Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Matomo doesn't respect SMTP Encryption Method setting #17015

Closed
TylerVigario opened this issue Dec 23, 2020 · 5 comments · Fixed by #17039
Closed

Matomo doesn't respect SMTP Encryption Method setting #17015

TylerVigario opened this issue Dec 23, 2020 · 5 comments · Fixed by #17039
Assignees
Labels
Regression Indicates a feature used to work in a certain way but it no longer does even though it should.
Milestone

Comments

@TylerVigario
Copy link

TylerVigario commented Dec 23, 2020

I was having trouble figuring out why I couldn't send email via 127.0.0.1:25 only to figure out PHPMailer thinks my local Postfix accepts encryption.

To workaround this issue, I had to install my certificate within Postfix and access via domain.com:25

There is probably misconfiguration in my local Postfix, but shouldn't Matomo respect the STMP Encryption Method chosen? Which, in my case, is none.

Maybe we overlooked PHPMailer's SMTPAutoTLS? I think it's enabled by default.

Whether to enable TLS encryption automatically if a server supports it, even if SMTPSecure is not set to 'tls'.

Be aware that in PHP >= 5.6 this requires that the server's certificates are valid.

http://phpmailer.github.io/PHPMailer/classes/PHPMailer.PHPMailer.PHPMailer.html#property_SMTPAutoTLS

Edit: Add question about SMTPAutoTLS

@tsteur tsteur added the Regression Indicates a feature used to work in a certain way but it no longer does even though it should. label Dec 23, 2020
@tsteur tsteur added this to the 4.2.0 milestone Dec 23, 2020
@tsteur
Copy link
Member

tsteur commented Dec 23, 2020

Looking at the code there might be a regression indeed. @TylerVigario not sure if you configured mail in your config/config.ini.php directly but it might be worth trying to edit it and setting encryption = "". It looks like Matomo might assign none to SMTPSecure setting in PHP Mailer and PHP Mailer might actually not understand this value.

@TylerVigario
Copy link
Author

TylerVigario commented Dec 23, 2020

I added encryption = "" to the mail section of config/config.ini.php and the result was the same.

console:test-email

SMTP Error: Could not connect to SMTP host.
ERROR [2020-12-23 23:52:35] 447576  Uncaught exception: /var/www/matomo/vendor/phpmailer/phpmailer/src/PHPMailer.php(2052): SMTP Error: Could not connect to SMTP host.
SMTP Error: Could not connect to SMTP host.

Postfix logs

connect from localhost[127.0.0.1]
lost connection after STARTTLS from localhost[127.0.0.1]
disconnect from localhost[127.0.0.1] ehlo=1 starttls=1 commands=2

@hahayidu
Copy link

Hi,

I was mentioned before... You can check for more information.

#15891 (comment)

@TylerVigario
Copy link
Author

TylerVigario commented Dec 28, 2020

@hahayidu Thanks for pointing out my failure to use the search feature. I guess Matomo developers have considered PHPMailer's SMTPAutoTLS functionality.

I would suggest that we adjust the SMTP Encryption Method default to "auto" and add a fourth option for "none" that will disable SMTPAutoTLS. This will keep the same default security conscious approach while helping to clear things up.

@hahayidu
Copy link

Hi,

I think below screen design covers all situations.

xo_mail

    secure: {
      default: false,
      enum: [false, 'force', 'disabled', true],
      enumNames: [
        'auto (uses STARTTLS if available)',
        'force (requires STARTTLS or fail)',
        'disabled (never use STARTTLS)',
        'TLS',
      ],
      description: 'whether the connection should use TLS',
    },
    ignoreUnauthorized: {
      type: 'boolean',
      description: 'ignore certificates error (e.g. self-signed certificate)',
    }

https://github.com/vatesfr/xen-orchestra/blob/master/packages/xo-server-transport-email/src/index.js

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Regression Indicates a feature used to work in a certain way but it no longer does even though it should.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants