New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ESMTP client quits when TLS negotiation fails with requireTransportSecurity=false #10334
Comments
I just ran into a very similar problem with Buildbot 3.6.1 and twisted-22.04.0, the root cause might be the same. Our internal SMTP relay setup is just like the one from justmarini. Buildbot prints the following stacktrace: Click me
I also recorded the packets with Wireshark (sorry I can't publish the captured packets): It seems twisted does not handle the untrusted certificate well when probing for TLS capabilities. As workaround I set |
My issue was resolved with buildbot/buildbot#5609. |
Thanks for the update. I am not sure this is a big... just a missing implementation detail. I can't fidn the documentation informaing that when twisted/src/twisted/mail/smtp.py Lines 1482 to 1496 in ed86633
... So far the code works as documented, STARTTLS is alwasy triggered.
and documentation for requireTransportSecurity
I guess that we need to end the documentation to also talk about what happen when I think that for Happy to review a PR for this. Regards |
My organization is using twisted 19.10.0. We've noticed that the behavior of the ESMTP client's
requireTransportSecurity
is inconsistent with other systems, and can be confusing to end-users.We have a user with an STMP server advertising STARTTLS. Their certificate, however, is a default one, so they've advised us to -not- use TLS (it's an internal system). By specifying
requireTransportSecurity=false
, we expected that this would work around their system.However, the observed behavior is for the TLS negotiation to fail, and the client to issue a
QUIT
.In
smtp.py
, the callback is the same for eitherrequireTransportSecurity
case.The response should instead distinguish between the two. If TLS is required, quit on fail. If TLS is not required, continue with the auth attempt.
Searchable metadata
The text was updated successfully, but these errors were encountered: