phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0018115phplist applicationMessage Send Processpublic10-05-16 21:2017-09-16 16:58
Reportermarkus.daesch 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformVMWare Appliance on ESXOSUbuntu Server 64BitOS Version16.04 LTS
Product Version3.2.4 
Target Versionnext patchFixed in Version3.2.6 
Summary0018115: phpMailer uses always SMTPAutoTLS
DescriptionSending an email via phpMailer and SMTP-Host checks the availability of TLS when connecting to the server and uses it if so. Setting
--- define("PHPMAILER_SECURE",''); ---
has no effect, TLS is still used.

Setting
--- public $SMTPAutoTLS = false; ---
at line 257 in file "/lists/admin/PHPMailer/class.phpmailer.php" might deactivate this behaviour but, in fact, it does not in this case.

For further information please visit https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting#opportunistic-tls [^]
Steps To ReproduceCause: For this please have a look at line 133 in file "/lists/admin/class.phplistmailer.php" where you can find the very hard set property
--- $this->SMTPAutoTLS = true; ---
which was driving me nuts for estimately 5 hours. Gotcha! ;-)
Additional InformationIt might a "friendly" way making it possible to deactivate the SMTPAutoTLS via the central "config_extended.php". A possible addition between lines 571 and 573 might be:

# to automatically use TLS if the SMTP-server provides it
# set this value true, otherwise false - this will cause
# problems with untrusted certs on the server when true
# define('PHPMAILER_AUTOTLS', false);

Or we set SMTPAutoTLS to false in general and only have a look at the setting PHPMAILER_SECURE.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0057703)
markus.daesch (reporter)
10-05-16 21:24

Eventlog reports:

Fehler beim Senden der E-Mail an markus.daesch (at) patura.com SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting [^]

(Error while sending e-mail to ...)
(0057704)
markus.daesch (reporter)
10-05-16 21:27

Detailed phpMailer DEBUG:


2016-05-10 18:36:45 Connection: opening to kmail.patura.com, timeout=5, options=array ( )
2016-05-10 18:36:45 Connection: opened
2016-05-10 18:36:45 SERVER -> CLIENT: 220 kmail.patura.com ESMTP ready
2016-05-10 18:36:45 CLIENT -> SERVER: EHLO news.patura.com
2016-05-10 18:36:45 SERVER -> CLIENT: 250-kmail.patura.com 250-AUTH CRAM-MD5 PLAIN LOGIN DIGEST-MD5 250-SIZE 26214400 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-PIPELINING 250-ETRN 250-DSN 250 HELP 1
2016-05-10 18:36:45 CLIENT -> SERVER: STARTTLS
2016-05-10 18:36:45 SERVER -> CLIENT: 220 2.0.0 Ready to start TLS
2016-05-10 18:36:45 SMTP Error: Could not connect to SMTP host.
2016-05-10 18:36:45 CLIENT -> SERVER: QUIT
2016-05-10 18:36:45 SERVER -> CLIENT: K GA'??h???C 1G???--?i6?Fu???8?g;iroK???[?9N?J? ???o?>>F5?e?w?SG?#??Z??,+ ??_f=^g?TN??b??c???C?l??1?a????%0bhn. (t??G6R?m???5'^\??d?vR;?,???D_rY*s?{??]???@??1?=?" N?q*K_?/$9??v????B??-cL?%???r?;On??Y?J?\@???boZ??7p???\???k?>2P?HJIg?-?y?????8}6?xkm?shZ?&P???`[=??b???H?s?R?t????64h????B??3??rR]?|t?H?z*M!?????/??!dav?n?C??1z?&??vykcc?d???cYt.???U?H??:@?G?4?B?)]????b????!*8?J1??(???{??I? ?YT?y%u??FW??Y~????4??D?j????b????Gp?{???t?X O??a-?g??(?:H?6???g??(???eA?????e??S??Qgvs?6??cWP??t?;um ?u,?0Q?,n???
2016-05-10 18:36:45 SMTP ERROR: QUIT command failed: K GA'??h???C 1G???--?i6?Fu???8?g;iroK???[?9N?J? ???o?>>F5?e?w?SG?#??Z??,+ ??_f=^g?TN??b??c???C?l??1?a????%0bhn. (t??G6R?m???5'^\??d?vR;?,???D_rY*s?{??]???@??1?=?" N?q*K_?/$9??v????B??-cL?%???r?;On??Y?J?\@???boZ??7p???\???k?>2P?HJIg?-?y?????8}6?xkm?shZ?&P???`[=??b???H?s?R?t????64h????B??3??rR]?|t?H?z*M!?????/??!dav?n?C??1z?&??vykcc?d???cYt.???U?H??:@?G?4?B?)]????b????!*8?J1??(???{??I? ?YT?y%u??FW??Y~????4??D?j????b????Gp?{???t?X O??a-?g??(?:H?6???g??(???eA?????e??S??Qgvs?6??cWP??t?;um ?u,?0Q?,n???
2016-05-10 18:36:45 Connection: closed
2016-05-10 18:36:45 SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting [^] Fehler beim Senden des Tokens für die Passwort-Änderung.
(0057712)
michiel (manager)
11-05-16 19:12

If you want to push a PR let me know. Should be easy to add, eg "if config" then don't autoTLS

I think it should default to true, but be switch-offable.
(0057716)
markus.daesch (reporter)
12-05-16 07:12

It will take some more weeks until my college will send a PR but we are going to test it and I tell you then.

Yes it should be active by default and deactivatable per config_extended.php, that is my favorite solution. If we have more security we should use it - if it works, otherwise we should be able to pass it up.
(0058256)
michiel (manager)
17-09-16 16:58

4d0e6cfdd41d20ec6639f7b13fe768b0f3d1fef8

You can now set PHPMAILER_SECURE to false to stop using AutoTLS.


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker