Skip to content

allow_smtp_auth_plain_without_valid_certificate

Since: Dev Builds Only

The functionality described in this section requires a dev build of KumoMTA. You can obtain a dev build by following the instructions in the Installation section.

Optional boolean. Defaults to false.

When false, SMTP AUTH PLAIN will be preemptively failed if the TLS session's peer certificate was not validated, in order to prevent the credential from being captured by an active (man-in-the-middle) attacker. This covers sessions where the effective enable_tls value is OpportunisticInsecure or RequiredInsecure, as well as a DANE host whose published TLSA records are unusable: in all of those cases the connection is encrypted but the peer is not authenticated.

You can set this to true to restore the previous behavior of sending the credential over any encrypted session, regardless of whether the certificate was validated.

Danger

Do not enable this option on an untrusted network. Over a TLS session with an unvalidated certificate, an active attacker can present their own certificate, capture the credential, and relay the session to the real server.

See also allow_smtp_auth_plain_without_tls, which governs the separate case of SMTP AUTH PLAIN over an unencrypted connection.