Comments (12)
@dg Yeah, that works with gmail.
from mail.
I also tried the connection through command line and telnet. With EHLO sent first, the SMTP server responded properly:
> telnet <hidden>.mail.protection.outlook.com 25
Trying 104.47.8.36...
Connected to <hidden>.mail.protection.outlook.com.
Escape character is '^]'.
220 AM5EUR03FT021.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Wed, 15 Jul 2020 11:50:29 +0000
> EHLO
250-AM5EUR03FT021.mail.protection.outlook.com Hello [<IP address hidden>]
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8
> QUIT
221 2.0.0 Service closing transmission channel
Connection closed by foreign host.
With sending STARTTLS
command first, the server responded with an error:
> telnet <hidden>.mail.protection.outlook.com 25
Trying 104.47.9.36...
Connected to <hidden>.mail.protection.outlook.com.
Escape character is '^]'.
220 VE1EUR03FT049.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Wed, 15 Jul 2020 11:51:00 +0000
> STARTTLS
503 5.5.2 Send hello first [VE1EUR03FT049.eop-EUR03.prod.protection.outlook.com]
> EHLO
250-VE1EUR03FT049.mail.protection.outlook.com Hello [<IP address hidden>]
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8
> STARTTLS
220 2.0.0 SMTP server ready
from mail.
ping @ajaxovic
from mail.
Hmmm, that is strange, mail server hosted in cz.nic behaves differently:
telnet mail.<doamin>.cz 587
Trying <ipaddress>...
Connected to mail.<doamin>.cz.
Escape character is '^]'.
220 mail.<doamin>.cz ESMTP Postfix
EHLO mail.<doamin>.cz
250-mail.<doamin>.cz
250-PIPELINING
250-SIZE 25600000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
After some mailing with server admin, he said AUTH is not allowed on unsecured channels
. Outlook says Can't secure before EHLO
. So, two server configurations goes against each other. Frankly, I don't know right solution...
from mail.
Maybe one thing on the top of my head, is it OK to have TLS on port 25? Or should we use 587? Can you test it?
from mail.
@ajaxovic The port shouldn't be the problem as the SMTP communication works in different network layer.
from mail.
I don't fully understand the SMTP standard, but I've skimmed through the RFCs regarding the SMTP communication and this is what I found:
- In RFC 2821 describing the SMTP, there is a section 4.1.1.1 (https://tools.ietf.org/html/rfc2821#section-4.1.1.1) defining the word EHLO and in second paragraph, there is a sentence: A client SMTP SHOULD start an SMTP session by issuing the EHLO
command. Which doesn't require client to send EHLO as a first command, but in such a case, the client must have a valid reason not to do so. - In RFC 2487 (https://tools.ietf.org/html/rfc2487) describing the SMTP over TLS, in section 5: A publicly-referenced SMTP server MUST NOT require use of the STARTTLS extension in order to deliver mail locally. So I understand, that any public SMTP server can't require clients to use TLS.
- In the section 6 if the same RFC, there is an example of the SMTP session with the TLS negotiation. The client starts with the
EHLO
command - In the pull request #67 you (@ajaxovic) wrote as a reason for the pull request: There are some SMTP TLS servers, which does not send 250-AUTH PLAIN through non-tls channel... There is a RFC 4954 (https://tools.ietf.org/html/rfc4954) where in section 4 there is written: Note: A server implementation MUST implement a configuration in which it does NOT permit any plaintext password mechanisms, unless either the STARTTLS [SMTP-TLS] command has been negotiated or some other mechanism that protects the session from password snooping has been provided. That explains, why the SMTP server does not offer a 250-AUTH PLAIN. It doesn't think, the session is secured. In my opinion, the 250-AUTH PLAIN is offered after the STARTTLS proccess.
To conclude, I'm convinced, that SMTP clients should in every session start with the command EHLO, then STARTLS, if they choose to (after which the client should send EHLO again), and finally they could start the AUTH process. If the server does not offer 250-AUTH PLAIN, then the server doesn't thinkg the connection is secured and requires you to use TLS.
from mail.
What about to try EHLO, if fails, STARTTLS and try it again?
from mail.
I am reverting #67, it seems not correct, it sends twice EHLO.
from mail.
@ajaxovic can you check this d9e2741?
from mail.
@dg We're getting similar error from Gmail SMTP on 3.1.3 - SMTP server did not accept STARTTLS with error: 503 5.5.1 EHLO/HELO first
d9e2741 also does not work, but with diferent error: SMTP server did not accept STARTTLS with error: 250-smtp.gmail.com at your service, [94.112.62.114] 250-SIZE 35882577 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8
Maybe there should be second parameter here? d9e2741#diff-55f5cc92e7b5762927980bbfe6a1151cR158
from mail.
Hmmm, probably missing read(). Can you check this 9a86fb6?
from mail.
Related Issues (20)
- Message::formatEmail() HOT 1
- Custom File Name HOT 2
- Spam report: BASE64_LENGTH_79_INF HOT 1
- $mail-addTo($email) can array? HOT 1
- SMTP login with blank password
- UTF8 in attachment filename is not encoded HOT 11
- Envelope address passed to sendmail HOT 3
- Backtrack limit was exhausted with base64 encoded image HOT 2
- Message serializator HOT 2
- Only variables should be passed by reference HOT 1
- Undefined variable $response in EHLO exception in SmtpMailer
- Type error in Message->getPriority()
- imgName(1).jpg on embedded
- Support self-signed certificates HOT 2
- To: undisclosed-recipients HOT 2
- SendmailMailer: Impossible to set commandArgs HOT 1
- IMAP wrapper rewrite request HOT 1
- [Documentation] HOT 1
- Unable to send email using SendmailMailer in v4.0.2 HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mail.