View Issue Details

WikiJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0032956mantisbtemailpublic2023-09-23 06:132023-10-06 06:52
Reporterkaostc Assigned Toatrol  
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionno change required 
Product Version2.24.1 
Summary0032956: Sending mails via SMTP/PHPMailer seems to always default to CRAM-MD5 password
Description

I was trying to configure mantisbt to send mail nofitications, using this configuration:

$g_phpMailer_method = PHPMAILER_METHOD_SMTP;
$g_smtp_host = 'smtp.dreamhost.com';
$g_smtp_username = 'envios@cordoba.cc';
$g_smtp_password = 'password';
$g_smtp_port = '587';
$g_smtp_connection_mode = 'tls';
$g_administrator_email = 'envios@cordoba.cc';
$g_webmaster_email = 'envios@cordoba.cc';
$g_from_email = 'envios@cordoba.cc'; # the "From: " field in emails
$g_return_path_email = 'envios@cordoba.cc'; # the return address for bounce>
$g_from_name = 'Mantis Bug Tracker';
$g_enable_email_notification = ON;

It didn't works, and checking my SMTP server logs, I found that it was trying to authenticate using CRAM-MD5, whereas using plain text password was the intended.

After diving a bit into MaintsBT, I found that $t_mail->AuthType (property of PHPMailer class) is never set, and seems to default to CRAM-MD5. So I solved my problem by hardcoding a new line in core/email_api.php between lines 1310 and 1311:

$t_mail->AuthType = 'PLAIN';

It worked like a charm, and I started receiving emails.

Maybe I have missed some code where the AuthType is handled, but in case I haven't, a new parameter to handle this should be implemented to make sending mail feature compatible with SMTP servers that does not support CRAM-MD5.

Steps To Reproduce
  1. Configure MantisBT to send mails via SMTP server that does not support CRAM-MD5
  2. Force MantisBT to end an email.
  3. Check SMTP server logs to find the error.
TagsNo tags attached.
Attached Files
imagen.png (48,609 bytes)   
imagen.png (48,609 bytes)   

Activities

atrol

atrol

2023-09-23 14:38

developer   ~0068131

Are you able to reproduce with latest stable MantisBT version (2.25.7 at the moment)?
This comes also with a newer PHPMailer version.
According the PHPMailer code it should also work without any code change in MantisBT.

                //If no auth mechanism is specified, attempt to use these, in this order
                //Try CRAM-MD5 first as it's more secure than the others
                foreach (['CRAM-MD5', 'LOGIN', 'PLAIN', 'XOAUTH2'] as $method) {
                    if (in_array($method, $this->server_caps['AUTH'], true)) {
                        $authtype = $method;
                        break;
                    }
                }
kaostc

kaostc

2023-09-24 04:16

reporter   ~0068132

Updated and working without any code change. Thanks!