Tickets :: [#13567] Horde_SMTP misses horde-auth authentication to SMTP server

6.0.0-beta1

7/6/25

Summary	Horde_SMTP misses horde-auth authentication to SMTP server
Queue	Horde Base
Queue Version	5.2.1
Type	Bug
State	Not A Bug
Priority	1. Low
Owners
Requester	Klaus.Steinberger (at) physik (dot) uni-muenchen (dot) de
Created	09/15/2014 (3947 days ago)
Due
Updated	09/16/2014 (3946 days ago)
Assigned	09/15/2014 (3947 days ago)
Resolved	09/15/2014 (3947 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

09/16/2014 07:35:20 AM	Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de	Comment #11	Reply to this comment
As you can see authentication is never tried. Because you haven't configured SMTP to use authentication. See backends.conf (the smtp -> auth parameter). Regardless, this is not a bug so this support discussion should move to the imp mailing list. ok, in the original configuration this was set, but the array override killed it. So sorry about the confusion, some old examples led me to the override.

09/16/2014 07:17:42 AM	Michael Slusarz	Comment #10	Reply to this comment
As you can see authentication is never tried. Because you haven't configured SMTP to use authentication. See backends.conf (the smtp -> auth parameter). Regardless, this is not a bug so this support discussion should move to the imp mailing list.

09/16/2014 07:11:38 AM	Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de	Comment #9	Reply to this comment
That's my config in backends.d: <?php $servers['imap']['disabled'] = true; $servers['advanced']['disabled'] = false; $servers['advanced']['hordeauth'] = true; $servers['advanced']['name'] = 'Fakultät IMAP Server'; $servers['advanced']['hostspec'] = 'localhost'; $servers['advanced']['secure'] = 'none'; $servers['advanced']['admin']['params']['admin_user'] = '*****'; $servers['advanced']['admin']['params']['admin_password'] = '*****'; $servers['advanced']['admin']['params']['userhierarchy'] = 'user/'; $servers['advanced']['smtp']['debug'] = '/tmp/smtp.log'; $servers['advanced']['smtp']['host'] = 'mail.physik.uni-muenchen.de'; $servers['advanced']['smtp']['port'] = 587; $servers['advanced']['quota']['params']['unit'] = 'GB'; $servers['advanced']['cache'] = 'none'; $servers['advanced']['maildomain'] = 'physik.uni-muenchen.de'; As you can see $servers['advanced']['hordeauth'] = true; is set. And it does not work, are you sure the configuration at your site really works the way you want? See the smtp.log: ------------------------------ Tue, 16 Sep 2014 09:07:02 +0200 Connection to: smtp://mail.physik.uni-muenchen.de:587 S: 220 mail.physik.uni-muenchen.de ESMTP Postfix C: EHLO testwebmail.physik.uni-muenchen.de S: 250-mail.physik.uni-muenchen.de S: 250-PIPELINING S: 250-SIZE 31457280 S: 250-VRFY S: 250-ETRN S: 250-STARTTLS S: 250-XVERP S: 250-ENHANCEDSTATUSCODES S: 250-8BITMIME S: 250 DSN C: STARTTLS S: 220 2.0.0 Ready to start TLS Successfully completed TLS negotiation. C: EHLO testwebmail.physik.uni-muenchen.de S: 250-mail.physik.uni-muenchen.de S: 250-PIPELINING S: 250-SIZE 31457280 S: 250-VRFY S: 250-ETRN S: 250-AUTH LOGIN PLAIN S: 250-AUTH=LOGIN PLAIN S: 250-XVERP S: 250-ENHANCEDSTATUSCODES S: 250-8BITMIME S: 250 DSN C: MAIL FROM:<Campus-admin@physik.uni-muenchen.de> SIZE=593 BODY=7BIT C: RCPT TO:<Klaus.Steinberger@physik.uni-muenchen.de> S: 250 2.1.0 Ok S: 554 5.7.1 <testwebmail.physik.uni-muenchen.de[2001:4ca0:4102::2:200]>: Client host rejected: Access denied C: RSET S: 250 2.0.0 Ok C: QUIT S: 221 2.0.0 Bye As you can see authentication is never tried.

09/16/2014 06:49:20 AM	arjen+horde (at) de-korte (dot) org	Comment #8	Reply to this comment
[Show Quoted Text - 11 lines][Hide Quoted Text] <?php $servers['advanced']['disabled'] = false; $servers['advanced']['hordeauth'] = true; $servers['advanced']['smtp']['debug'] = '/tmp/smtp.log'; $servers['advanced']['smtp']['host'] = 'mail.physik.uni-muenchen.de'; should be sufficient (and works for me). No, definitly not, I _need_ horde_auth as my SMTP server requires authentication with the user credentials, and this part is missing in the code. Did you not read my comments correctly? I did and as I told you, it works for me. But in the above contents of the imp/config/backends.local.php one line was missing. These are the full contents of this file on my system: <?php $servers['imap']['disabled'] = true; $servers['advanced']['disabled'] = false; $servers['advanced']['hordeauth'] = true; $servers['advanced']['maildomain'] = 'de-korte.org'; $servers['advanced']['cache'] = 'sql'; $servers['advanced']['quota']['params']['unit'] = 'GB'; $servers['advanced']['quota']['params']['hide_when_unlimited'] = false; $servers['advanced']['spam']['innocent']['program'] = '/usr/bin/spamc -C revoke'; $servers['advanced']['spam']['innocent']['display'] = true; $servers['advanced']['spam']['spam']['program'] = '/usr/bin/spamc -C report'; $servers['advanced']['spam']['spam']['display'] = true; $servers['advanced']['autocreate_special'] = true; You may run into problems if the second line is missing, since then Horde will use the 'imap' configuration, instead of the 'advanced' configuration. The only other thing that would need an override in your case, is $servers['advanced']['smtp']['host'] = 'mail.physik.uni-muenchen.de'; As far as I know, the horde_auth parameter is no longer used. I use the above configuration without overriding any 'smtp' value. That only works if the SMTP servers needs no authentication or works with an dedicated account! I don't use a dedicated account for SMPT AUTH, the credentials that users entered when logging into the Horde portal are used. I'm 100% sure this works, since the SMTP FROM address is checked to verify that a user is allowed to use a sender address (to prevent them from spoofing addresses).

09/16/2014 06:21:49 AM	Michael Slusarz	Comment #7	Reply to this comment
horde_auth is not used anywhere in Horde_smtp Because it is IMP specific. Horde authentication credentials are set in Horde_Core_Factory_Mail. Note that username_auth and password_auth horde config values need to be active (non-empty).

09/16/2014 06:20:20 AM	Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de	Comment #6	Reply to this comment
Some more debugging: I added some debug output, as well as changed line 440/441 to respect the horde_auth parameter, so the code tries authentication: Connection to: smtp://mail.physik.uni-muenchen.de:587 S: 220 mail.physik.uni-muenchen.de ESMTP Postfix C: EHLO testwebmail.physik.uni-muenchen.de S: 250-mail.physik.uni-muenchen.de S: 250-PIPELINING S: 250-SIZE 31457280 S: 250-VRFY S: 250-ETRN S: 250-STARTTLS S: 250-XVERP S: 250-ENHANCEDSTATUSCODES S: 250-8BITMIME S: 250 DSN C: STARTTLS S: 220 2.0.0 Ready to start TLS Successfully completed TLS negotiation. C: EHLO testwebmail.physik.uni-muenchen.de S: 250-mail.physik.uni-muenchen.de S: 250-PIPELINING S: 250-SIZE 31457280 S: 250-VRFY S: 250-ETRN S: 250-AUTH LOGIN PLAIN S: 250-AUTH=LOGIN PLAIN S: 250-XVERP S: 250-ENHANCEDSTATUSCODES S: 250-8BITMIME S: 250 DSN Before required ESMTP extensions checking extensionENHANCEDSTATUSCODES checking extensionPIPELINING After required ESMTP extensions Before check auth: LOGIN PLAIN Try auth LOGIN C: AUTH LOGIN S: 334 VXNlcm5hbWU6 C: S: 334 UGFzc3dvcmQ6 [AUTH Command - method: LOGIN; username: ] S: 535 5.7.8 Error: authentication failed: generic failure Try auth PLAIN [AUTH Command - method: PLAIN; username: ] S: 535 5.7.8 Error: authentication failed: generic failure C: QUIT S: 221 2.0.0 Bye quit As you can see the code never gets the correct credentials. This is due to the fact that in Line 776 in /usr/share/pear/Horde/smtp.php in the function _auth username and password will be filled with the parameters username and password, which resembled a dedicated login for SMTP delivery. But what we need is the login credentials of the user!

09/16/2014 06:09:22 AM	Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de	Comment #5	Reply to this comment
What parameter are you talking about? these in config backends.php: Don't modify imp/config/backends.php. Ever. See the comments in the header. It is indeed in a file in backends.d Don't override arrays, only the values of individual elements: ok, i changed that. <?php $servers['advanced']['disabled'] = false; $servers['advanced']['hordeauth'] = true; $servers['advanced']['smtp']['debug'] = '/tmp/smtp.log'; $servers['advanced']['smtp']['host'] = 'mail.physik.uni-muenchen.de'; should be sufficient (and works for me). No, definitly not, I _need_ horde_auth as my SMTP server requires authentication with the user credentials, and this part is missing in the code. Did you not read my comments correctly? As far as I know, the horde_auth parameter is no longer used. I use the above configuration without overriding any 'smtp' value. That only works if the SMTP servers needs no authentication or works with an dedicated account! Jan: please do not mark it as no bug so fast! I it as regression in the code. I did change these two lines, but later in the code also horde_auth is not used.

09/15/2014 02:41:14 PM	Jan Schneider	State ⇒ Not A Bug

09/15/2014 02:11:37 PM	arjen+horde (at) de-korte (dot) org	Comment #4	Reply to this comment
What parameter are you talking about? these in config backends.php: Don't modify imp/config/backends.php. Ever. See the comments in the header. $servers['advanced']['smtp'] = array( 'auth' => true, 'horde_auth' => true, 'debug' => '/tmp/smtp.log', 'host' => 'mail.physik.uni-muenchen.de', 'port' => 587, ); Don't override arrays, only the values of individual elements: <?php $servers['advanced']['disabled'] = false; $servers['advanced']['hordeauth'] = true; $servers['advanced']['smtp']['debug'] = '/tmp/smtp.log'; $servers['advanced']['smtp']['host'] = 'mail.physik.uni-muenchen.de'; should be sufficient (and works for me). horde_auth is not used anywhere in Horde_smtp (but it worked before the change to Horde_SMTP), look into /usr/share/pear/Horde/Smtp.php at line 440/441, the code looks only for "username" which is for authentication with _one_ fixed account. We need to use horde_auth, so that the credentials of the user are used. As far as I know, the horde_auth parameter is no longer used. I use the above configuration without overriding any 'smtp' value. I did change these two lines, but later in the code also horde_auth is not used.

09/15/2014 01:57:23 PM	Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de	Comment #3	Reply to this comment
What parameter are you talking about? these in config backends.php: $servers['advanced']['smtp'] = array( 'auth' => true, 'horde_auth' => true, 'debug' => '/tmp/smtp.log', 'host' => 'mail.physik.uni-muenchen.de', 'port' => 587, ); horde_auth is not used anywhere in Horde_smtp (but it worked before the change to Horde_SMTP), look into /usr/share/pear/Horde/Smtp.php at line 440/441, the code looks only for "username" which is for authentication with _one_ fixed account. We need to use horde_auth, so that the credentials of the user are used. I did change these two lines, but later in the code also horde_auth is not used.

09/15/2014 01:44:06 PM	Jan Schneider	Comment #2 State ⇒ Feedback Priority ⇒ 1. Low	Reply to this comment
What parameter are you talking about?

09/15/2014 11:45:01 AM	Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de	Comment #1 Patch ⇒ No State ⇒ Unconfirmed Milestone ⇒ Queue ⇒ Horde Base Summary ⇒ Horde_SMTP misses horde-auth authentication to SMTP server Type ⇒ Bug Priority ⇒ 3. High	Reply to this comment
After upgrading to horde 5.2.1 we were not able to send emails using horde_auth authentication. Some investigating in the code shows that Horde_SMTP does not use the horde_auth Parameter. This is important functionality for us, which got lost with the change from Net_SMTP to Horde_SMTP Please reintroduce this functionality