Explore allowing only one authentication_mechanism on SmtpTransportBuilder #65
Comments
amousset
added a commit
to amousset/lettre
that referenced
this issue
May 9, 2016
…handling Change the default authentication mechanism selection check if the connection is encrypted, and only test PLAIN when it is the case. Also make the .authentication_mechnaism only take one mechanism, as a user will specify it he wants to ensure one particular method will be used. Closes lettre#65
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, the SmtpTransportBuilder has a field called authentication_mechanisms that allows for an Vec of mechanisms.
This caught my eye because it seemed like an unnecessary wasteful Vec allocation, but then I notice that you allow for multiple assignments to check them in priority order as seen here.
I cannot think of a scenario in which I would be targeting an email relay without being sure of how to authenticate. For example, if the relay server expects CramMd5 and that fails, it seems weird that I would also want to check for Plain, just in case it would magically go through. But that is what is allowed if I specify multiple mechanisms in the Vec. If Plain went through, even though the server was expecting CramMd5, it would actually be dangerous, because it would hide the authentication problem from me, since the emails would be sent successfully during the Plain fallback.
The text was updated successfully, but these errors were encountered: