aiosmtpd icon indicating copy to clipboard operation
aiosmtpd copied to clipboard

Published 20 hours ago verified publisher icon aio-libs

AUTH not provided in EHLO with SSL/TLS

Open FinnStutzenstein opened this issue 4 years ago • 2 comments
trafficstars

When using implicit SSL/TLS (so no STARTTLS), the self._tls_protocol will never be set. This results in AUTH not being present in the EHLO response (given that auth_require_tls is true): https://github.com/aio-libs/aiosmtpd/blob/master/aiosmtpd/smtp.py#L833

I would expect that when an SSL/TLS connection is used instead of STARTTLS (and auth_require_tls is true), AUTH is provided to the client. Currently, we are setting auth_require_tls is false to circumvent this issue.

FinnStutzenstein avatar Aug 19 '21 08:08 FinnStutzenstein

Sadly, I don't think* there's an efficient way for SMTP to detect if it's being wrapped externally in an SSL/TLS context.

For the time being I think the easiest workaround is to add a note to the documentation w.r.t. needing to set auth_require_tls=False when using implicit SSL/TLS.

  • I may change my mind, though. Let me refresh my understanding of the code first ... it's been quite awhile 😅

pepoluan avatar Oct 19 '21 06:10 pepoluan

@FinnStutzenstein in fact not only was AUTH not present in response, but was also explicitly rejected when attempted without feature checking. But hopefully it will be merged and fixed soon.

strongholdmedia avatar Dec 21 '22 12:12 strongholdmedia