Added sec warn, more debug logging detail

- Added a warning for users who attempt authentication on servers that don't allow STARTTLS (they are transmitted in plain text)
- Included a note when AUTH fails due to no supported mechanisms including the mechanisms supported (PLAIN and LOGIN)
This commit is contained in:
James Elliott 2019-12-28 13:49:29 +11:00 committed by Clément Michaud
parent c4b56a6002
commit 6e946dc859

View File

@ -71,6 +71,9 @@ func (n *SMTPNotifier) Send(recipient string, subject string, body string) error
// Attempt AUTH if password is specified only // Attempt AUTH if password is specified only
if n.password != "" { if n.password != "" {
if !starttls {
log.Warn("Authentication is being attempted over an insecure connection. Using a SMTP server that supports STARTTLS is recommended, especially if the server is not on your local network (username and pasword are being transmitted in plain-text).")
}
// Check the server supports AUTH, and get the mechanisms // Check the server supports AUTH, and get the mechanisms
authExtension, m := c.Extension("AUTH") authExtension, m := c.Extension("AUTH")
@ -90,7 +93,7 @@ func (n *SMTPNotifier) Send(recipient string, subject string, body string) error
// Throw error since AUTH extension is not supported // Throw error since AUTH extension is not supported
if auth == nil { if auth == nil {
return fmt.Errorf("SMTP server does not advertise a AUTH mechanism that Authelia supports. Advertised mechanisms: %s.", m) return fmt.Errorf("SMTP server does not advertise a AUTH mechanism that Authelia supports (PLAIN or LOGIN). Advertised mechanisms: %s.", m)
} }
// Authenticate // Authenticate