mail: allow PLAIN auth over non-tls connections (#3900)

This allows mattermost to use a non-tls connection with a SMTP server that
supports PLAIN auth (but not LOGIN). The go library explicitly allows PLAIN
auth over non-tls connections - https://golang.org/src/net/smtp/auth.go#L55

Fixes #2929

1 files changed, 5 insertions, 2 deletions

diff --git a/utils/mail.go b/utils/mail.go
index c4532f7b4..bb3ee7b17 100644
--- a/utils/mail.go
+++ b/utils/mail.go
@@ -52,8 +52,6 @@ func newSMTPClient(conn net.Conn, config *model.Config) (*smtp.Client, *model.Ap
 		l4g.Error(T("utils.mail.new_client.open.error"), err)
 		return nil, model.NewLocAppError("SendMail", "utils.mail.connect_smtp.open_tls.app_error", nil, err.Error())
 	}
-	// GO does not support plain auth over a non encrypted connection.
-	// so if not tls then no auth
 	auth := smtp.PlainAuth("", config.EmailSettings.SMTPUsername, config.EmailSettings.SMTPPassword, config.EmailSettings.SMTPServer+":"+config.EmailSettings.SMTPPort)
 	if config.EmailSettings.ConnectionSecurity == model.CONN_SECURITY_TLS {
 		if err = c.Auth(auth); err != nil {
@@ -68,6 +66,11 @@ func newSMTPClient(conn net.Conn, config *model.Config) (*smtp.Client, *model.Ap
 		if err = c.Auth(auth); err != nil {
 			return nil, model.NewLocAppError("SendMail", "utils.mail.new_client.auth.app_error", nil, err.Error())
 		}
+	} else if config.EmailSettings.ConnectionSecurity == model.CONN_SECURITY_PLAIN {
+		// note: go library only supports PLAIN auth over non-tls connections
+		if err = c.Auth(auth); err != nil {
+			return nil, model.NewLocAppError("SendMail", "utils.mail.new_client.auth.app_error", nil, err.Error())
+		}
 	}
 	return c, nil
 }