View Issue Details

IDProjectCategoryView StatusLast Update
0015627phplist applicationMessage Send Processpublic08-08-11 15:26
Reporterduncanc 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2.10.14 
Target VersionFixed in Version2.10.15 
Summary0015627: Sending using SMTP always uses authentication
DescriptionWhen sending by SMTP, by setting PHPMAILERHOST in the config file, authentication is always used, even when user and password have been commented out by the lines
#$phpmailer_smtpuser = 'smtpuser';
#$phpmailer_smtppassword = 'smtppassword';

The problem is that phplist will attempt to authenticate with the mail server when it does not have a user id and password. This causes an error response from the mail server, and possibly might cause it to reject the attempt to send the email.

The offending code is in file admin/class.phplistmailer.php
in the constructor lines 34-44 are
      if (defined('PHPMAILERHOST') && PHPMAILERHOST != '') {
        //logEvent('Sending email via '.PHPMAILERHOST);
        $this->SMTPAuth = true;
        $this->Helo = getConfig("website");
        $this->Host = PHPMAILERHOST;
        if ( isset($GLOBALS['phpmailer_smtpuser']) && $GLOBALS['phpmailer_smtpuser'] != ''
             && isset($GLOBALS['phpmailer_smtppassword']) && $GLOBALS['phpmailer_smtppassword']) {
          $this->Username = $GLOBALS['phpmailer_smtpuser'];
          $this->Password = $GLOBALS['phpmailer_smtppassword'];
        }
        $this->Mailer = "smtp";

The line setting SMTP authentication
        $this->SMTPAuth = true;
should be moved to be within the second if statement, so that it is true only if user and password have been provided.

See file admin/phpmailer/class.phpmailer.php for where this is used, in method SmtpConnect()
TagsNo tags attached.