[HTCondor-devel] Updating condor_mail to support authenticated relays

[Miguel Garrido <miguel@xxxxxxxxx>]

Hello all,

I have recently implemented HTCondor in a Windows environment and everything is working well, except condor_mail which has no support for authenticated relays. Iâve looked at the source code for condor_mail and I am willing to submit a PR that adds the necessary support, but per the README in the htcondor GitHub repository I am asking for input from this list before investing the time.

My design calls for maintaining backwards compatibility by adding a new parameter: -savecred meant to be used with the -relay parameter in addition to the [also new] -u and -p parameters.Â

Example usage:

condor_mail.exe -relayÂsecurerelay.example.comÂ-uÂjohn@xxxxxxxxxxxÂ-p Sup3rsecr3t! -savecred

The new functionality triggered by -savecred in the example above would create or update a sub key of the condor registry key called SmtpRelays and create a new registry item of type REG_SZ named âsecurerelay.example.comâ with a value of âjohn@xxxxxxxxxxx:<encryptedpassword>â

[HKEY_LOCAL_MACHINE\SOFTWARE\condor\SmtpRelays]

âsecurerelay.example.comâ=âjohn@xxxxxxxxxxx:<encryptedpassword>â

The encryption would happen with DPAPI, so it would be user and machine specific.Â

After a credential is saved, the next time condor_mail is called with the -relay parameter, the registry will be checked for the existence of an item matching that relay in the SmtpRelays sub key and if found, the SmtpClient would be constructed with the saved credentials and TLS would be forced on the connection.Â

The idea again would be to allow condor_mail to support authenticated relays while keeping the existing functionality intact and minimizing changes.Â

Thoughts?

Thank you

--

MG