SMTP tls with IP auth

[dalslandan]

Afternoon.

Have been trying to setup SMTP with tls, using the g-suite e-mail services with the IP-auth (meaning I don't send a password, only username '[email protected]').

But I cannot get TLS to work, tried manually fixing it with this old thread from 2007. But I don't know if I should send an empty password, or anything else instead.
https://simplemachines.org/community/index.php?topic=180532.msg1148462#msg1148462

Code Select Expand

//STARTTLS
server_parse('STARTTLS', $socket, null);
stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
server_parse('EHLO ' . $modSettings['smtp_host'], $socket, null);

// Without any modification to the SMF mail system, this is the only error I get.

Code Select Expand

Ran into problems sending Mail. Error: 530 5.7.0 Must issue a STARTTLS command first. j63sm3325253wmj.46 - gsmtp

SMTP settings are:
Type: SMTP
Server: smtp.gmail.com [nofollow]
Port: 587
Username: [email protected]
And no password.

* Using SMF 2.0.15

[dalslandan]

When modifying the Subs-Post.php to my best efforts, and using the 2007 code I end up with this error:

Ran into problems sending Mail. Error: 535 5.7.8 https://support.google.com/mail/?p=BadCredentials [nofollow] l22sm3485513wrb.45 - gsmtp

Changes to the code is exactly like the 2007 thread suggests, the only difference is that I comment out the smtp_password check in the if-clause.

if ($modSettings['mail_type'] == 1 && $modSettings['smtp_username'] != '' /*&& $modSettings['smtp_password'] != ''*/)

Where to go from here, if correct. I'm not sure.

[vbgamer45]

Check out also this mod https://custom.simplemachines.org/mods/index.php?mod=4168

[dalslandan]

Thanks. Implemented that code, but no difference.
It is strange that in the HELLO communication in SMTP com. layer, in that mod it can be my hostname, server name or if unavailable it can also be the smtp_host*.
* Checked the source for the SMF 2.1, and they use only your own hostname or try constructing a similar one if not available.

Anyhow talked to the G-suite support, and they helped me make some changes to my account.
24 hours waiting period before full effect is guaranteed, I will update if it worked and what it was.

[vbgamer45]

Also make sure you have less secure apps enabled on your google/gmail account.

[dalslandan]

Everything is fixed and works fine.
G-suite appears to have either upped their game in security, or I have missed something.

Anyhow, I got it working using an app specific password after enabling 2 step verification in G-suite.
The IP only authentication I failed to get working (#BadCredentials).

It works fine using Google services both with SMTP-server, and with the SMTP-relay.
I used TLS via port 587, since that was the point. Sending encrypted e-mails.

The code I ended up using is: https://gist.github.com/dalslandan200/640053a94e0dd46773f5cb751620969a [nofollow]

If you only allow admins to send e-mails, and want e-mails to only have your domain as the sender. You can do this configuration as well.
Find function sendmail() in Subs-Post.php, and below the global variables add the following:

Code Select Expand

// Overwriting with NULL causes mail_from to default to webmaster email.
$modSettings['mail_from'] = null;
// Overwriting Header from with our own author
$from = 'John Doe'; // Change to e.g. your company name or website name

More information about different headers (envelope from and header from): https://www.xeams.com/difference-envelope-header.htm [nofollow]
Information about the specific configuration with the header from: https://tools.ietf.org/html/rfc2822#page-41 [nofollow]

SMF email configuration in the admin area is the same as in the first post, nothing special except for the password.
Type: SMTP
Server: smtp.gmail.com [nofollow] OR smtp-relay.gmail.com [nofollow]
Port: 587
Username: [email protected]
Password: Your password.

Don't forget to open the 587/tcp port if behind firewall, and this modification was for SMF 2.0.15*