In my opinion, the warning is not necessary, and in fact redundant since what Mantis does is quite obvious from the statement "If smtp_username is not '' then the username and password will be used when logging in to the SMTP server."

I'm sorry that I have to disagree.

The fact is that if username is defined, Mantis seems to change to ESMTP (for authentication). Even though the correct password is defined, if the SMTP does not require authentication, ie no ESMTP, email part would still fail and THIS is very misleading.

You see what I mean? Let's say in real life, there's a place you can get inside without authentication (ie without showing your identity). Does it matter if someone shows his ID card? Does it matter if someone speaks his name? No, it does not matter and should not matter. However, in our current situation, the fact that username is defined matters a lot and this behaviour is not intuitive.

I'm sorry but I have to say that I'm happy another user has also fallen into this pitfall. It's a sign that the sentence
"If smtp_username is not '' then the username and password will be used when logging in to the SMTP server."
is very misleading and in some degree does not make sense.

I have some co-workers and friends also made this same mistake as well!

And in a pragmatic viewpoint, does it really hurt to add the suggested sentence in the documentation? If the presence of a sentence can make things clear, why would you still want to keep the ambiguity??

I updated the comment in config_defaults_inc.php as well as in the admin guide.