This project has moved and is read-only. For the latest updates, please go here.


TIdSMTPServer incorrectly clears user credentials during a RSET


The RSET command (and similarly, HELO/EHLO after starting a session, and QUIT) is supposed to only abort the current mail transaction (if one is active) and clear its buffers and states, otherwise it is effectively a NOOP. However, TIdSMTPServerContext.Reset() clears the Username, Password, and LoggedIn properties. If a client sends a RSET after logging in but before starting a new mail transaction (which TIdSMTP does), the user authentication is lost. It should only be cleared during a STARTTLS command.
Closed Apr 6 at 1:12 AM by gambit47


gambit47 wrote Dec 12, 2012 at 9:34 AM

Fixed in rev 4668.

wrote Feb 13, 2013 at 11:09 PM

wrote May 16, 2013 at 6:14 AM

wrote May 16, 2013 at 6:14 AM

wrote Jun 14, 2013 at 8:50 AM

wrote Apr 6 at 1:12 AM