@TylerVigario opened this Issue on December 23rd 2020

I was having trouble figuring out why I couldn't send email via 127.0.0.1:25 only to figure out PHPMailer thinks my local Postfix accepts encryption.

To workaround this issue, I had to install my certificate within Postfix and access via domain.com:25

There is probably misconfiguration in my local Postfix, but shouldn't Matomo respect the STMP Encryption Method chosen? Which, in my case, is none.

Maybe we overlooked PHPMailer's SMTPAutoTLS? I think it's enabled by default.

Whether to enable TLS encryption automatically if a server supports it, even if SMTPSecure is not set to 'tls'.

Be aware that in PHP >= 5.6 this requires that the server's certificates are valid.

http://phpmailer.github.io/PHPMailer/classes/PHPMailer.PHPMailer.PHPMailer.html#property_SMTPAutoTLS

Edit: Add question about SMTPAutoTLS

@tsteur commented on December 23rd 2020 Member

Looking at the code there might be a regression indeed. @TylerVigario not sure if you configured mail in your config/config.ini.php directly but it might be worth trying to edit it and setting encryption = "". It looks like Matomo might assign none to SMTPSecure setting in PHP Mailer and PHP Mailer might actually not understand this value.

@TylerVigario commented on December 23rd 2020

I added encryption = "" to the mail section of config/config.ini.php and the result was the same.

console:test-email

SMTP Error: Could not connect to SMTP host.
ERROR [2020-12-23 23:52:35] 447576  Uncaught exception: /var/www/matomo/vendor/phpmailer/phpmailer/src/PHPMailer.php(2052): SMTP Error: Could not connect to SMTP host.
SMTP Error: Could not connect to SMTP host.

Postfix logs

connect from localhost[127.0.0.1]
lost connection after STARTTLS from localhost[127.0.0.1]
disconnect from localhost[127.0.0.1] ehlo=1 starttls=1 commands=2
@hahayidu commented on December 28th 2020

Hi,

I was mentioned before... You can check for more information.

https://github.com/matomo-org/matomo/pull/15891#issuecomment-745246666

@TylerVigario commented on December 28th 2020

@hahayidu Thanks for pointing out my failure to use the search feature. I guess Matomo developers have considered PHPMailer's SMTPAutoTLS functionality.

I would suggest that we adjust the SMTP Encryption Method default to "auto" and add a fourth option for "none" that will disable SMTPAutoTLS. This will keep the same default security conscious approach while helping to clear things up.

@hahayidu commented on December 29th 2020

Hi,

I think below screen design covers all situations.

xo_mail

secure: {
default: false,
enum: [false, 'force', 'disabled', true],
enumNames: [
'auto (uses STARTTLS if available)',
'force (requires STARTTLS or fail)',
'disabled (never use STARTTLS)',
'TLS',
],
description: 'whether the connection should use TLS',
},
ignoreUnauthorized: {
type: 'boolean',
description: 'ignore certificates error (e.g. self-signed certificate)',
}

https://github.com/vatesfr/xen-orchestra/blob/master/packages/xo-server-transport-email/src/index.js

This Issue was closed on January 5th 2021
Powered by GitHub Issue Mirror