Ticket #5803 enhancement new
Allow fallback from CRAM-MD5 in t.m.smtp
|Reported by:||philmayers||Owned by:|
|Component:||Keywords:||smtp authentication md5|
As documented in this Thunderbird ticket:
...some SMTP servers present CRAM-MD5 in the EHLO banner, but cannot successfully complete a CRAM-MD5 authentication for some/all users (perhaps because the relevant secrets are absent server-side).
Twisted will currently fail with these servers; it always tries CRAM-MD5 first, and does not fall back. See:
There are obviously security considerations here - it might be a man-in-the-middle attack.
More generally, there is no way to influence the set and behaviour of auth methods used by the Twisted SMTP code; the ESMTPSender class uses a private method, _registerAuthenticators, to initialise the list from init