[CRM-14814] CRM-8744 breaks on SMTP servers requiring secure TLS authentication - CiviCRM Issue Tracker

Details

Type: Bug
Status: Done/Fixed
Priority: Critical
Resolution: Fixed/Completed
Affects Version/s: 4.4.2
Fix Version/s: 4.7
Component/s: CiviMail
Labels:
- PatchSubmitted

Documentation Required?:
None
Funding Source:
Contributed Code

Description

See forum discussion http://forum.civicrm.org/index.php/topic,21960

The change made for ~~CRM-8744~~ prevents CiviCRM connecting to a SMTP server unless that server provides authentication in the clear. This is insecure.

Notes:
1) The latest version of http://pear.php.net/package/Net_SMTP doesn't include this patch (released 2013-07-05) which tells me it's not an important patch
2) The source of the patch http://www.pear-forum.org/post-4935.html has gone off-air so we can't see why this patch was made or assess how well it was tested etc
3) I can demonstrate (in the Forum discussion) that this patch breaks the code
4) This patch creates a security issue, because it forces people to authenticate SMTP in the clear

Attachments

Issue Links

links to

PR: civicrm-packages#66: CRM-14814 CRM-8744 breaks on SMTP svrs requiring secure authentication

Activity

People

Assignee:

Tim Otten

Reporter:

Ken West

Votes:

3 Vote for this issue

Watchers:

6 Start watching this issue

Dates

Created:

2014-06-07 14:13

Updated:

2015-12-02 23:28

Resolved:

2015-12-02 23:28