Project

General

Profile

Bug #8315

Mail Report mail_report_send() behavior different than notify_via_smtp()

Added by Dale Southard over 1 year ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Mail report
Target version:
-
Start date:
02/05/2018
Due date:
% Done:

0%

Estimated time:
0.50 h
Affected Version:
2.4.2_1
Affected Architecture:
All

Description

notify_via_smtp() correctly supports both SMTPS SSL and SMTP+StartTLS.
Mail Report mail_report_send() supports SMTPS SSL, but does not support StartTLS.

Background for how the recent PHPMailer versions behave here:
https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting#encryption-flavours

The pfSense notify_via_smtp() function works with both implicit (SMTPS) and explicit (SMTP+StartTLS). Implicit works with

  $config['notifications']['smtp']['port'] = 465
  $config['notifications']['smtp']['ssl'] is set true

so notify_via_smtp() makes an SSL/TLS connection to the mailhost. Explict works with
  $config['notifications']['smtp']['port'] = 587
  $config['notifications']['smtp']['ssl']  unset

so notify_via_smtp() makes a regular TCP connection to the host and then SMTPAutoTLS in PHPMailer opportunistically upgrades the connection to TLS via StartTLS. The notify_via_smtp() function does not change SMTPAutoTLS, which is defaults to true.

Mail Report mail_report_send() works as expected with implicit SMTPS on port 465, but doesn't work with explicit StartTLS on port 587.

  • If $config['notifications']['smtp']['ssl'] is set true, PHPMailer attempts to make an SSL connection to the regular TCP port 587, which fails.
  • If $config['notifications']['smtp']['ssl'] is unset, PHPMailer successfully makes a cleartext TCP connection to port 587, but since /etc/mail_reports.in also disables PHPMailer AutoTLS when $config['notifications']['smtp']['ssl'] is unset, the connection cannot be upgraded to TLS encryption by StartTLS and fails.

Correct fix is to accept default setting of SMTPAutoTLS=true rather than change it in /etc/mail_reports.in. I verified this works by commenting out both SMTPAutoTLS lines in /etc/mail_reports.in and retesting against the smtp.gmail.com. With those lines removed, mail_report_send() and notify_via_smtp() both behave the same and both function correctly on 465 with SSL and 587 with opportunistic SMTPAutoTLS.

mail_reports.patch (386 Bytes) mail_reports.patch patch file for mail_reports.inc Dale Southard, 02/05/2018 06:54 PM

History

#1 Updated by Jim Pingle over 1 year ago

  • Target version deleted (2.4.3)

Also available in: Atom PDF