View Issue Details

IDProjectCategoryView StatusLast Update
0032956mantisbtemailpublic2023-10-06 06:52
Reporterkaostc Assigned Toatrol  
Status closedResolutionno change required 
Product Version2.24.1 
Summary0032956: Sending mails via SMTP/PHPMailer seems to always default to CRAM-MD5 password

I was trying to configure mantisbt to send mail nofitications, using this configuration:

$g_phpMailer_method = PHPMAILER_METHOD_SMTP;
$g_smtp_host = '';
$g_smtp_username = '';
$g_smtp_password = 'password';
$g_smtp_port = '587';
$g_smtp_connection_mode = 'tls';
$g_administrator_email = '';
$g_webmaster_email = '';
$g_from_email = ''; # the "From: " field in emails
$g_return_path_email = ''; # the return address for bounce>
$g_from_name = 'Mantis Bug Tracker';
$g_enable_email_notification = ON;

It didn't works, and checking my SMTP server logs, I found that it was trying to authenticate using CRAM-MD5, whereas using plain text password was the intended.

After diving a bit into MaintsBT, I found that $t_mail->AuthType (property of PHPMailer class) is never set, and seems to default to CRAM-MD5. So I solved my problem by hardcoding a new line in core/email_api.php between lines 1310 and 1311:

$t_mail->AuthType = 'PLAIN';

It worked like a charm, and I started receiving emails.

Maybe I have missed some code where the AuthType is handled, but in case I haven't, a new parameter to handle this should be implemented to make sending mail feature compatible with SMTP servers that does not support CRAM-MD5.

Steps To Reproduce
  1. Configure MantisBT to send mails via SMTP server that does not support CRAM-MD5
  2. Force MantisBT to end an email.
  3. Check SMTP server logs to find the error.
TagsNo tags attached.
Attached Files
imagen.png (48,609 bytes)   
imagen.png (48,609 bytes)   




2023-09-23 14:38

developer   ~0068131

Are you able to reproduce with latest stable MantisBT version (2.25.7 at the moment)?
This comes also with a newer PHPMailer version.
According the PHPMailer code it should also work without any code change in MantisBT.

                //If no auth mechanism is specified, attempt to use these, in this order
                //Try CRAM-MD5 first as it's more secure than the others
                foreach (['CRAM-MD5', 'LOGIN', 'PLAIN', 'XOAUTH2'] as $method) {
                    if (in_array($method, $this->server_caps['AUTH'], true)) {
                        $authtype = $method;


2023-09-24 04:16

reporter   ~0068132

Updated and working without any code change. Thanks!