[Twisted-Python] SMTP authentication

Phil Mayers p.mayers at imperial.ac.uk
Tue Jul 24 09:54:34 EDT 2012

On 24/07/12 14:29, Itamar Turner-Trauring wrote:

>  3. The SMTP server's CRAM-MD5 implementation is buggy.

If I understand the issue correctly, this is the case. The server 
incorrectly advertises CRAM-MD5, but it never succeeds since the server 
lacks the relevant secret.

Obviously this is bad, but apparently many GUI clients handle such 
broken servers, by falling back to PLAIN auth. I can't say I've ever 
seen it in the wild though.

Although I haven't used it in a while, my recollection was that 
Twisted's SMTPClient implementation did a similar thing, and tried the 
auth methods it was supplied "in order".

It may be that the OP is using some wrapper API or local code that is 
mis-using this functionality, or of course that I am mis-remembering it.

More information about the Twisted-Python mailing list