View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 4
IDProjectCategoryView StatusDate SubmittedLast Update
12141Bug reports_ Unknownpublic2017-02-19 12:352017-02-22 14:02
Reporterarpsh Assigned Toc_schmitz  
PrioritynoneSeveritypartial_block 
Status closedResolutionunable to reproduce 
Product Version2.06+ 
Summary12141: SMTP authentication fails on Limesurvey versions using phpmailer 5.2.22 (via Elasticemail)
Description

I have tested on two installations, our own server running 2.6.4-lts 170202 and a test server on Limeservice using 2.62.1

In both instances, when sending email via the Elasticemail SMTP service (https://elasticemail.com/), the SMTP connection fails. This appears to be as a consequence of the recent update to use version 5.2.22 of phpmailer.

We have a Wordpress installation that has also been recently updated to phpmailer 5.2.22, but that can still send email via Elasticemail. It therefore seems to be the way in which Limesurvey is using phpmailer, rather than 5.2.22 itself.

By replacing the phpmailer directory in our 2.6.4 lts 170202 build with the older version from before the update (this uses phpmailer 5.2.8) , I have been able to get email working again as a short term solution. However, phpmailer 5.2.22 patches a high priority security vulnerability, so the rollback solution can only be temporary.

The full phpmailer error message is provided in the additional information field below. Identifiers have been redacted. Having been in discussion with Elasticemail technical support, on first glance they suspect that the credentials are getting corrupted or truncated. Note that Elasticemail uses 36 character SMTP passwords (and optionally the same length username).

Steps To Reproduce

1) Have account with elasticemail
2) Try to send mail via SMTP using this account!

Additional Information

Email to [REDACTED] ([REDACTED]<mailto:[REDACTED]>) failed. Error message: SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting<li>SMTP<https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting%3cli%3eSMTP> debug output:</li><pre>2017-02-15 13:50:55 SERVER -> CLIENT: 220 smtp.elasticemail.com ESMTP 2017-02-15 13:50:55 CLIENT -> SERVER: EHLO [REDACTED] 2017-02-15 13:50:55 SERVER -> CLIENT: 250-smtp.elasticemail.com 250-PIPELINING 250-SIZE 20971520 250-8BITMIME 250-AUTH=PLAIN LOGIN CRAM-MD5 250-AUTH PLAIN LOGIN CRAM-MD5 250-STARTTLS 250 OK 2017-02-15 13:50:55 CLIENT -> SERVER: AUTH CRAM-MD5 2017-02-15 13:50:55 SERVER -> CLIENT: 334 PDc2N2YwZmM1LWRmNjUtNDY3YS04YThhLTMzZjY3ZjA4MDZmYT4= 2017-02-15 13:50:55 CLIENT -> SERVER: c3VwcG9ydEBhcnBzdXJ2ZXlzLmNvLnVrIGZiM2IxNzMyZmQwYWVhZDIxMDA2ZDBjYjI5YTdmMzdj 2017-02-15 13:50:57 SERVER -> CLIENT: 535 Authentication failed: No such account. 2017-02-15 13:50:57 SMTP ERROR: Username command failed: 535 Authentication failed: No such account. 2017-02-15 13:50:57 SMTP Error: Could not authenticate. 2017-02-15 13:50:57 CLIENT -> SERVER: QUIT 2017-02-15 13:50:57 SERVER -> CLIENT: 221 Good bye 2017-02-15 13:50:57 SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting </pre>

TagsNo tags attached.
Bug heat4
Complete LimeSurvey version number (& build)2.6.4-lts 170202 and current Limeservice build 2.62.1
I will donate to the project if issue is resolvedNo
Browser
Database type & versionAny
Server OS (if known)Any
Webserver software & version (if known)Any
PHP VersionAny

Users monitoring this issue

There are no users monitoring this issue.

Activities

arpsh

arpsh

2017-02-20 17:25

reporter   ~43037

I've just had a response from Elasticemail technical support that might be useful extra information:

"It looks like problem with logging - I think that Limesurvey may pass CRAM MD5 protected passwords different way that intended.
For example CRAM MD5 in most cases requires Email Address as an Username - there may problem with parsing this data."
c_schmitz

c_schmitz

2017-02-22 14:02

administrator   ~43065

I just tested with Elasticemail and and had no problems sending email. The only thing that seemed important was to use TLS encryption.
Please don't open a bug report next time but use the community forums, first.

Issue History

Date Modified Username Field Change
2017-02-19 12:35 arpsh New Issue
2017-02-20 17:25 arpsh Note Added: 43037
2017-02-22 14:02 c_schmitz Assigned To => c_schmitz
2017-02-22 14:02 c_schmitz Status new => closed
2017-02-22 14:02 c_schmitz Resolution open => unable to reproduce
2017-02-22 14:02 c_schmitz Note Added: 43065