[solved] mantis email by gmail smtp

Get help from other users here.

Moderators: Developer, Contributor

Post Reply
Gregosky
Posts: 4
Joined: 22 Oct 2014, 14:54

[solved] mantis email by gmail smtp

Post by Gregosky »

Hi, I'm new to this forum however I use mantis since 2007 (so I have had no need to post any question since that time).
I have reviewed posts that are relevant to my case - no joy.

In short - emails notifications have been working fine until August. I'm not sure what happened (maybe system update have broken something...) however I cannot establish a ssl connection with smtp.gmail.comn any more.

I have reviewed host name, port, user name, password etc. and tried different configurations suggested on this forum - unsuccessfully.

I have turned iptables off - no success.

I'm starting to think that maybe disable_functions is the case?

I would appreciate your help.

Details of my system:
Mantis 1.2.17 running on Arch Linux 3.16.4-1-ARCH x86-64
Web stack based on NginX (1.6.2) and php(5.6.2)

In php.ini I'm disabling following functions:
disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

I have tried to troubleshoot this by writing simple test_email.php (with that I could connect to the server), here it is below:

Code: Select all

<?php
echo("<p>start</p>");

require_once "library/phpmailer/class.smtp.php";

$from = "xxx@gmail.com";
$to = "xxx@yahoo.com";
$subject = "Hi!";
$body = "Hi,\n\nHow are you?";
$host = "smtp.gmail.com";
//$port = "587";
$port = "465";
$username = "xxx@gmail.com";
$password = "xxx";
$headers = array ('From' => $from, 'To' => $to, 'Subject' => $subject);

echo("create smtp object<br />");
$smtp = new smtp();

$smtp->Debugoutput = 'echo';
$smtp->do_debug = 55;

echo("connect<br />");
try
{
        $smtp->Connect($host, $port);
}
catch (Exception $e)
{
        echo ('Caught exception: ' .  $e->getMessage() . "<br />");
}

echo("helo<br />");
try
{
        $smtp->Hello($host);
}
catch (Exception $e)
{
        echo ('Caught exception: ' .  $e->getMessage() . "<br />");
}

/*
echo("starttls<br />");
try
{
        $smtp->StartTLS();
}
catch (Exception $e)
{
        echo ('Caught exception: ' .  $e->getMessage() . "<br />");
}
*/

echo("authenticate<br />");
try
{
        $smtp->Authenticate($username, $password);
}
catch (Exception $e)
{
        echo ('Caught exception: ' .  $e->getMessage() . "<br />");
}

if ( $smtp->Connected() )
{
        echo("connected<br />");
}
else
{
        echo("error!<br />");
}

echo("close<br />");
$smtp->Close();
echo("closed<br />");

?>
Result of above is:

Code: Select all

start
create smtp object
connect
SMTP -> ERROR: Failed to connect to server: Connection timed out (110)
authenticate
CLIENT -> SMTP: AUTH LOGIN
SMTP -> ERROR: AUTH not accepted from server:
error!
close
closed
So I get timeout even though I am able to get there if I run following from my command line (I'm given a standard smtp prompt, I can issue HELO command and then AUTH LOGIN - all works nice):

Code: Select all

openssl s_client -connect smtp.gmail.com:465
When I change port to 587 and uncomment STARTTLS section I get a lot of lines showing server is responding but it all ends with an error:

Code: Select all

SMTP -> ERROR: AUTH not accepted from server: >>some binary<<
Full output:

Code: Select all

start
create smtp object
connect
SMTP -> get_lines(): $data was ""
SMTP -> get_lines(): $str is "220 mx.google.com ESMTP ei1sm2226014wib.20 - gsmtp "
SMTP -> get_lines(): $data is "220 mx.google.com ESMTP ei1sm2226014wib.20 - gsmtp "
SMTP -> FROM SERVER:220 mx.google.com ESMTP ei1sm2226014wib.20 - gsmtp
helo
CLIENT -> SMTP: EHLO smtp.gmail.com
SMTP -> get_lines(): $data was ""
SMTP -> get_lines(): $str is "250-mx.google.com at your service, [xxx.xxx.xxx.xxx] "
SMTP -> get_lines(): $data is "250-mx.google.com at your service, [xxx.xxx.xxx.xxx] "
SMTP -> get_lines(): $data was "250-mx.google.com at your service, [xxx.xxx.xxx.xxx] "
SMTP -> get_lines(): $str is "250-SIZE 35882577 "
SMTP -> get_lines(): $data is "250-mx.google.com at your service, [xxx.xxx.xxx.xxx] 250-SIZE 35882577 "
SMTP -> get_lines(): $data was "250-mx.google.com at your service, [xxx.xxx.xxx.xxx] 250-SIZE 35882577 "
SMTP -> get_lines(): $str is "250-8BITMIME "
SMTP -> get_lines(): $data is "250-mx.google.com at your service, [xxx.xxx.xxx.xxx] 250-SIZE 35882577 250-8BITMIME "
SMTP -> get_lines(): $data was "250-mx.google.com at your service, [xxx.xxx.xxx.xxx] 250-SIZE 35882577 250-8BITMIME "
SMTP -> get_lines(): $str is "250-STARTTLS "
SMTP -> get_lines(): $data is "250-mx.google.com at your service, [xxx.xxx.xxx.xxx] 250-SIZE 35882577 250-8BITMIME 250-STARTTLS "
SMTP -> get_lines(): $data was "250-mx.google.com at your service, [xxx.xxx.xxx.xxx] 250-SIZE 35882577 250-8BITMIME 250-STARTTLS "
SMTP -> get_lines(): $str is "250-ENHANCEDSTATUSCODES "
SMTP -> get_lines(): $data is "250-mx.google.com at your service, [xxx.xxx.xxx.xxx] 250-SIZE 35882577 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES "
SMTP -> get_lines(): $data was "250-mx.google.com at your service, [xxx.xxx.xxx.xxx] 250-SIZE 35882577 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES "
SMTP -> get_lines(): $str is "250-PIPELINING "
SMTP -> get_lines(): $data is "250-mx.google.com at your service, [xxx.xxx.xxx.xxx] 250-SIZE 35882577 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING "
SMTP -> get_lines(): $data was "250-mx.google.com at your service, [xxx.xxx.xxx.xxx] 250-SIZE 35882577 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING "
SMTP -> get_lines(): $str is "250-CHUNKING "
SMTP -> get_lines(): $data is "250-mx.google.com at your service, [xxx.xxx.xxx.xxx] 250-SIZE 35882577 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING "
SMTP -> get_lines(): $data was "250-mx.google.com at your service, [xxx.xxx.xxx.xxx] 250-SIZE 35882577 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING "
SMTP -> get_lines(): $str is "250 SMTPUTF8 "
SMTP -> get_lines(): $data is "250-mx.google.com at your service, [xxx.xxx.xxx.xxx] 250-SIZE 35882577 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8 "
SMTP -> FROM SERVER: 250-mx.google.com at your service, [xxx.xxx.xxx.xxx] 250-SIZE 35882577 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8
starttls
CLIENT -> SMTP: STARTTLS
SMTP -> get_lines(): $data was ""
SMTP -> get_lines(): $str is "220 2.0.0 Ready to start TLS "
SMTP -> get_lines(): $data is "220 2.0.0 Ready to start TLS "
SMTP -> FROM SERVER:220 2.0.0 Ready to start TLS
authenticate
CLIENT -> SMTP: AUTH LOGIN
SMTP -> get_lines(): $data was ""
SMTP -> get_lines(): $str is ">>binary<<"
SMTP -> get_lines(): $data is ">>binary<<"
SMTP -> get_lines(): $data was ">>binary<<"
SMTP -> get_lines(): $str is ">>binary<<"
SMTP -> get_lines(): $data is ">>binary<<"
SMTP -> ERROR: AUTH not accepted from server: >>binary<<
SMTP -> NOTICE: EOF caught while checking if connectederror!
close
closed
I will appreciate any hints. Many thanks in advance.
Last edited by Gregosky on 03 Feb 2015, 22:16, edited 1 time in total.
Gregosky
Posts: 4
Joined: 22 Oct 2014, 14:54

Re: mantis email by gmail smtp - notifications stopped worki

Post by Gregosky »

Long time have passed and at last I managed to fix my issue.

I have tried many things to test it and finally I have set up a fresh linux server with fresh mantis on it. I have configured that server to send emails through my own mail gateway (another server). While using PHPMAILER_METHOD_SMTP and tls on 587 port I could see communication attempts in my mail server logs however it all was ending up with CA root certificate error. I then switched to google (hoping maybe my mail server is not configured correctly) however I was having the same error displayed by mantis test_mail.php:

Code: Select all

SYSTEM WARNING: 'stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed' in '/www/mantis/library/phpmailer/class.smtp.php' line 249
I was reading over StackOverflow that one of recent PHP updates have modified the way how CA certificates are being verified - I was not sure how would that affect mantis, I was playing arround increasing debug level within class.smtp.php but have not found anything apart from above error code.

And then I came accross following StackOverflow post: http://stackoverflow.com/questions/1340 ... r-13436527
That's pretty long article for an answer - however it does explain the subject very well. Somewhere down that article there is a code sample showing how to test certificates through PHP and there are four lines I got interested in:

Code: Select all

    stream_context_set_option($smtp, 'ssl', 'verify_host', true);
    stream_context_set_option($smtp, 'ssl', 'verify_peer', true);
    stream_context_set_option($smtp, 'ssl', 'allow_self_signed', false);
    stream_context_set_option($smtp, 'ssl', 'cafile', '/etc/ssl/cacert.pem');
I thought - why not modifying StartTLS() function in mantis/library/phpmailer/class.smtp.php in order to add a path to CA file.

And that was the turning point - since I'm running mantis on chrooted enginx there is no CA certificates available (I'm using php-fpm that is chrooting to the same folder).
So I simply copied cacert.pem from my root into chroot and voila! emails are working as a charm.

I hope my long battle with this will help anybody out there.
Gregosky
Posts: 4
Joined: 22 Oct 2014, 14:54

Re: [solved] mantis email by gmail smtp

Post by Gregosky »

Updating for future reference.

It seems the better option is to copy the content of /etc/ssl to your chroot - that way there is no need to alter mantisbt source code to make emails being sent when running mantis from chrooted web server.
Post Reply