Bug - Email configuration (Closed)

jonas.von.scholten · January 30, 2017, 3:01pm

The ~/app/Network/Email/ErambaCakeEmail.php contains an error.

The following clause does not allow for default SMTP relay (unauthorized):

    if ($settings['SMTP_USE'] == 1) {
        $emailConfig['transport'] = 'Smtp';
        $emailConfig['host'] = $settings['SMTP_HOST'];
        $emailConfig['username'] = $settings['SMTP_USER'];
        $emailConfig['password'] = $settings['SMTP_PWD'];
        $emailConfig['timeout'] = $settings['SMTP_TIMEOUT'];
        $emailConfig['port'] = $settings['SMTP_PORT'];

        if ($settings['USE_SSL'] == Setting::USE_SSL_SSL) {
            $host = 'ssl://' . $emailConfig['host'];
            $emailConfig['host'] = $host;
        }

        if ($settings['USE_SSL'] == Setting::USE_SSL_TLS) {
            $emailConfig['tls'] = true;
        }
    }

Please insert this extra if-clause or similar (after the last update the mail feature broke):

    if ($settings['SMTP_USE'] == 1) {
        $emailConfig['transport'] = 'Smtp';
        $emailConfig['host'] = $settings['SMTP_HOST'];

        if($settings['USE_SSL'] != 0){
            $emailConfig['username'] = $settings['SMTP_USER'];
            $emailConfig['password'] = $settings['SMTP_PWD'];
        }

        $emailConfig['timeout'] = $settings['SMTP_TIMEOUT'];
        $emailConfig['port'] = $settings['SMTP_PORT'];

        if ($settings['USE_SSL'] == Setting::USE_SSL_SSL) {
            $host = 'ssl://' . $emailConfig['host'];
            $emailConfig['host'] = $host;
        }

        if ($settings['USE_SSL'] == Setting::USE_SSL_TLS) {
            $emailConfig['tls'] = true;
        }
    }

kisero · January 25, 2017, 5:08pm

Hi Jonas,

What you mean by “default SMTP relay (unauthorized)” ?

thanks

martin · January 25, 2017, 5:50pm

Hello,

As I understand now, you are trying to use a SMTP server that does not require authentication at all.

after some digging i understand what is the problem in your case, your snippet of code confused me for a moment because it would force unauthorized login for all servers not using encryption to connect. Its clear at the moment and we will provide a fix for this case on our next update.

Thanks for reporting,
Martin

jonas.von.scholten · January 25, 2017, 7:30pm

Yes… My fix is not really a fix…

The fix should be something like (PseudoCode):
If ($setting[SMTP_UserName] != Null) {
SetUsernameAndPassword();

}

That way you can leave the username/password empty or still use basic authentication on port 25(not possible with my fix)

kisero · January 26, 2017, 8:54am

Hi jonas,

https://github.com/kisero/eramba_v2/issues/454

there we go - the compliance pdf you asked me the other day is also in this package!

regards