Mahara

Cannot send email via SMTP server with self signed certificate

Bug #1896554 reported by Glenn Walbran
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
Medium
Glenn Walbran
Mahara 20.10.0

Bug Description

Mahara uses PHPMailer for sending emails. The default settings for PHPMailer are to disallow mail sending (with TLS) if the server has either a self signed certificate or if peer verification fails. This can also occur when using port 25 if the mail server is configured to require TLS to be started.

In these cases the following mail options will allow the mail to be sent

$mail->SMTPOptions = array(
    'ssl' => array(
        'verify_peer' => false,
        'verify_peer_name' => false,
        'allow_self_signed' => true
    )
);

To allow Mahara to be used with an external mail server in this case it is proposed to add the following configuration items:

smtpallowselfsigned (default: false)
smtpverifypeer (default: true)

And the above ssl mail options would be set with these new options.

Glenn Walbran (glennw)
Changed in mahara:
assignee: nobody → Glenn Walbran (glennw)
status: New → In Progress
Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/11299

Kristina Hoeppner (kris-hoeppner)
Changed in mahara:
importance: Undecided → Medium
Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/11299
Committed: https://git.mahara.org/mahara/mahara/commit/f9bb86ff345de4bed5e118064e041e4c0519eebe
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit f9bb86ff345de4bed5e118064e041e4c0519eebe
Author: Glenn Walbran <email address hidden>
Date: Tue Sep 22 12:21:37 2020 +1200

Bug 1896554, allow mail sending via SMTP server with self signed certificate

Mahara currently does not allow the secure sending of email via an external mail
server if it has a self signed certificate. This is because it fails the PHPMailer
checks on self-signed certs and peer verification.

Add options to allow this for email sending.

Change-Id: Iad7960b275aaad84fe5ac2c7cc420f54c00556cd

Robert Lyon (robertl-9)
Changed in mahara:
milestone: none → 20.10.0
status: In Progress → Fix Committed
Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "20.10_STABLE" branch: https://reviews.mahara.org/11321

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/11321
Committed: https://git.mahara.org/mahara/mahara/commit/9f8e835ce64b02628f5a858d12f807d8a80109b8
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: 20.10_STABLE

commit 9f8e835ce64b02628f5a858d12f807d8a80109b8
Author: Glenn Walbran <email address hidden>
Date: Tue Sep 22 12:21:37 2020 +1200

Bug 1896554, allow mail sending via SMTP server with self signed certificate

Mahara currently does not allow the secure sending of email via an external mail
server if it has a self signed certificate. This is because it fails the PHPMailer
checks on self-signed certs and peer verification.

Add options to allow this for email sending.

Change-Id: Iad7960b275aaad84fe5ac2c7cc420f54c00556cd
(cherry picked from commit f9bb86ff345de4bed5e118064e041e4c0519eebe)

Robert Lyon (robertl-9)
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.