Auth should be mandatory for MAIL, RCPT & DATA commands when server.AuthDisabled is false
#216
Comments
mukul-brevo
added a commit
to mukul-brevo/go-smtp
that referenced
this issue
Mar 25, 2023
|
This is intentional, some SMTP servers may make authentication optional. You are expected to track authentication status in your backend implementation and return ErrAuthRequired from MAIL/RCPT/DATA if it is actually required. |
|
@foxcpp I completely understand the use case behind the optional auth but what is the need of having |
emersion
added a commit
that referenced
this issue
Apr 5, 2023
By design, go-smtp won't check whether the session is authenticated during MAIL/RCPT/DATA commands. Make this more explicit by checking whether the session is authenticated in the example. Closes: #216
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In current scenario, user is able to send
MAIL,RCPT&DATAcommands even whenserver.AuthDisabled=false.In below image attached, i did not do any auth but still i was able to issue commands.
I also found this error declared for exact use case but it is not used any where except of the test cases.
Maybe the behaviour got broken with some change?
However this is highly unexpected and should be fixed as soon as possible, as we are currently blocked in our development.
I don't know how others are handling this?
It should be handled exactly here before going into the actual command handling.
The text was updated successfully, but these errors were encountered: