Open lmcd opened 4 years ago
Hmm. According to RFC 4954, if a client is providing an empty user name, the server must deny the authentication request. So, instead of using EHLO the anonymous connection should probably start with HELO.
If no authentication is required, client should not send AUTH
command at all. I was able to send email via telnet with SMTP server that does not require authentication, listing below:
~ % telnet <redacted> 209
Trying <redacted>...
Connected to <redacted>.
Escape character is '^]'.
220 <redacted> Microsoft ESMTP MAIL Service ready at Tue, 4 Jan 2022 12:36:55 +0100
EHLO
250-<redacted> Hello <redacted>
250-SIZE 104857600
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250-SMTPUTF8
250 XRDST
MAIL FROM:<redacted>
250 2.1.0 Sender OK
RCPT TO:<redacted>
250 2.1.5 Recipient OK
DATA
354 Start mail input; end with <CRLF>.<CRLF>
Subject: My Subject
Email message.
.
250 2.6.0 <redacted> [InternalId=47369194308060, Hostname=<redacted>] 1085 bytes in 38.911, 0,027 KB/sec Queued mail for delivery
The issue seems to be in SMTPSocket.init(...)
-- specifically, the last two lines always try to authenticate, even if the server's response does not actually include a 250-AUTH line:
let authMethod = try getAuthMethod(authMethods: authMethods, serverOptions: serverOptions, hostname: hostname)
try login(authMethod: authMethod, email: email, password: password)
I'm using an SMTP server that doesn't require authentication, though when Swift-SMTP attempts to authenticate with empty credentials, it fails.
I'm having no issues at all sending mail anonymously with the
swaks
tool.How do I specify a credential-less SMTP configuration?