Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.8.1

Bug #14944 TLS connection only gets started if no AUTH methods are sent
Submitted: 2008-11-03 14:35 UTC
From: parag0n Assigned: jon
Status: Closed Package: Net_SMTP (version 1.3.1)
PHP Version: 5.2.6 OS: Ubuntu 8.10
Roadmaps: (Not assigned)    
Subscription  


 [2008-11-03 14:35 UTC] parag0n (Bob Clough)
Description: ------------ I am attempting to create a secure connection to an Exchange 2003 server, using TLS. The Exchange server supports NTLM and LOGIN Authentication, but will only allow LOGIN authentication over a TLS connection. It appears that the Net_SMTP will only allow a TLS connection if there are no AUTH methods available, and hence the connection fails. Actual result: -------------- DEBUG: Recv: 220 exc01.x.net Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Mon, 3 Nov 2008 14:35:25 +0000 DEBUG: Send: EHLO localhost DEBUG: Recv: 250-exc01.x.net Hello [10.0.0.252] DEBUG: Recv: 250-TURN DEBUG: Recv: 250-SIZE DEBUG: Recv: 250-ETRN DEBUG: Recv: 250-PIPELINING DEBUG: Recv: 250-DSN DEBUG: Recv: 250-ENHANCEDSTATUSCODES DEBUG: Recv: 250-8bitmime DEBUG: Recv: 250-BINARYMIME DEBUG: Recv: 250-CHUNKING DEBUG: Recv: 250-VRFY DEBUG: Recv: 250-TLS DEBUG: Recv: 250-STARTTLS DEBUG: Recv: 250-X-EXPS GSSAPI NTLM LOGIN DEBUG: Recv: 250-X-EXPS=LOGIN DEBUG: Recv: 250-AUTH GSSAPI NTLM LOGIN DEBUG: Recv: 250-AUTH=LOGIN DEBUG: Recv: 250-X-LINK2STATE DEBUG: Recv: 250-XEXCH50 DEBUG: Recv: 250 OK DEBUG: Send: AUTH LOGIN DEBUG: Recv: 530 5.7.0 Must issue a STARTTLS command first DEBUG: Send: RSET DEBUG: Recv: 530 5.7.0 Must issue a STARTTLS command first DEBUG: Send: QUIT DEBUG: Recv: 221 2.0.0 exc01.x.net Service closing transmission channel

Comments

 [2008-11-03 14:43 UTC] parag0n (Bob Clough)
Sorry, forgot to add, the file where the error is is "Net/SMTP.php", line number is 461.
 [2008-11-07 04:42 UTC] jon (Jon Parise)
It looks like Chuck added the STARTTLS code original and explicitly put it within that conditional. I don't know the standard well enough to know the reasoning there, though.
 [2008-12-01 04:58 UTC] lilopera (Luis Lopera)
I got the same problem when trying to send e-mails from my scripts using smtp authentication. And to fix it I had to correct line 463 on SMTP.php to look like this. if (!empty($this->_esmtp['AUTH'])) { it seems that if the mail server answer within the _negotiate() call over a non secure query that it uses authentication, the client trying to authenticate will not use TLS, hence the server will refuse authentication. Perhaps instead of asking if _esmtp['AUTH'] is empty, it would be more precise to ask if _esmtp['TLS'] or if _esmtp['STARTTLS']is set. By following the process of sending mail, the _negotiate() fucntion is called before it tryes to authenticate, and that's why _esmtp['AUTH'] gets populated, so is never empty by the time it gets to the auth() function. Hope this helps In my case I had to download the latest version of sockets.php as well. and everythning worked fine.
 [2008-12-01 05:19 UTC] lilopera (Luis Lopera)
Please be aware that my fix is ONLY a fast fix. It is just meant to force the process to start the TLS channel under my particular circumstances. From my gathering, the auth() function has to be reshaped a little in order to account for all possible scenarios
 [2008-12-20 23:07 UTC] jon (Jon Parise)
Thank you for your bug report. This issue has been fixed in the latest released version of the package, which you can download at http://pear.php.net/get/Net_SMTP