aiosmtpd icon indicating copy to clipboard operation
aiosmtpd copied to clipboard

Published 20 hours ago verified publisher icon aio-libs

Do not expose info about AUTH when authorization is not required

Open msztolcman opened this issue 4 years ago • 1 comments
trafficstars

Current situation: there is always info in EHLO response: 250-AUTH LOGIN PLAIN (or similar methods).

Expected: if auth_required == False and not auth_callback then AUTH should not be exposed in EHLO response.

I can accept any credentials in auth_callback, but I think client shouldn't try to authenticate at all if server do not expose this method.

msztolcman avatar Mar 13 '21 23:03 msztolcman

Okay, make sense. And minimal break as well if auth_required == False.

I'll put that in 1.5.0.

pepoluan avatar Mar 15 '21 03:03 pepoluan