New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
smtplib.py AUTH mechanism #35854
Comments
Currently the AUTH implementation within smtplib.py does not fully comply to RFC 2554. auth_command = "AUTH" SPACE auth_type [SPACE (base64 / "=")]
*(CRLF [base64]) CRLF Therefore, after the AUTH token there _must_ be an ASCII blank. However, the ESMTP features parsing code uses a RE that will match any alphanumeric string,
and will also match, for example, "AUTH=LOGIN", which it shouldn't. This poses a problem when trying to authenticate against an iPlanet Messaging Server MTA, which ... (other features) and obviously the second AUTH token "feature list" overwrites the first (we get just ['=LOGIN'], I suppose the MTA isn't telling the MUA a second set of AUTH features, but merely letting the By the way, the AUTH LOGIN mechanism is iPlanet-Netscape proprietary, so the only well-known This "bug" is trivial to fix (just add a space as the last character of the RE) but I don't know about Thank you, |
Logged In: YES Would you mind submitting a patch? |
Logged In: YES Actually, the relevant RFC is 1869 which describes ESTMP. 250-AUTH=LOGIN is non-conformant to the RFC and should be ignored. Your |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: