How to turn off SMTP login during forgot password in django-auth module

[Sujit Pal]

I implemented registration / login / forgot password functionality in my application following the steps described here -https://simpleisbetterthancomplex.com/tutorial/2016/09/19/how-to-create-password-reset-view.html

I have it working with a google email and password sending on smtp.gmail.com. Unfortunately it gets caught in the corporate spam folder and I now have a company email address that I can use.

However, it will render the message saying that a password link is on its way, but no email appears. Digging a little, it appears that the message needs to go through a smtp server which does not need a password. For example, I can successfully run the following code snippet to send mail to myself.

import smtplib, ssl

from email.message import EmailMessage

smtp_server = "..."

from_email = "..."

to_email = "..."

msg = EmailMessage()

msg.set_content("The body of the email is here")

msg["Subject"] = "My testing email"

msg["From"] = from_email

msg["To"] = to_email

context = ssl.create_default_context()

with smtplib.SMTP(smtp_server, port=587) as smtp:

smtp.starttls(context=context)

# smtp.login(msg["From"], "")

smtp.send_message(msg)

Notice that smtp.login() is commented out. If I uncomment it, it gives me a smtplib.SMTPNotSupportedError: SMTP AUTH extension not supported by server.

I have also tried using django's own send_mail which uses the values in settings.py and that works as well, ie., I can send an email to myself.

from django.core.mail import send_mail

send_mail(

"My test subject",

"This is he body of the message",

from_email,

[to_email],

fail_silently=False

)

The EMAIL related properties in my settings.py are as follows.

EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'

EMAIL_HOST = '...'

EMAIL_HOST_USER = 'from_email'

#EMAIL_HOST_PASSWORD = ''

EMAIL_PORT = 587

EMAIL_USE_TLS = True

My question is, is there an application specific way by which I can signal to the django registration code to not login to the SMTP server when sending hte forgot password email? I tried commenting out the password but it doesn't seem to have had any effect.

TIA for any guidance.

Best,

Sujit

[Sujit Pal]

Update on this... the issue got solved as follows.

Discovered next morning that the mail did go out but was caught in our corporate phishing net because it was going out from webmaster@localhost (apparently some sort of default email address for forgot_password). Adding the DEFAULT_FROM_EMAIL to settings.py allowed the mail to be delivered without getting caught in any filter.

-sujit