Bug #8315


Mail Report mail_report_send() behavior different than notify_via_smtp()

Added by Dale Southard about 5 years ago. Updated about 2 months ago.

Mail report
Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:


notify_via_smtp() correctly supports both SMTPS SSL and SMTP+StartTLS.
Mail Report mail_report_send() supports SMTPS SSL, but does not support StartTLS.

Background for how the recent PHPMailer versions behave here:

The pfSense notify_via_smtp() function works with both implicit (SMTPS) and explicit (SMTP+StartTLS). Implicit works with

  $config['notifications']['smtp']['port'] = 465
  $config['notifications']['smtp']['ssl'] is set true

so notify_via_smtp() makes an SSL/TLS connection to the mailhost. Explict works with
  $config['notifications']['smtp']['port'] = 587
  $config['notifications']['smtp']['ssl']  unset

so notify_via_smtp() makes a regular TCP connection to the host and then SMTPAutoTLS in PHPMailer opportunistically upgrades the connection to TLS via StartTLS. The notify_via_smtp() function does not change SMTPAutoTLS, which is defaults to true.

Mail Report mail_report_send() works as expected with implicit SMTPS on port 465, but doesn't work with explicit StartTLS on port 587.

  • If $config['notifications']['smtp']['ssl'] is set true, PHPMailer attempts to make an SSL connection to the regular TCP port 587, which fails.
  • If $config['notifications']['smtp']['ssl'] is unset, PHPMailer successfully makes a cleartext TCP connection to port 587, but since /etc/ also disables PHPMailer AutoTLS when $config['notifications']['smtp']['ssl'] is unset, the connection cannot be upgraded to TLS encryption by StartTLS and fails.

Correct fix is to accept default setting of SMTPAutoTLS=true rather than change it in /etc/ I verified this works by commenting out both SMTPAutoTLS lines in /etc/ and retesting against the With those lines removed, mail_report_send() and notify_via_smtp() both behave the same and both function correctly on 465 with SSL and 587 with opportunistic SMTPAutoTLS.


mail_reports.patch (386 Bytes) mail_reports.patch patch file for Dale Southard, 02/05/2018 06:54 PM
Actions #1

Updated by Jim Pingle almost 5 years ago

  • Target version deleted (2.4.3)
Actions #2

Updated by Jim Pingle over 3 years ago

  • Status changed from New to Feedback
  • Assignee set to Jim Pingle
  • % Done changed from 0 to 100
  • Estimated time deleted (0.50 h)

This may have already been fixed since the patch didn't match the current code, but I removed the explicit set of SMTPAutoTLS which did remain, since it was a no-op. Worth re-testing either way on 2.5.0 snapshots when the new version shows up.

Actions #3

Updated by Jim Pingle about 2 months ago

  • Status changed from Feedback to Closed

Also available in: Atom PDF