diff --git a/conn.go b/conn.go
index ae2c6c2..3e9a056 100644
--- a/conn.go
+++ b/conn.go
@@ -141,11 +141,7 @@ func (c *Conn) handle(cmd string, arg string) {
 		c.writeResponse(221, EnhancedCode{2, 0, 0}, "Bye")
 		c.Close()
 	case "AUTH":
-		if c.server.AuthDisabled {
-			c.protocolError(500, EnhancedCode{5, 5, 2}, "Syntax error, AUTH command unrecognized")
-		} else {
-			c.handleAuth(arg)
-		}
+		c.handleAuth(arg)
 	case "STARTTLS":
 		c.handleStartTLS()
 	default:
@@ -207,7 +203,7 @@ func (c *Conn) Conn() net.Conn {
 
 func (c *Conn) authAllowed() bool {
 	_, isTLS := c.TLSConnectionState()
-	return !c.server.AuthDisabled && (isTLS || c.server.AllowInsecureAuth)
+	return isTLS || c.server.AllowInsecureAuth
 }
 
 // protocolError writes errors responses and closes the connection once too many
diff --git a/server.go b/server.go
index e4069dd..f92e109 100644
--- a/server.go
+++ b/server.go
@@ -59,10 +59,6 @@ type Server struct {
 	// Should be used only if backend supports it.
 	EnableDSN bool
 
-	// If set, the AUTH command will not be advertised and authentication
-	// attempts will be rejected. This setting overrides AllowInsecureAuth.
-	AuthDisabled bool
-
 	// The server backend.
 	Backend Backend
 
diff --git a/server_test.go b/server_test.go
index 03243fb..b0bf4c0 100644
--- a/server_test.go
+++ b/server_test.go
@@ -25,6 +25,8 @@ type message struct {
 }
 
 type backend struct {
+	authDisabled bool
+
 	messages []*message
 	anonmsgs []*message
 
@@ -70,10 +72,16 @@ type session struct {
 var _ smtp.AuthSession = (*session)(nil)
 
 func (s *session) AuthMechanisms() []string {
+	if s.backend.authDisabled {
+		return nil
+	}
 	return []string{sasl.Plain}
 }
 
 func (s *session) Auth(mech string) (sasl.Server, error) {
+	if s.backend.authDisabled {
+		return nil, smtp.ErrAuthUnsupported
+	}
 	return sasl.NewPlainServer(func(identity, username, password string) error {
 		if identity != "" && identity != username {
 			return errors.New("Invalid identity")
@@ -217,7 +225,7 @@ type serverConfigureFunc func(*smtp.Server)
 
 var (
 	authDisabled = func(s *smtp.Server) {
-		s.AuthDisabled = true
+		s.Backend.(*backend).authDisabled = true
 	}
 )
 
@@ -698,7 +706,7 @@ func TestServer_authDisabled(t *testing.T) {
 
 	io.WriteString(c, "AUTH PLAIN\r\n")
 	scanner.Scan()
-	if scanner.Text() != "500 5.5.2 Syntax error, AUTH command unrecognized" {
+	if scanner.Text() != "502 5.7.0 Authentication not supported" {
 		t.Fatal("Invalid AUTH response with auth disabled:", scanner.Text())
 	}
 }