[Twisted-Python] SMTP authentication
Phil Mayers
p.mayers at imperial.ac.uk
Tue Jul 24 09:54:34 EDT 2012
On 24/07/12 14:29, Itamar Turner-Trauring wrote:
> 3. The SMTP server's CRAM-MD5 implementation is buggy.
If I understand the issue correctly, this is the case. The server
incorrectly advertises CRAM-MD5, but it never succeeds since the server
lacks the relevant secret.
Obviously this is bad, but apparently many GUI clients handle such
broken servers, by falling back to PLAIN auth. I can't say I've ever
seen it in the wild though.
Although I haven't used it in a while, my recollection was that
Twisted's SMTPClient implementation did a similar thing, and tried the
auth methods it was supplied "in order".
It may be that the OP is using some wrapper API or local code that is
mis-using this functionality, or of course that I am mis-remembering it.
More information about the Twisted-Python
mailing list