starred/cypht

Fork 0

mirror of https://github.com/cypht-org/cypht.git synced 2026-04-26 05:26:00 +03:00

[GH-ISSUE #111] Problems with SMTP using STARTTLS #92

New issue

Closed

opened 2026-02-25 21:34:07 +03:00 by kerem · 8 comments

kerem commented

2026-02-25 21:34:07 +03:00

Owner

Originally created by @jasonmunro on GitHub (Aug 22, 2016).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/111

Originally assigned to: @jasonmunro on GitHub.

Dear Jason,

More food for thought: SMTP with StartTLS on port 25 won't work (tested
with hardcoded domains):

@4000000 tcpserver: status: 1/100
@4000000 tcpserver: pid 9514 from 127.0.1.106
@4000000 tcpserver: ok 9514 mmc.lan:127.0.1.107:25
:127.0.1.106::32868
@4000000 qmail-smtpd 9514: connection from 127.0.1.106
(unknown) to mmc.lan
@4000000 qmail-smtpd 9514: enabled options: max msg
size: 20480000 starttls relayclient smtp-auth-tls-required
@4000000 qmail-smtpd 9514: unrecognized command:
@4000000 qmail-smtpd 9514: unrecognized command:
@4000000 qmail-smtpd 9514: unrecognized command:
@4000000 qmail-smtpd 9514: unrecognized command:
@4000000 qmail-smtpd 9514: read error or connection closed
@4000000 tcpserver: end 9514 status 256
@4000000 tcpserver: status: 0/100

Greetings from Qmail-LDAP above. This stuff works from Thunderbird, etc.

Some food for thought for later... Good night from here!

Chris

Originally created by @jasonmunro on GitHub (Aug 22, 2016). Original GitHub issue: https://github.com/cypht-org/cypht/issues/111 Originally assigned to: @jasonmunro on GitHub. Dear Jason, More food for thought: SMTP with StartTLS on port 25 won't work (tested with hardcoded domains): @4000000 tcpserver: status: 1/100 @4000000 tcpserver: pid 9514 from 127.0.1.106 @4000000 tcpserver: ok 9514 mmc.lan:127.0.1.107:25 :127.0.1.106::32868 @4000000 qmail-smtpd 9514: connection from 127.0.1.106 (unknown) to mmc.lan @4000000 qmail-smtpd 9514: enabled options: max msg size: 20480000 starttls relayclient smtp-auth-tls-required @4000000 qmail-smtpd 9514: unrecognized command: @4000000 qmail-smtpd 9514: unrecognized command: @4000000 qmail-smtpd 9514: unrecognized command: @4000000 qmail-smtpd 9514: unrecognized command: @4000000 qmail-smtpd 9514: read error or connection closed @4000000 tcpserver: end 9514 status 256 @4000000 tcpserver: status: 0/100 Greetings from Qmail-LDAP above. This stuff works from Thunderbird, etc. Some food for thought for later... Good night from here! Chris

kerem

2026-02-25 21:34:07 +03:00

closed this issue
added the
bug

smtp
labels

kerem commented

2026-02-25 21:34:07 +03:00

Author

Owner

@jasonmunro commented on GitHub (Aug 22, 2016):

I enabled STARTTLS in my Debian exim4 setup, and was not able to trigger an error. I did find a problem with the "no_auth" option that I will push a fix for. Are you using a default SMTP server defined in the ini file? Just like the IMAP auth tls setting, the "default_smtp_tls" setting should be set to false when using STARTTLS.

@jasonmunro commented on GitHub (Aug 22, 2016): I enabled STARTTLS in my Debian exim4 setup, and was not able to trigger an error. I did find a problem with the "no_auth" option that I will push a fix for. Are you using a default SMTP server defined in the ini file? Just like the IMAP auth tls setting, the "default_smtp_tls" setting should be set to false when using STARTTLS.

kerem commented

2026-02-25 21:34:07 +03:00

Author

Owner

@jasonmunro commented on GitHub (Sep 2, 2016):

Closing this since it's not a bug but a misconfiguration issue.

@jasonmunro commented on GitHub (Sep 2, 2016): Closing this since it's not a bug but a misconfiguration issue.

kerem commented

2026-02-25 21:34:07 +03:00

Author

Owner

@conspacer commented on GitHub (Aug 2, 2017):

I am defining a STARTLS SMTP server in the accounts section. I add the server, port (587). I have tried with both states of TLS checkbox. Under both scenarios I get the error:
Unable to save this server, are the username and password correct?
I have a Tbird setup where I have verified the credentials are indeed correct.

@conspacer commented on GitHub (Aug 2, 2017): I am defining a STARTLS SMTP server in the accounts section. I add the server, port (587). I have tried with both states of TLS checkbox. Under both scenarios I get the error: ```Unable to save this server, are the username and password correct?``` I have a Tbird setup where I have verified the credentials are indeed correct.

kerem commented

2026-02-25 21:34:07 +03:00

Author

Owner

@jasonmunro commented on GitHub (Aug 2, 2017):

@conspacer thanks for the feedback. Looking at this code I think I see some issues. I'm going to re-open this issue and do some more testing.

@jasonmunro commented on GitHub (Aug 2, 2017): @conspacer thanks for the feedback. Looking at this code I think I see some issues. I'm going to re-open this issue and do some more testing.

kerem commented

2026-02-25 21:34:07 +03:00

Author

Owner

@jasonmunro commented on GitHub (Aug 2, 2017):

@conspacer I just pushed some clean up around this code - not sure it will resolve your issue, but it's at least a bit m more sane :) Could you try the following:

pull the latest from the master branch
apply the following patch https://gist.github.com/jasonmunro/c4f2fdea75f0e62adfc30bfb56d3cc96
run cypht in debug mode
try to save the SMTP server in question
check the PHP error log for the output of the patch which should show the SMTP conversation and might provide a clue as to the problem

I was able to save a SMTP server using STARTTLS (exim on port 25) without issue, so I'm still not sure whats up. If you can try the above that would be great.

thanks!

@jasonmunro commented on GitHub (Aug 2, 2017): @conspacer I just pushed some clean up around this code - not sure it will resolve your issue, but it's at least a bit m more sane :) Could you try the following: - pull the latest from the master branch - apply the following patch https://gist.github.com/jasonmunro/c4f2fdea75f0e62adfc30bfb56d3cc96 - run cypht in debug mode - try to save the SMTP server in question - check the PHP error log for the output of the patch which should show the SMTP conversation and might provide a clue as to the problem I was able to save a SMTP server using STARTTLS (exim on port 25) without issue, so I'm still not sure whats up. If you can try the above that would be great. thanks!

kerem commented

2026-02-25 21:34:07 +03:00

Author

Owner

@conspacer commented on GitHub (Aug 3, 2017):

Output:

[Thu Aug 03 11:02:10.259102 2017] [:error] [pid 15877] [client <cypht_srv_ip>:50192] string: Array\n(\n    [0] => Connecting to tls://<smtp_srv> on port 587\n    [1] => Could not connect to the SMTP server\n    [2] => fsockopen errors #0. \n)\nArray\n(\n    [0] => EHLO\n)\nArray\n(\n    [0] => Array\n        (\n        )\n\n    [1] => Array\n        (\n        )\n\n)\n, referer: https://<cypht_srv_url>/?page=servers

I know the SMTP server is working on port 587, Ill dig around to see if there is any FW issues or server related PHP configuration problems.

@conspacer commented on GitHub (Aug 3, 2017): Output: ```bash [Thu Aug 03 11:02:10.259102 2017] [:error] [pid 15877] [client <cypht_srv_ip>:50192] string: Array\n(\n [0] => Connecting to tls://<smtp_srv> on port 587\n [1] => Could not connect to the SMTP server\n [2] => fsockopen errors #0. \n)\nArray\n(\n [0] => EHLO\n)\nArray\n(\n [0] => Array\n (\n )\n\n [1] => Array\n (\n )\n\n)\n, referer: https://<cypht_srv_url>/?page=servers ``` I know the SMTP server is working on port 587, Ill dig around to see if there is any FW issues or server related PHP configuration problems.

kerem commented

2026-02-25 21:34:07 +03:00

Author

Owner

@jasonmunro commented on GitHub (Aug 3, 2017):

When adding a new server, we use fsockopen to determine if we can communicate with the host/port. This does not take into account TLS - The check will pass regardless of whether the port is a TLS or plain socket as long as it's reachable.

When saving a server with a username and password, the TLS flag does matter, so if the TLS flag does not match the socket type, the connection will fail. You should only check the TLS checkbox if the socket type is TLS (such as 993 for IMAP). SMTP on port 587 could be TLS, or it could be a normal socket.

When connecting on a normal socket, Cypht will probe the SMTP server to see if it supports STARTTLS. With STARTTLS, we connect on a non-TLS port, then if supported, "flip" to a TLS session after connection. You do not need to check the TLS checkbox for this, it happens automatically if the service supports it.

With all that said, I would try re-adding your server without the TLS checkbox checked, try to save it again, and see if the debug output is different.

@jasonmunro commented on GitHub (Aug 3, 2017): When adding a new server, we use fsockopen to determine if we can communicate with the host/port. This does not take into account TLS - The check will pass regardless of whether the port is a TLS or plain socket as long as it's reachable. When saving a server with a username and password, the TLS flag does matter, so if the TLS flag does not match the socket type, the connection will fail. You should only check the TLS checkbox if the socket type is TLS (such as 993 for IMAP). SMTP on port 587 could be TLS, or it could be a normal socket. When connecting on a normal socket, Cypht will probe the SMTP server to see if it supports STARTTLS. With STARTTLS, we connect on a non-TLS port, then if supported, "flip" to a TLS session after connection. You do not need to check the TLS checkbox for this, it happens automatically if the service supports it. With all that said, I would try re-adding your server without the TLS checkbox checked, try to save it again, and see if the debug output is different.

kerem commented

2026-02-25 21:34:07 +03:00

Author

Owner

@conspacer commented on GitHub (Aug 4, 2017):

Thanks @jasonmunro . Using the debug patch I was able to figure out the problem.

...
[0] => Connecting to {cypht_server} on port 587\n    [1] => Successfully opened port to the SMTP server\n)\nArray\n(\n    [0] => EHLO\n)\nArray\n(\n    [0] => Array\n        (\n            [0] => 220 {cypht_server} ESMTP Postfix\r\n\n        )\n\n    [1] => Array\n        (\n            [0] => 501 Syntax: EHLO hostname\r\n\n        )\n\n)\n, referer: https://{cypht_server}/?page=servers
...
PHP Warning:  php_uname() has been disabled for security reasons in /{server_dir}/cypht/modules/smtp/hm-smtp.php on line 79,

Enable php_uname in php.ini
Restart Apache
Add the server without TLS enabled on port 587
Enjoy sending email with Cypht

@conspacer commented on GitHub (Aug 4, 2017): Thanks @jasonmunro . Using the debug patch I was able to figure out the problem. ```bash ... [0] => Connecting to {cypht_server} on port 587\n [1] => Successfully opened port to the SMTP server\n)\nArray\n(\n [0] => EHLO\n)\nArray\n(\n [0] => Array\n (\n [0] => 220 {cypht_server} ESMTP Postfix\r\n\n )\n\n [1] => Array\n (\n [0] => 501 Syntax: EHLO hostname\r\n\n )\n\n)\n, referer: https://{cypht_server}/?page=servers ... PHP Warning: php_uname() has been disabled for security reasons in /{server_dir}/cypht/modules/smtp/hm-smtp.php on line 79, ``` 1. Enable php_uname in php.ini 2. Restart Apache 3. Add the server without TLS enabled on port 587 4. Enjoy sending email with Cypht