Mail Report mail_report_send() behavior different than notify_via_smtp()
notify_via_smtp() correctly supports both SMTPS SSL and SMTP+StartTLS.
mail_report_send() supports SMTPS SSL, but does not support StartTLS.
Background for how the recent PHPMailer versions behave here:
The pfSense notify_via_smtp() function works with both implicit (SMTPS) and explicit (SMTP+StartTLS). Implicit works with
$config['notifications']['smtp']['port'] = 465 $config['notifications']['smtp']['ssl'] is set true
notify_via_smtp()makes an SSL/TLS connection to the mailhost. Explict works with
$config['notifications']['smtp']['port'] = 587 $config['notifications']['smtp']['ssl'] unset
notify_via_smtp()makes a regular TCP connection to the host and then SMTPAutoTLS in PHPMailer opportunistically upgrades the connection to TLS via StartTLS. The
notify_via_smtp()function does not change SMTPAutoTLS, which is defaults to true.
mail_report_send() works as expected with implicit SMTPS on port 465, but doesn't work with explicit StartTLS on port 587.
$config['notifications']['smtp']['ssl']is set true, PHPMailer attempts to make an SSL connection to the regular TCP port 587, which fails.
$config['notifications']['smtp']['ssl']is unset, PHPMailer successfully makes a cleartext TCP connection to port 587, but since /etc/mail_reports.in also disables PHPMailer AutoTLS when
$config['notifications']['smtp']['ssl']is unset, the connection cannot be upgraded to TLS encryption by StartTLS and fails.
Correct fix is to accept default setting of SMTPAutoTLS=true rather than change it in /etc/mail_reports.in. I verified this works by commenting out both SMTPAutoTLS lines in /etc/mail_reports.in and retesting against the smtp.gmail.com. With those lines removed,
notify_via_smtp() both behave the same and both function correctly on 465 with SSL and 587 with opportunistic SMTPAutoTLS.
Updated by Jim Pingle over 2 years ago
- Status changed from New to Feedback
- Assignee set to Jim Pingle
- % Done changed from 0 to 100
- Estimated time deleted (
This may have already been fixed since the patch didn't match the current code, but I removed the explicit set of SMTPAutoTLS which did remain, since it was a no-op. Worth re-testing either way on 2.5.0 snapshots when the new version shows up.