| Package home | Report new bug | New search | Development Roadmap | Status: Open | Feedback | All | Closed Since Version 1.12.1 |
| Bug #14944 | TLS connection only gets started if no AUTH methods are sent | ||
|---|---|---|---|
| Submitted: | 2008-11-03 14:35 UTC | ||
| From: | parag0n | Assigned: | jon |
| Status: | Closed | Package: | Net_SMTP (version 1.3.1) |
| PHP Version: | 5.2.6 | OS: | Ubuntu 8.10 |
| Roadmaps: | (Not assigned) | ||
[2008-11-03 14:35 UTC] parag0n
(Bob Clough)
Description:
------------
I am attempting to create a secure connection to an Exchange 2003 server, using TLS.
The Exchange server supports NTLM and LOGIN Authentication, but will only allow LOGIN authentication over a TLS connection.
It appears that the Net_SMTP will only allow a TLS connection if there are no AUTH methods available, and hence the connection fails.
Actual result:
--------------
DEBUG: Recv: 220 exc01.x.net Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Mon, 3 Nov 2008 14:35:25 +0000
DEBUG: Send: EHLO localhost
DEBUG: Recv: 250-exc01.x.net Hello [10.0.0.252]
DEBUG: Recv: 250-TURN
DEBUG: Recv: 250-SIZE
DEBUG: Recv: 250-ETRN
DEBUG: Recv: 250-PIPELINING
DEBUG: Recv: 250-DSN
DEBUG: Recv: 250-ENHANCEDSTATUSCODES
DEBUG: Recv: 250-8bitmime
DEBUG: Recv: 250-BINARYMIME
DEBUG: Recv: 250-CHUNKING
DEBUG: Recv: 250-VRFY
DEBUG: Recv: 250-TLS
DEBUG: Recv: 250-STARTTLS
DEBUG: Recv: 250-X-EXPS GSSAPI NTLM LOGIN
DEBUG: Recv: 250-X-EXPS=LOGIN
DEBUG: Recv: 250-AUTH GSSAPI NTLM LOGIN
DEBUG: Recv: 250-AUTH=LOGIN
DEBUG: Recv: 250-X-LINK2STATE
DEBUG: Recv: 250-XEXCH50
DEBUG: Recv: 250 OK
DEBUG: Send: AUTH LOGIN
DEBUG: Recv: 530 5.7.0 Must issue a STARTTLS command first
DEBUG: Send: RSET
DEBUG: Recv: 530 5.7.0 Must issue a STARTTLS command first
DEBUG: Send: QUIT
DEBUG: Recv: 221 2.0.0 exc01.x.net Service closing transmission channel
Comments
[2008-11-03 14:43 UTC] parag0n
(Bob Clough)
Sorry, forgot to add, the file where the error is is "Net/SMTP.php", line number is 461.
[2008-11-07 04:42 UTC] jon
(Jon Parise)
It looks like Chuck added the STARTTLS code original and explicitly put it within that conditional. I don't know the standard well enough to know the reasoning there, though.
[2008-12-01 04:58 UTC] lilopera
(Luis Lopera)
I got the same problem when trying to send e-mails from my scripts using smtp authentication. And to fix it I had to correct line 463 on SMTP.php to look like this.
if (!empty($this->_esmtp['AUTH'])) {
it seems that if the mail server answer within the _negotiate() call over a non secure query that it uses authentication, the client trying to authenticate will not use TLS, hence the server will refuse authentication. Perhaps instead of asking if _esmtp['AUTH'] is empty, it would be more precise to ask if _esmtp['TLS'] or if _esmtp['STARTTLS']is set.
By following the process of sending mail, the _negotiate() fucntion is called before it tryes to authenticate, and that's why _esmtp['AUTH'] gets populated, so is never empty by the time it gets to the auth() function.
Hope this helps
In my case I had to download the latest version of sockets.php as well. and everythning worked fine.
[2008-12-01 05:19 UTC] lilopera
(Luis Lopera)
Please be aware that my fix is ONLY a fast fix. It is just meant to force the process to start the TLS channel under my particular circumstances.
From my gathering, the auth() function has to be reshaped a little in order to account for all possible scenarios
[2008-12-20 23:07 UTC] jon
(Jon Parise)
Thank you for your bug report. This issue has been fixed
in the latest released version of the package, which you can download at
http://pear.php.net/get/Net_SMTP