Closed Bug 466419 Opened 16 years ago Closed 13 years ago

Add SSL support for SMTP

Categories

(Bugzilla :: Email Notifications, enhancement)

Product:
Bugzilla
Component:
Email Notifications
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 4.4

People

(Reporter: jack, Assigned: LpSolit)

References

Details

Attachments

(1 file, 1 obsolete file)

patch, v2
4.76 KB, patch
mkanat
: review+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Build Identifier: version 3.2rc2

My SMTP server requires ssl connection, and port number 465.

There is no place to put in these in the parameters, email setting.

How should I set up proper SMPT authentication?

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Bugzilla currently doesn't support SMTP over SSL nor TLS. This requires additional modules (Net::SMTP::SSL and Net::SMTP::TLS respectively).
Assignee: administration → email-notifications
Severity: major → enhancement
Status: UNCONFIRMED → NEW
Component: Administration → Email Notifications
Ever confirmed: true
OS: Linux → All
Hardware: PC → All
Version: unspecified → 3.2
Not sure about Net::SMTP::SSL, but it seems that Net::SMTP::TLS doesn't work correctly with Net::SMTP. Adding tls => 1 to Bugzilla::Mailer made SMTP to fail, because Net::SMTP::TLS doesn't inherit methods defined in Net::SMTP. I couldn't try with Net::SMTP::SSL because I have no SMTP server using SSL.
there are two issues here.

1. Can we support non-standard SMTP port, like 465. How can we configure Bugzilla to use different port number (other than the default port 25)?

2. When the login and password are required for SMTP authentication, the SSL or TLS encryption is always required to avoid clear text transmition over the internet. We should add SSL/TLS support to the email module in Bugzilla 3.2 release.
(In reply to comment #3)
> 1. Can we support non-standard SMTP port, like 465. How can we configure
> Bugzilla to use different port number (other than the default port 25)?

You can already do that. Simply append the port to the SMTP server name, e.g. smtp.aim.com:587.


> internet. We should add SSL/TLS support to the email module in Bugzilla 3.2
> release.

No, this is a new feature, and it's too late for 3.2. If can check why Net::SMTP::TLS fails, we will add support for SSL/TLS in 3.4, but I doubt we will backport SSL/TLS support for 3.2.x.
Hi!

I have a solution for GMail. I understand that it is not complete, but at least it is working as should.

I used package Email::Send::Gmail. It implements TLS internally. This way I made GMail working with no efforts in Bugzilla 3.4. I just selected my mail address as mailfrom and smtp_username.

See http://search.cpan.org/dist/Email-Send-Gmail-0.32/

I installed it and all_mailers (used by Bugzilla) returned GMail as well as SMTP and it appeared among choices in editparams.

However, the code in Mailer.pm uses hard-coded SMTP (see line 169 in bugzilla 3.4):

    if ($method eq "SMTP") {

I just replaced it with

    if ($method eq "SMTP" || $method eq "Gmail") {

and bugzilla 3.4 sends emails to gmail with no errors.

However, I should say that google may prevent from sending too much emails per second from the same mail address. So, gmail is not good for large bugzilla installations.
For non-Gmail servers, this fix doesn't pass along credentials correctly.

I found that changing Bugzilla/Mailer.pm from this:
    if ($method eq "SMTP") {
        push @args, Host  => Bugzilla->params->{"smtpserver"},
                    username => Bugzilla->params->{"smtp_username"},
                    password => Bugzilla->params->{"smtp_password"},
                    Hello => $hostname,
                    Debug => Bugzilla->params->{'smtp_debug'};
    }

to this:
    if ($method eq "SMTP" || $method eq 'SMTP::TLS' ) {
        push @args, Host  => Bugzilla->params->{"smtpserver"},
                    username => Bugzilla->params->{"smtp_username"},
                    password => Bugzilla->params->{"smtp_password"},
                    User => Bugzilla->params->{"smtp_username"},
                    Password => Bugzilla->params->{"smtp_password"},
                    Hello => $hostname,
                    Debug => Bugzilla->params->{'smtp_debug'};
    }

passed the appropriate parameter to Email::Send::SMTP::TLS and allowed it to use SMTP AUTH over TLS with my internal Postfix server.
Attached patch patch, v1 (obsolete) — Splinter Review 
This patch adds support for SMTP authentication using TLS, including support for Gmail. For Gmail, set smtpserver = smtp.gmail.com:587 in the Parameters page.

As there is no Email::Send::SMTP::SSL module, I'm not sure how to add support for SSL, except by writing and pushing our own module on CPAN, which I don't want to do.
Assignee: email-notifications → LpSolit
Status: NEW → ASSIGNED
Attachment #544941 - Flags: review?(mkanat)
Target Milestone: --- → Bugzilla 5.0
Comment on attachment 544941 [details] [diff] [review]
patch, v1

Review of attachment 544941 [details] [diff] [review]:
-----------------------------------------------------------------

Awesome! :-) A few changes, mostly cosmetic:

::: Bugzilla/Mailer.pm
@@ +169,5 @@
> +    elsif ($method eq 'SMTP::TLS') {
> +        push @args, Host => Bugzilla->params->{'smtpserver'},
> +                    User => Bugzilla->params->{'smtp_username'},
> +                    Password => Bugzilla->params->{'smtp_password'},
> +                    Hello => $hostname;

This should just be an "or" with the above, or change the $method to "$method =~ /^SMTP/"

::: Bugzilla/Install/Requirements.pm
@@ +249,5 @@
>      {
> +        package => 'Email-Send-SMTP-TLS',
> +        module  => 'Email::Send::SMTP::TLS',
> +        # 0.04 has support for Gmail.
> +        version => 0.04,

That should be a string, not a literal float.

::: template/en/default/setup/strings.txt.pl
@@ +106,4 @@
>      feature_moving            => 'Move Bugs Between Installations',
>      feature_patch_viewer      => 'Patch Viewer',
>      feature_smtp_auth         => 'SMTP Authentication',
> +    feature_smtp_auth_tls     => 'SMTP Authentication using TLS (incl. Gmail)',

Actually, it's not smtp_auth_tls, it's smtp_tls -- it's not that the authentication is done with TLS, it's the whole SMTP session being done with TLS.
Attachment #544941 - Flags: review?(mkanat) → review-
(In reply to comment #13)
> This should just be an "or" with the above, or change the $method to
> "$method =~ /^SMTP/"

Hum, the problem is that it's not the same list of arguments:

username vs User
password vs Password
Debug vs <null> (Debug is not understood by SMTP::TLS)

Rather than messing everything where half of the arguments do not apply to some given method, I prefer to separate things (which e.g. makes things clearer that Debug is not understood by SMTP::TLS, and which arguments are for which method).
(In reply to comment #14)
> Hum, the problem is that it's not the same list of arguments:
> 
> username vs User
> password vs Password
> Debug vs <null> (Debug is not understood by SMTP::TLS)

  WOW, that is annoying. It also looks like SMTP::TLS may not actually be using SASL, so we may see authentication issues with it? I'm not certain.
(In reply to comment #15)
>   WOW, that is annoying. It also looks like SMTP::TLS may not actually be
> using SASL, so we may see authentication issues with it? I'm not certain.

Issues under which circumstances? I tested my patch with my Gmail account, and it worked fine.
(In reply to comment #16)
> Issues under which circumstances? I tested my patch with my Gmail account,
> and it worked fine.

  Ah, the situations under which only SASL will do it. Like NTLM (GSSAPI) with Exchange.
(If you dig through the Net::SMTP::TLS::ButMaintained code, you'll see it implements auth methods manually in the code.)
(In reply to Frédéric Buclin from comment #14)
> Hum, the problem is that it's not the same list of arguments:
> 
> username vs User
> password vs Password
> Debug vs <null> (Debug is not understood by SMTP::TLS)

Reported upstream: https://rt.cpan.org/Public/Bug/Display.html?id=70178
Attached patch patch, v2Splinter Review 
I finally use Net::SMTP::SSL, with which we can interact from Email::Send::SMTP itself, by passing the ssl => 1 argument. I tested with GMail, and it works fine.
Attachment #544941 - Attachment is obsolete: true
Attachment #552569 - Flags: review?(mkanat)
Summary: smtp authentication failed requiring ssl and non-standard SMTP port → Add SSL support for SMTP
Comment on attachment 552569 [details] [diff] [review]
patch, v2

Review of attachment 552569 [details] [diff] [review]:
-----------------------------------------------------------------

Beautiful!
Attachment #552569 - Flags: review?(mkanat) → review+
Flags: approval+
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/
modified Bugzilla/Mailer.pm
modified Bugzilla/Config/Common.pm
modified Bugzilla/Config/MTA.pm
modified Bugzilla/Install/Requirements.pm
modified template/en/default/admin/params/mta.html.tmpl
modified template/en/default/setup/strings.txt.pl
Committed revision 7919.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Keywords: relnote
Hi, i've 4.0.2 bugzilla version and after the installation of Email::Send::Gmail, can't send mail..this is the result:
Software error:
auth(username, password) at /usr/share/perl/5.10/Net/SMTP.pm line 130.

Could you help me in order to resolve the issue?
Thank you in advance,
Pierluigi
(In reply to Pierluigi De Vivo from comment #23)
> Hi, i've 4.0.2 bugzilla version and after the installation of
> Email::Send::Gmail, can't send mail..this is the result:

You need Net::SMTP::SSL, as explained by checksetup.pl. For help with your problem, see http://www.bugzilla.org/support.
(In reply to Frédéric Buclin from comment #24)
> (In reply to Pierluigi De Vivo from comment #23)
> > Hi, i've 4.0.2 bugzilla version and after the installation of
> > Email::Send::Gmail, can't send mail..this is the result:
> 
> You need Net::SMTP::SSL, as explained by checksetup.pl. For help with your
> problem, see http://www.bugzilla.org/support.

Thank you for suggest, but Net::SMTP::SSL module is already installed.....i've also substitute, in Mailer.pm, <<if ($method eq "SMTP")>> with <<if ($method eq "SMTP" || $method eq "Gmail")>>.
I've missed something during configuration step?

Thank you in advance,
Pierluigi
Added to relnotes for 4.4.
Keywords: relnote
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: