Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Mailer] Fix SMTP Authentication when using STARTTLS #34760

Merged
merged 1 commit into from Dec 7, 2019

Conversation

@DjLeChuck
Copy link
Contributor

DjLeChuck commented Dec 2, 2019

Q A
Branch? 4.4
Bug fix? yes
New feature? no
Deprecations? no
Tickets Fix #34522
License MIT

When the mail server uses STARTTLS, the SMTP Authentication is not performed because the AUTH capabilities are not send during the first EHLO call, but during the second one.

Example of problematic exchange solved by this PR:

      < 220 mydomain.tld ESMTP Postcow
      > EHLO [127.0.0.1]
      < 250-mydomain.tld
      < 250-PIPELINING
      < 250-SIZE 104857600
      < 250-ETRN
      < 250-STARTTLS
      < 250-ENHANCEDSTATUSCODES
      < 250-8BITMIME
      < 250-DSN
      < 250 CHUNKING
      > STARTTLS
      < 220 2.0.0 Ready to start TLS
      > EHLO [127.0.0.1]
      < 250-mydomain.tld
      < 250-PIPELINING
      < 250-SIZE 104857600
      < 250-ETRN
      < 250-AUTH PLAIN LOGIN
      < 250-AUTH=PLAIN LOGIN
      < 250-ENHANCEDSTATUSCODES
      < 250-8BITMIME
      < 250-DSN
      < 250 CHUNKING
      > MAIL FROM:<noreply@XXX>
      < 250 2.1.0 Ok
      > RCPT TO:<XXX>
      < 554 5.7.1 <XXX>: Client host rejected: Access denied
@stof

This comment has been minimized.

Copy link
Member

stof commented Dec 2, 2019

Is it possible to write a test covering this, to prevent regressions ?

@DjLeChuck

This comment has been minimized.

Copy link
Contributor Author

DjLeChuck commented Dec 2, 2019

Yes off course @stof !

Can I use some fixed EHLO exchanges like the one above or should I connect to a real server?

@fabpot

This comment has been minimized.

Copy link
Member

fabpot commented Dec 2, 2019

@DjLeChuck We tend to avoid connecting to real servers to have fast and stable tests. So, replaying a real scenario is best.

@DjLeChuck

This comment has been minimized.

Copy link
Contributor Author

DjLeChuck commented Dec 2, 2019

I'm stuck, I don't know how to test without having to connect to a real server.

I don't know well PHPUnit and I lose myself in the mocking system. If someone wants to take the problem or help me, you're welcome!

@fabpot
fabpot approved these changes Dec 7, 2019
@fabpot

This comment has been minimized.

Copy link
Member

fabpot commented Dec 7, 2019

Thank you @DjLeChuck.

fabpot added a commit that referenced this pull request Dec 7, 2019
…Chuck)

This PR was merged into the 4.4 branch.

Discussion
----------

[Mailer] Fix SMTP Authentication when using STARTTLS

| Q             | A
| ------------- | ---
| Branch?       | 4.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | Fix #34522
| License       | MIT

When the mail server uses STARTTLS, the SMTP Authentication is not performed because the AUTH capabilities are not send during the first EHLO call, but during the second one.

Example of problematic exchange solved by this PR:
```
      < 220 mydomain.tld ESMTP Postcow
      > EHLO [127.0.0.1]
      < 250-mydomain.tld
      < 250-PIPELINING
      < 250-SIZE 104857600
      < 250-ETRN
      < 250-STARTTLS
      < 250-ENHANCEDSTATUSCODES
      < 250-8BITMIME
      < 250-DSN
      < 250 CHUNKING
      > STARTTLS
      < 220 2.0.0 Ready to start TLS
      > EHLO [127.0.0.1]
      < 250-mydomain.tld
      < 250-PIPELINING
      < 250-SIZE 104857600
      < 250-ETRN
      < 250-AUTH PLAIN LOGIN
      < 250-AUTH=PLAIN LOGIN
      < 250-ENHANCEDSTATUSCODES
      < 250-8BITMIME
      < 250-DSN
      < 250 CHUNKING
      > MAIL FROM:<noreply@XXX>
      < 250 2.1.0 Ok
      > RCPT TO:<XXX>
      < 554 5.7.1 <XXX>: Client host rejected: Access denied
```

Commits
-------

75b5454 [Mailer] Fix SMTP Authentication when using STARTTLS
@fabpot fabpot merged commit 75b5454 into symfony:4.4 Dec 7, 2019
3 checks passed
3 checks passed
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
fabbot.io Your code looks good.
Details
@DjLeChuck DjLeChuck deleted the DjLeChuck:fix-symfony-mailer-starttls-auth branch Dec 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.