Fix SMTP Mail send #490

[mrflobow]

This commit fixes #490.
For accomplishing the goal I added the libary phpmailer (as also suggested).
No big issues with adding it to composer.
I believe with using the library lansuite mail module gets future proof and can be used in wider server configuration.

Tested following combinations:

• No Auth against local docker smtp container ->Success
• With Auth against MailTrap - >Success
• With TLS against Outlook. - >Success

For public SMTP you can't send as different user so I added an optional configuration to set the sender instead of the user itself. Example could be used with noreply@something.com .
If the configuration is left blank it will use the user E-Mail instead.

Summary:

• Refactored Mail Module
• Used widely use PHPMailer for sending mails instead of reimplenting from scratch.
• Added new settings to make SMTP configurable as needed.
• PHP Composer lock has been updated.

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
5 Code Smells

No Coverage information
0.0% Duplication

[M4LuZ]

I'm a bit on the fence for this one.
On the one hand this allows a bit of more variety in setups that we support.
On the other hand I have not yet seen a setup where mail is not handed off to a local sendmail instance that then is configured correctly.
Using personal mail accounts as in #490 appears to me more as something that should be prevented than a functionality that should be provided.

But as said: undecided, so it would be good to hear your thoughts.

[mrflobow]

In general the support for TLS has been established and the possibile to change the default port from port 25.
We can discuss about the from, but it seems to be the logical place for me. It would be confusing not to have the setting there.

I belive setting up a sendmail smtp relay is not trivial if you want to use your existing smtp relay on a linux server.
However the function was already implemented, I slightly improved it.

Are you questioning if SMTP should be supported at all?

[M4LuZ]

Sorry, let me rephrase that:
This was not about the implementation details - these are fine and I'm happy to merge as-is, but about the necessity and implications of it.

As we have generally the following use-cases/usergroups:

• Somebody wanting to run this on managed webspace: mail is usually transmitted via preconfigured sendmail instance and we're fine, as we are now
• Somebody wanting to run this on their own box: normally same applies, we are also fine
• Somebody that runs an thrown-together setup locally with W/XAMPP (also there mercury acts as local sendmail and needs separate config) in a local network as intranet system. That normally does not send any mails at all

That leaves the following use-cases where this would help:

• somebody wants to run LanSuite, but does not have the technical skills to do create, maintain and supervise the required environment
• Enterprise setups with large networks between Webserver and Mailserver, requiring encryption in between
• the odd case in a hosted environment where an remote mailserver AND encryption is required, or where an intranet instance should send mail to external recipients

And I worry that this enables especially the first group to do more harm than good.
But I could also worry for nothing and to support remote servers and TLS is a fair one.
Thus asking the round if that makes sense

[mrflobow]

@M4LuZ thanks for providing your elaborated thoughts.

I don't believe the operator would need to use mail/smtp at all for internal communication. So maybe it would be good to disable this at all.
Only thing I see necessary is using mail / smtp to send password resets or newsletters. This would reduce the use case to a noreply at something adress + sendmail/smtp relay.

Would that lower your concerns?

My guess e.g. in AWS you would be happy to use SMTP directly and from my exp. it's a pain to setup sendmail/other centos magic :D to forward to SMTP Relay. So I'm always happy to have this in an application. Just my 2cents on this :-)

[andygrunwald]

Thanks @mrflobow, for your work on this.

I am a big fan of using established libraries for standard use cases like sending emails.
I understand that many people prefer using their self-hosted sendmail or similar service. However, a big fraction of people like to delegate this to a SaaS like one of the Cloud Hyperscalers or Mailgun.

My plan is to bring this PR to the latest and mergeable state.
I think it enables more people to use the module and all current use cases are also covered.

This might enable better usecases in the future. At least, we rely on properly maintained PHP packages for the heavy lifting.

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
4 Code Smells

No Coverage information
0.2% Duplication

[andygrunwald]

@mrflobow @M4LuZ I fucked this branch up. Sorry.
My goal was to rebase it and make it mergable again. Instead I pushed way to many commits.

I opened a new PR and cherry-picked the original changes.
Look at #658

This will be the Pull Request to make this a success :)