 'XOAUTH2'. The default value is not set.
@@ -52,7 +52,7 @@ Determines what authentication protocol should be used. The only supported value
-The username that will be passed to the remote server. The default value is `false`. +The username that will be passed to the remote server. The default value is not set.
@@ -64,21 +64,23 @@ Basic examples of usage are provided below. The following example shows how you can extend the new hook and set the username and password in lua. - + ``` function mod:outbound_smtp_auth_config(msg, ac, vctx) - print('NOTICE: outbound_smtp_auth_config Lua hook called'); - print('NOTICE: msg:['.. tostring(msg) ..']') - msg:context_set(VCTX_MESS, 'outbound_smtp_auth_user', 'foo') - msg:context_set(VCTX_MESS, 'outbound_smtp_auth_pass', 'bar') + --print('NOTICE: outbound_smtp_auth_config Lua hook called'); + msg:context_set(VCTX_MESS, 'outbound_smtp_auth_type', 'XOAUTH2') + -- credential taken from example here: + -- https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth + msg:context_set(VCTX_MESS, 'outbound_smtp_auth_user', 'test@contoso.onmicrosoft.com') + msg:context_set(VCTX_MESS, 'outbound_smtp_auth_pass', 'EwBAAl3BAAUFFpUAo7J3Ve0bjLBWZWCclRC3EoAA') end ``` The following example shows how to use the new configuration variables to set distinct authorization parameters for two different domains. - + ``` @@ -90,13 +92,17 @@ Domain "messagesystems.com" { Outbound_SMTP_AUTH_Type = "LOGIN" Outbound_SMTP_AUTH_User = "msys" Outbound_SMTP_AUTH_Pass = "msys" - Outbound_SMTP_AUTH_Key = "somestring" } Domain "sparkpost.com" { Outbound_SMTP_AUTH_Type = "PLAIN" Outbound_SMTP_AUTH_user = "sparkpost" Outbound_SMTP_AUTH_pass = "sparkpost" - Outbound_SMTP_AUTH_Key = "someotherstring" } -``` \ No newline at end of file + +Domain "bird.com" { + Outbound_SMTP_AUTH_Type = "XOAUTH2" + Outbound_SMTP_AUTH_user = "test@contoso.onmicrosoft.com" + Outbound_SMTP_AUTH_pass = "EwBAAl3BAAUFFpUAo7J3Ve0bjLBWZWCclRC3EoAA" +} +``` From 57bcc46279e76c4f8c623c4a92e99e0ac0c831c1 Mon Sep 17 00:00:00 2001 From: Julie Zhao Date: Tue, 20 May 2025 13:24:34 -0400 Subject: [PATCH 2/5] minor format update --- content/momentum/4/modules/index.md | 4 ++-- .../momentum/4/modules/outbound-smtp-auth.md | 17 +++++++++-------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/content/momentum/4/modules/index.md b/content/momentum/4/modules/index.md index 7514c8398..e9a6bad73 100644 --- a/content/momentum/4/modules/index.md +++ b/content/momentum/4/modules/index.md @@ -1,5 +1,5 @@ --- -lastUpdated: "03/01/2025" +lastUpdated: "05/30/2025" title: "Category File" type: "custom" name: "Modules Reference" @@ -63,7 +63,7 @@ description: "Table of Contents 71 1 Introduction 71 2 ac auth Authentication Ha | [openarc](/momentum/4/modules/openarc) | Open Source ARC | | [opendkim](/momentum/4/modules/opendkim) | Open Source DKIM | | [outbound_audit](/momentum/4/modules/outbound-audit) | Outbound traffic analytics | -| [outbound_smtp_auth(modules.outbound_smtp_auth.php) | +| [outbound_smtp_auth](/momentum/4/modules/outbound-smtp-auth) | Outbound authentication | | [persist_io](/momentum/4/modules/persistio) | Persistent IO Wrapper | | [pipe_io](/momentum/4/modules/pipeio) | Pipe IO Wrapper | | [pipe_transport](/momentum/4/modules/pipe-transport) | Module | diff --git a/content/momentum/4/modules/outbound-smtp-auth.md b/content/momentum/4/modules/outbound-smtp-auth.md index 053876f6d..5984418d7 100644 --- a/content/momentum/4/modules/outbound-smtp-auth.md +++ b/content/momentum/4/modules/outbound-smtp-auth.md @@ -1,5 +1,5 @@ --- -lastUpdated: "03/26/2020" +lastUpdated: "05/30/2025" title: "outbound_smtp_auth" description: "This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail It currently supports the AUTH LOGIN, AUTH PLAIN and AUTH XOAUTH2 methods of authentication You can specify the parameters in configuration or in lua..." --- @@ -15,7 +15,7 @@ supports the `AUTH LOGIN`, `AUTH PLAIN` and `AUTH XOAUTH2` methods of authentica This module makes heavy use of message contexts to facilitate authentication. If it is enabled, you risk having extra I/O unless `keep_message_dicts_in_memory` is on. -** Configuration Change ** This module is refactored in Momentum 5.1, but this feature is available in Momentum 4.2 and later. +**Configuration Change** This module is refactored in Momentum 5.1, but this feature is available in Momentum 4.2 and later. ### Configuration @@ -29,13 +29,13 @@ Configuration variables are listed below. These values can all be changed and ov
-The password or auth token (e.g. for `AUTH XOAUTH2`)that will be passed to the remote server. The default value is not set. +The password or auth token (e.g. for `AUTH XOAUTH2`) that will be passed to the remote server. The default value is not set. ### Note Setting the password in configuration will leave it as plaintext. - To set the password more securely, dynamically retrieve it from a data store in lua and - set it in the context variable that corresponds to this option. + To set the password more securely, it's recommended to dynamically retrieve it from a data store + in lua and set it in the context variable that corresponds to this option.
@@ -43,8 +43,8 @@ Setting the password in configuration will leave it as plaintext.
-Determines what authentication protocol should be used. The only supported values are 'PLAIN', - 'LOGIN' and 'XOAUTH2'. The default value is not set. +Determines what authentication protocol should be used. The only supported values are `PLAIN`, + `LOGIN` and `XOAUTH2`. The default value is not set.
@@ -62,7 +62,8 @@ The username that will be passed to the remote server. The default value is not Basic examples of usage are provided below. -The following example shows how you can extend the new hook and set the username and password in lua. +The following example shows how you can extend the new hook and set the username and password in lua + for each message. From 380899f8553702967c7eeff55c84958d14de53e9 Mon Sep 17 00:00:00 2001 From: Julie Zhao Date: Tue, 20 May 2025 14:05:47 -0400 Subject: [PATCH 3/5] minor update on hook usage --- content/momentum/4/modules/outbound-smtp-auth.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/content/momentum/4/modules/outbound-smtp-auth.md b/content/momentum/4/modules/outbound-smtp-auth.md index 5984418d7..88433ef55 100644 --- a/content/momentum/4/modules/outbound-smtp-auth.md +++ b/content/momentum/4/modules/outbound-smtp-auth.md @@ -60,6 +60,11 @@ The username that will be passed to the remote server. The default value is not ### Usage +A hook `outbound_smtp_auth_config(msg)` is added by this module to allow per message auth settings. + The settings in `ec_message` context will override the configuration values. + This hook is called in delivery/scheduler thread before sending SMTP `AUTH` command. + Please avoid blocking or lengthy operations when implementing this hook. + Basic examples of usage are provided below. The following example shows how you can extend the new hook and set the username and password in lua @@ -69,7 +74,7 @@ The following example shows how you can extend the new hook and set the username ``` -function mod:outbound_smtp_auth_config(msg, ac, vctx) +function mod:outbound_smtp_auth_config(msg) --print('NOTICE: outbound_smtp_auth_config Lua hook called'); msg:context_set(VCTX_MESS, 'outbound_smtp_auth_type', 'XOAUTH2') -- credential taken from example here: From cd59139bf917cddebedac2f7ea64be7f67a4d4c8 Mon Sep 17 00:00:00 2001 From: Julie Zhao Date: Wed, 21 May 2025 08:52:29 -0400 Subject: [PATCH 4/5] to be deprecated outbound-smtp-auth_v0 --- .../4/modules/outbound-smtp-auth_v0.md | 104 ++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 content/momentum/4/modules/outbound-smtp-auth_v0.md diff --git a/content/momentum/4/modules/outbound-smtp-auth_v0.md b/content/momentum/4/modules/outbound-smtp-auth_v0.md new file mode 100644 index 000000000..7859a3dba --- /dev/null +++ b/content/momentum/4/modules/outbound-smtp-auth_v0.md @@ -0,0 +1,104 @@ +--- +lastUpdated: "03/26/2020" +title: "outbound_smtp_auth_v0" +description: "This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail It currently supports the AUTH LOGIN and AUTH PLAIN methods of authentication You can specify the parameters in configuration or in lua..." +--- + + + +** This module is deprecated and replaced by the `outbound_smtp_auth` module since 5.1. ** + +This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail. It currently supports the 'AUTH LOGIN' and 'AUTH PLAIN' methods of authentication. You can specify the parameters in configuration or in lua, or use a combination of both. + +### Note + +This module makes heavy use of message contexts to facilitate authentication. If it is enabled, you risk having extra I/O unless `keep_message_dicts_in_memory` is on. + +**Configuration Change. ** This feature is available in Momentum 4.2 and later. + +### Configuration + +Configuration variables are listed below. These values can all be changed and overridden by setting context variables with the same name as the options in lua. All variables are valid in the binding group, binding, domain, and global scopes. + +
+ +
outbound_smtp_auth_key
+ +
+ +A unique key that can be used in lua to look up authorization details in a database. It enables you to easily trigger custom behavior based on a configuration scope. The default value is `false`. + +
+ +
outbound_smtp_auth_pass
+ +
+ +The password that will be passed to the remote server. The default value is `false`. + +### Note + +Setting the password in configuration will leave it as plaintext. To set the password more securely, dynamically retrieve it from a data store in lua and set it in the context variable that corresponds to this option. + +
+ +
outbound_smtp_auth_type
+ +
+ +Determines what authentication protocol should be used. The only supported values are 'PLAIN' and 'LOGIN'. The default value is `false`. + +
+ +
outbound_smtp_auth_user
+ +
+ +The username that will be passed to the remote server. The default value is `false`. + +
+ +
+ +### Usage + +Basic examples of usage are provided below. + +The following example shows how you can extend the new hook and set the username and password in lua. + + + + +``` +function mod:outbound_smtp_auth_v0_config(msg, ac, vctx) + print('NOTICE: outbound_smtp_auth_v0_config Lua hook called'); + print('NOTICE: msg:['.. tostring(msg) ..']') + msg:context_set(VCTX_MESS, 'outbound_smtp_auth_user', 'foo') + msg:context_set(VCTX_MESS, 'outbound_smtp_auth_pass', 'bar') +end +``` + +The following example shows how to use the new configuration variables to set distinct authorization parameters for two different domains. + + + + +``` +outbound_smtp_auth_v0 { } + +Keep_Message_Dicts_In_Memory = true + +Domain "messagesystems.com" { + Outbound_SMTP_AUTH_Type = "LOGIN" + Outbound_SMTP_AUTH_User = "msys" + Outbound_SMTP_AUTH_Pass = "msys" + Outbound_SMTP_AUTH_Key = "somestring" +} + +Domain "sparkpost.com" { + Outbound_SMTP_AUTH_Type = "PLAIN" + Outbound_SMTP_AUTH_user = "sparkpost" + Outbound_SMTP_AUTH_pass = "sparkpost" + Outbound_SMTP_AUTH_Key = "someotherstring" +} +``` From f9de702058efe6f13c4b25202b984c5ceb11ac18 Mon Sep 17 00:00:00 2001 From: Julie Zhao Date: Thu, 22 May 2025 15:10:20 -0400 Subject: [PATCH 5/5] nit --- content/momentum/4/modules/outbound-smtp-auth.md | 10 ++++++---- content/momentum/4/modules/outbound-smtp-auth_v0.md | 3 ++- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/content/momentum/4/modules/outbound-smtp-auth.md b/content/momentum/4/modules/outbound-smtp-auth.md index 88433ef55..5e9cb9f32 100644 --- a/content/momentum/4/modules/outbound-smtp-auth.md +++ b/content/momentum/4/modules/outbound-smtp-auth.md @@ -15,7 +15,8 @@ supports the `AUTH LOGIN`, `AUTH PLAIN` and `AUTH XOAUTH2` methods of authentica This module makes heavy use of message contexts to facilitate authentication. If it is enabled, you risk having extra I/O unless `keep_message_dicts_in_memory` is on. -**Configuration Change** This module is refactored in Momentum 5.1, but this feature is available in Momentum 4.2 and later. +**Configuration Change** This module is refactored in Momentum 5.1, but this feature is available in + Momentum 4.2 and later. `AUTH XOAUTH2` support is added in 5.1. ### Configuration @@ -29,7 +30,8 @@ Configuration variables are listed below. These values can all be changed and ov
-The password or auth token (e.g. for `AUTH XOAUTH2`) that will be passed to the remote server. The default value is not set. +The password or auth token (e.g. for `AUTH XOAUTH2`) that will be passed to the remote server. + It has no default value. ### Note @@ -44,7 +46,7 @@ Setting the password in configuration will leave it as plaintext.
Determines what authentication protocol should be used. The only supported values are `PLAIN`, - `LOGIN` and `XOAUTH2`. The default value is not set. + `LOGIN` and `XOAUTH2`. It has no default value.
@@ -52,7 +54,7 @@ Determines what authentication protocol should be used. The only supported value
-The username that will be passed to the remote server. The default value is not set. +The username that will be passed to the remote server. It has no default value.
diff --git a/content/momentum/4/modules/outbound-smtp-auth_v0.md b/content/momentum/4/modules/outbound-smtp-auth_v0.md index 7859a3dba..f22db898e 100644 --- a/content/momentum/4/modules/outbound-smtp-auth_v0.md +++ b/content/momentum/4/modules/outbound-smtp-auth_v0.md @@ -6,7 +6,8 @@ description: "This module enables users to specify authentication parameters for -** This module is deprecated and replaced by the `outbound_smtp_auth` module since 5.1. ** +** This module is deprecated and replaced by the new +[outbound_smtp_auth](/momentum/4/modules/outbound-smtp-auth) module since 5.1. ** This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail. It currently supports the 'AUTH LOGIN' and 'AUTH PLAIN' methods of authentication. You can specify the parameters in configuration or in lua, or use a combination of both.