Sending mail using SMTPs fails because of allegedly missing auth scheme - despite them being present

[yogo1212]

Description

Twisted reports: twisted.mail._except.AUTHRequiredError: 502 Server does not support Client Authentication schemes [CRAM-MD5, LOGIN, PLAIN]

The mail server advertises these options when connecting with openssl s_client -connect mail.domain.io:465 (and sending EHLO):

250-mail.domain.io
250-PIPELINING
250-SIZE 512000000
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING

This is the relevant excerpt from the homeserver config:

email:
  smtp_host: mail.domain.io
  smtp_port: 465
  force_tls: true
  smtp_user: [email protected]
  smpt_pass: redacted

Possibly related to:
#15126

Steps to reproduce

• open app.element.io in a new private window
• enter homeserver (will disclose if required)
• press 'forgot password?'
• enter any email address
• press 'send email'

Homeserver

private matrix server

Synapse Version

1.121.1

Installation Method

Docker (matrixdotorg/synapse)

Database

postgres from the get-go

Workers

Single process

Platform

rocky linux, docker container

Configuration

see above

Relevant log output

see above

Anything else that would be useful to know?

No response

[reivilibre]

Is openssl s_client -connect mail.domain.io:465 being done from the same server as Synapse?

I have seen SMTP servers hide auth mechanisms from you when your IP is blacklisted. If that's the case, it could be that your Synapse server is blacklisted from the SMTP server.

[reivilibre]

also note the typo:

  smpt_pass: redacted

[yogo1212]

@reivilibre that's it! there's no authentication method because there's no password!
the error message is slightly confusing but not wrong.

thank you so very much - i spent so much time trying to understand the twisted path (pun intended) the email takes through the python stack.

sorry for causing trouble