-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SMTP: STARTTLS failed (code: 220, response: 2.0.0 Ready to start TLS) #68
Comments
Can you show me your code, please? There will be no STARTTLS connection established, when you remove the isset function. |
Sure @Schengawegga, here is the Pear code modified:
And here is the code from my website:
|
Is this code from your website online at the moment? |
@nerkaid: Have you seen the last comment of @schengawegga? |
@schengawegga @Neustradamus Hi, sorry for the delay in the response. Yes, the code is on the web and working at the moment. I've tested it a few seconds ago and is working fine with the changes I explained on the first post. |
@nerkaid From an external site, only on port 587 the connection will be established. And your changes within the if statement are not secure. please try to connect without your changes and via port 587. |
I came across the same error on my roundcube installation. The issue was that the webserver connected to the smtp server on localhost. Of course, the certificate is not valid for localhost. Roundcube has a config variable to specify SSL options. Setting the peer name in the options solved the issue. |
@rettenbs Thank you for your reply. Yes, i knew this problem. It is the same problem on my webserver, too. But it can be solved via the socket_options. See all socket_options in stream_context_create() (https://www.php.net/manual/en/context.php). The Options you need are |
Hi, sorry for the delay on the response. Yes, that's the code working atm. Is weird you cannot connect, I've just checked via telnet and I can connect and do a HELO without problem:
I've just tried the mail sent by the website and is working too. Best regards! |
Actually, if you have a valid certificate (not self-signed), setting this should be enough: $params['socket_options']['ssl']['peer_name'] = '<public domain>' The This is also more secure because SSL is verifying the peer name. Long explanation: |
@nerkaid now i established a connection via port 25 on a debian system with PHP7.4 and got the following result: DEBUG: Recv: 220 mail-node-smtp-04.dondominio.com ESMTP DD Mail System DEBUG: Recv: 250-mail-node.dondominio.com DEBUG: Recv: 220 2.0.0 Ready to start TLS DEBUG: Recv: 250-mail-node.dondominio.com DEBUG: Recv: 250 2.0.0 Ok DEBUG: Recv: 250 2.1.0 Ok DEBUG: Recv: 554 5.7.1 <********@*******>: Recipient address rejected: Access denied The access denied failure depends on not existing credentials. I think, to reproduce your issue, i have to setup a IIS8.0 system with PHP8.0. I will keep you on track when i tested it on a IIS system. |
@nerkaid Now i tested the connection on a Win2012 R2 IIS8.0 with PHP8.0 and got the same result as on my debian system with PHP7.4. I think, the issue is a problem on your server. DEBUG: Recv: 220 2.0.0 Ready to start TLS Your bebug-log shows, that the dondominio.com smtp-server answers after the tls connection is established. |
@nerkaid Does the problem still exists, or can i close this issue? |
+1 problem exists. Final code snippet from SMTP.php is: if (version_compare(PHP_VERSION, '5.1.0', '>=')
&& extension_loaded('openssl') && isset($this->esmtp['STARTTLS']) && $this->esmtp['STARTTLS']
&& strncasecmp($this->host, 'ssl://', 6) !== 0
) {
/* Start the TLS connection attempt. */ Error message: $ php -v
PHP 7.4.3-4ubuntu2.17 (cli) (built: Jan 10 2023 15:37:44) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with Zend OPcache v7.4.3-4ubuntu2.17, Copyright (c), by Zend Technologies
$ lsb_release -a
Distributor ID: Ubuntu
Description: Ubuntu 20.04.4 LTS
Release: 20.04
Codename: focal Client code looks like: $smtp = Mail::factory('smtp',
[
'host' => $this->host,
'port' => $this->port,
'auth' => true,
'username' => $this->username,
'password' => $this->password,
'socket_options' => [
'ssl' => [
'verify_peer_name' => false,
'verify_peer' => false,
'allow_self_signed' => true,
],
],
]);
$mail = $smtp->send($to, $headers, $body);
if (PEAR::isError($mail)) {
$this->error = $mail->getMessage();
return false;
} else {
return true;
} Mail server is |
@sasha-x Thanks for your comment and the technical details. When you call But the very interesting part is, that the issue occurs after upgrading from PHP7.2 to PHP7.4. Are there any updates done on the SMTP-Server? Or only the PHP update triggers the issue? With wich port do you connect to your SMTP? |
It don't works. I see
Looks so. If I disable code of
No, as I know.
PHP update &
25 or 1225. I have two configs. It both works or don't works depends on SMTP.php code modification.
External connection. |
@sasha-x Thanks for your reply. Is it possible to send me the mail-server url, or create a mail account for me to check it on my own? Otherwise, i have to setup an exchange server on my own environment. |
No, sorry. It is corporative mail server. I am not authorized to pass any account to somebody out of company.
I understand. I can try to know some config options of mail server via system administrator or get some debug logs if it can help you. But this will take some time too. |
I understand that. I do not need an account, i only need the url to the server, to check the connection via startssl. Is it possible to write me the url via mail?
Logs are always helpful ;-) |
Yes. I send it. |
@sasha-x Thank you for your mail. It helps me a lot to identify the line where the error occurs. So i do another commit with more details in the error message. My idea is, that Could you please pull my latest commit on Thanks. |
…ear#68 Issue with non-blocking streams on establishing STARTTLS encryption
@sasha-x @nerkaid now i reproduced your error behavior. So i do another commit at Please give me a quick response, if this is the solution, so i will merge it into |
…ear#68 Issue with non-blocking streams on establishing STARTTLS encryption
…ear#68 Issue with non-blocking streams on establishing STARTTLS encryption
@jparise Could you do another code-review, please? |
…ear#68 Beware of infinite loop
…ear#68 Beware of infinite loop
…ear#68 do it in a for loop
@schengawegga, new output is:
|
Update: debug output of script is:
And no mail delivered. If I remove |
@sasha-x I think, there is something with your client config, because on all of my test machines, the STARTTLS will be established well. Could you take a look into your PHP logs, There must be a line like: Or any other |
@schengawegga
Then I found ubuntu 20 - related bugreport and solution at https://stackoverflow.com/a/62359497
It works ok now.
|
In addition, my earlier answer to your question
was incomplete. I lose that client OS was upgraded from ubuntu 18 to ubuntu 20. |
Thanks for your support. I am very happy that we found a solution for that problem.
I think it is not a good solution to remove the
I am very sure, that with the fix from @nerkaid only non encrypted connections will be established to the SMTP server, because the process will never go into the code part, wich enables the TLS connection. Many servers allow non encrypted connections at the moment. Have you asked your Serveradmin, if your server allow non encrypted connections? That would be a very interresting question. |
…ear#68 more details in STARTTLS failed errormessage
I pushed a more detailed version of the STARTTLS failed errormessage in the PR. Thank you very much. |
…ear#68 more details in STARTTLS failed errormessage
…ear#68 more details in STARTTLS failed errormessage
@sasha-x Did you have time to verify my errormessage fix on you system with your old configuration? |
@schengawegga , I am busy now. May be some time later. |
…ear#68 keep backwards-compatibility to PHP5.4 by creating a method for array_filter parameter <mode> change detailied error-message from combining string to sprintf() function change usleep timing according to attempts adding error_handler on every attempt
…ear#68 changed new method name
@sasha-x, @nerkaid, @rettenbs: After several months, have you tried the @schengawegga PR? |
@sasha-x, @nerkaid, @rettenbs: After several months, have you tried the @schengawegga PR? Here: #74 Thanks in advance. |
…#74) * SMTP: STARTTLS failed (code: 220, response: 2.0.0 Ready to start TLS) #68 * SMTP: STARTTLS failed (code: 220, response: 2.0.0 Ready to start TLS) #68 * SMTP: STARTTLS failed (code: 220, response: 2.0.0 Ready to start TLS) #68 Issue with non-blocking streams on establishing STARTTLS encryption * SMTP: STARTTLS failed (code: 220, response: 2.0.0 Ready to start TLS) #68 Beware of infinite loop * SMTP: STARTTLS failed (code: 220, response: 2.0.0 Ready to start TLS) #68 do it in a for loop * SMTP: STARTTLS failed (code: 220, response: 2.0.0 Ready to start TLS) #68 more details in STARTTLS failed errormessage * SMTP: STARTTLS failed (code: 220, response: 2.0.0 Ready to start TLS) #68 keep backwards-compatibility to PHP5.4 by creating a method for array_filter parameter <mode> change detailied error-message from combining string to sprintf() function change usleep timing according to attempts adding error_handler on every attempt * SMTP: STARTTLS failed (code: 220, response: 2.0.0 Ready to start TLS) #68 changed new method name * Update Net/SMTP.php Co-authored-by: Jon Parise <jon@indelible.org> * Update Net/SMTP.php Co-authored-by: Jon Parise <jon@indelible.org> * Update Net/SMTP.php --------- Co-authored-by: Jon Parise <jon@indelible.org>
Suddenly my web start to give this error when trying to send an email:
[SMTP: STARTTLS failed (code: 220, response: 2.0.0 Ready to start TLS)]
If enabling debug mode I'm getting this info:
DEBUG: Recv: 220 mail-node-smtp-02.dondominio.com ESMTP DD Mail System
DEBUG: Send: EHLO localhost
DEBUG: Recv: 250-mail-node.dondominio.com
DEBUG: Recv: 250-PIPELINING
DEBUG: Recv: 250-SIZE 51200000
DEBUG: Recv: 250-ETRN
DEBUG: Recv: 250-STARTTLS
DEBUG: Recv: 250-AUTH PLAIN LOGIN
DEBUG: Recv: 250-AUTH=PLAIN LOGIN
DEBUG: Recv: 250-ENHANCEDSTATUSCODES
DEBUG: Recv: 250-8BITMIME
DEBUG: Recv: 250-DSN
DEBUG: Recv: 250 CHUNKING
DEBUG: Send: STARTTLS
DEBUG: Recv: 220 2.0.0 Ready to start TLS
DEBUG: Send: RSET
DEBUG: Recv: \qz0x9|PT&2VVSl1Nu(XaQ4 FUȩKXHiJcRJ~aj_/$-S셀䰖C
DEBUG: Send: QUIT
DEBUG: Recv: r^O_QW]H"F+zt3^E0Fԋת@
After take a look on some forums, I found it can be fixed changing the line 588 of "Net\SMTP.php" from:
&& extension_loaded('openssl') && isset($this->esmtp['STARTTLS'])
to:
&& extension_loaded('openssl') && $this->esmtp['STARTTLS']
After the change everything start to work fine like before.
My setup is WS 2012 R2 with IIS8, PHP8.0 and pear up to date at January date.
Thanks and best regards!
The text was updated successfully, but these errors were encountered: