From 6e946dc85909961b888edcda7903551452bc9957 Mon Sep 17 00:00:00 2001 From: James Elliott Date: Sat, 28 Dec 2019 13:49:29 +1100 Subject: [PATCH] Added sec warn, more debug logging detail - Added a warning for users who attempt authentication on servers that don't allow STARTTLS (they are transmitted in plain text) - Included a note when AUTH fails due to no supported mechanisms including the mechanisms supported (PLAIN and LOGIN) --- internal/notification/smtp_notifier.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/internal/notification/smtp_notifier.go b/internal/notification/smtp_notifier.go index 830a13b81..f94c11c3e 100644 --- a/internal/notification/smtp_notifier.go +++ b/internal/notification/smtp_notifier.go @@ -71,6 +71,9 @@ func (n *SMTPNotifier) Send(recipient string, subject string, body string) error // Attempt AUTH if password is specified only if n.password != "" { + if !starttls { + log.Warn("Authentication is being attempted over an insecure connection. Using a SMTP server that supports STARTTLS is recommended, especially if the server is not on your local network (username and pasword are being transmitted in plain-text).") + } // Check the server supports AUTH, and get the mechanisms authExtension, m := c.Extension("AUTH") @@ -90,7 +93,7 @@ func (n *SMTPNotifier) Send(recipient string, subject string, body string) error // Throw error since AUTH extension is not supported if auth == nil { - return fmt.Errorf("SMTP server does not advertise a AUTH mechanism that Authelia supports. Advertised mechanisms: %s.", m) + return fmt.Errorf("SMTP server does not advertise a AUTH mechanism that Authelia supports (PLAIN or LOGIN). Advertised mechanisms: %s.", m) } // Authenticate