Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.12.1

Bug #18594 Net_SMTP-1.6.0 breaks SMTP-Auth
Submitted: 2011-06-12 01:13 UTC
From: rhsoftware Assigned: jon
Status: Closed Package: Net_SMTP (version 1.6.0)
PHP Version: 5.3.6 OS: Fedora Linux x86_64
Roadmaps: (Not assigned)    
Subscription  


 [2011-06-12 01:13 UTC] rhsoftware (Harald Reindl)
Description: ------------ After upgrade ok: channel://pear.php.net/Net_SMTP-1.6.0 SMTP-Auth for Horde-Webmail (IMP H3 4.3.9) is broken, means it does not try authentication and that is why postfix rejects [SMTP: Invalid response code received from server (code: 554, response: 5.7.1 <buildserver.thelounge.net[10.0.0.103]>: Client host rejected: Access denied 5.7.1 this is sure a PEAR-Problem because after rsync a backup from /usr/share/pear it works again without touching any configuration $conf['mailer']['params']['host'] = 'backup-dbmail.thelounge.net'; $conf['mailer']['params']['port'] = 587; $conf['mailer']['params']['auth'] = 'DIGEST-MD5'; $conf['mailer']['params']['username'] = 'webmail@thelounge.net'; $conf['mailer']['params']['password'] = '***********'; $conf['mailer']['type'] = 'smtp'; sorry but this is a basic-function of smtp which should not be broken by any update and only luck let find users such things after "pear upgrade" because you can never test anything a webapp is doing why can a fucking "pear upgrade" in the terminal not show what apckages are available and after confirm do an update - this is a blind butcher Expected result: ---------------- send a message Actual result: -------------- smtp-auth is ignored and message rejected

Comments

 [2011-06-12 11:39 UTC] doconnor (Daniel O'Connor)
Hi Harald, Thanks for the report. Can I ask you to adjust your tone in future when making bug reports; and include reproducible test steps - many of the people here are volunteers; and none of them intentionally set out to break things for you. Now what was the previous version of net_smtp you were using/have currently restored to? $ pear list | grep Net_SMTP At the very least, we can then look at all of the changes to identify where potential regression occurred. Secondly, can I get you to verify that the version of imp you were using previously is 4.3.9 - there's a reasonable chance that configuration in is no longer set up the same way or otherwise changed in some subtle way. Thirdly, can I get you to try to make a small reproducible test case using only Net_SMTP & the assorted credentials - we can use to 100% verify it is Net_SMTP which is the problem; and to prove any fixes that are made are tested.
 [2011-06-12 11:39 UTC] doconnor (Daniel O'Connor)
-Status: Open +Status: Feedback
 [2011-06-17 15:48 UTC] rhsoftware (Harald Reindl)
Net_SMTP 1.5.2 stable imp-4.3.9-3.fc14.rh.20110526.noarch IMP is not changed because Horde4 is not a topic here this time So the only change is Net_SMTP > we can use to 100% verify it is Net_SMTP which is the problem it is becazse nothing other file is zouched on the system and it is the only PEAR-package which is updated and after revert this the problem is solved
 [2011-06-17 22:33 UTC] jon (Jon Parise)
-Assigned To: +Assigned To: jon
The SMTP AUTH method selection code was rewritten for version 1.6.0. (The goal is to allow additional external AUTH methods to be registered with Net_SMTP.) The existing AUTH implementations, including DIGEST-MD5, should be the same as in previous version of Net_SMTP. Given that, these would be helpful next steps: - Temporarily try a different AUTH method other than DIGEST-MD5. LOGIN and PLAIN are good candidates. - Enable Net_SMTP's debugging mode (setDebug(true)). This will dump the full SMTP conversation to the output stream. That will be very helpful in determining where things are going wrong. I unfortunately don't know the easiest way to do that from within IMP. And my apologies for introducing this problem in the first place.
 [2011-06-18 17:27 UTC] rhsoftware (Harald Reindl)
Sorry but i am in this case inly a enduser of horde/pear_smtp, never used it actevily an dfrom monday on two weeks at holiday, so i worked day and night the last week - no way to play with debugging here :-(
 [2011-08-12 18:51 UTC] rhsoftware (Harald Reindl)
$conf['mailer']['params']['auth'] = 'PLAIN'; will "solve" the problem please can anybody fix this bug since the latest horde-release does change nothing, horde-devs calling my reports FUD as also calling this bugreport FUD and fact is the PAER-Update breaks MD%-Authentication, there is NO authetication try on the server if using CRAM-MD5
 [2011-08-12 23:32 UTC] jon (Jon Parise)
Because I'm still having trouble reproducing this problem myself, it would be very helpful if you could either attach the SMTP debugging output (see my previous comment) or some sort of equivalent wire capture. Alternatively, could you contact me directly (jon@php.net) with a temporary username and password for your SMTP server that I could use to reproduce and debug the problem? No one here is calling this bug report FUD, but I'm afraid I can't do much more to help without a few more details. Thanks.
 [2011-08-13 04:03 UTC] rhsoftware (Harald Reindl)
How should i debug SMTP-Sessions from Horde? I recommend that you setup Horde3 to reproduce this or make a request by the horde-developers which are ignoring users since years on bugreports to help debug this, 100% sure i am not the only one with this problem as long i am not the only one which does use CRAM-MD5 IT IS NO FAILED AUTH, USING CRAM-MD5 DOES NO AUTH se my first post with the "Client host rejected" from postfix, this is directly after connect and there is no auth
 [2011-08-13 23:06 UTC] jon (Jon Parise)
-Status: Feedback +Status: Closed
Thank you for your bug report. This issue has been fixed in the latest released version of the package, which you can download at http://pear.php.net/get/ Version 1.6.1 should fix the SASL-based AUTH methods.
 [2011-08-14 01:01 UTC] rhsoftware (Harald Reindl)
confirmed - 1.6.1 is fixing the problem Aug 13 20:58:29 backup-dbmail postfix/smtpd[15166]: Anonymous TLS connection established from buildserver.*****[10.0.0.103]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Aug 13 20:58:29 backup-dbmail postfix/smtpd[15166]: 208DA97: client=buildserver.*****[10.0.0.103], sasl_method=CRAM-MD5, sasl_username=webmail@***** Aug 13 20:58:29 backup-dbmail postfix/cleanup[15170]: 208DA97: message-id=<20110813205828.1686752gpu29ya8k@webmail2.*****> Aug 13 20:58:29 backup-dbmail postfix/qmgr[13386]: 208DA97: from=<h.reindl@*****>, size=888, nrcpt=1 (queue active)