I'm trying to set up (Mail/Reporting/DNS) but it fails in the new version.
Working fine on 1.2.7 (all in the same network)
CMDPHP WARNING Backtrace: (/settings.php[280]:email_test(), /lib/functions.php[3987]:send_mail(), /lib/functions.php[3385]:mailer(), /lib/functions.php[3737]:cacti_debug_backtrace())
Ping Test: Ok
ping smtp.xx.xx
PING smtp.xx.xx (IP_SERVER) 56(84) bytes of data.
64 bytes from IP_SERVER (IP_SERVER): icmp_seq=1 ttl=60 time=0.993 ms
64 bytes from IP_SERVER (IP_SERVER): icmp_seq=2 ttl=60 time=0.743 ms
64 bytes from IP_SERVER (IP_SERVER): icmp_seq=3 ttl=60 time=0.734 ms
64 bytes from IP_SERVER (IP_SERVER): icmp_seq=4 ttl=60 time=0.854 ms
Openssl output: Ok
Start Time: 1609175562
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: no
250 STARTTLS
SMTP TEST: Ok
# telnet smtp.xx.xx 587
Trying SERVER_IP...
Connected to smtp.xx.xx.
Escape character is '^]'.
220 smtp.xx.xx ESMTP Haraka/2.8.23 ready
(...)
DATA
354 go ahead, make my day
TESTE FROM TELNET
.
250 Message Queued (xx.xx.xx)
quit
221 smtp.xx.xx.xx closing connection. Have a jolly good day.
closed
$ php -m
[PHP Modules]
bz2
calendar
Core
ctype
curl
date
dom
ereg
exif
fileinfo
filter
ftp
gd
gettext
gmp
hash
iconv
intl
json
ldap
libxml
mbstring
mhash
mysql
mysqli
openssl
pcntl
pcre
PDO
pdo_mysql
pdo_sqlite
Phar
posix
readline
Reflection
session
shmop
SimpleXML
snmp
sockets
SPL
sqlite3
standard
sysvmsg
sysvsem
sysvshm
tokenizer
wddx
xml
xmlreader
xmlwriter
xsl
zip
zlib
[Zend Modules]
$ php -v
PHP 7.2.24 (cli) (built: Oct 22 2019 08:28:36) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
There is any additional info for you to help guys?
Thank you!
A little bit more contest:
The test above is running on a docker with centos 8 Fail with any of the emails options smtp, sendmail etc.
Here is the funny thing: It works on docker with centos 7 with the same packages.
The diference between those is one package: ssmtp (installed on centos 7).
Note: Updated the php version, in fact I'm using php 7.2.24 not php 5.
It's definitely not a cacti issue though. Like need to tweak your docker file, operator, docker run line, or helm chart. However you are launching it.
Thank you!!
I'm closing it
Docker appears outwardly to be simple. However when you dig under the covers, it has layers of added complexity, with an upside of portability. There is a trade-off.
Agreed, I'm digging into this matter for a long time now. What makes me a little nuts, is that 2 similar OS with same packages, 1 works fine but the other one seams to be sleeping in reality..
Use wireshark and the test email function.
Guys sorry for reopen this one,
Help me here, how can I send mails from PHPMailer itself and not from Cacti?
Code:
<?php
// Import PHPMailer classes into the global namespace
// These must be at the top of your script, not inside a function
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
use PHPMailer\PHPMailer\Exception;
// Load Composer's autoloader
require 'vendor/autoload.php';
// Instantiation and passing `true` enables exceptions
$mail = new PHPMailer(true);
try {
//Server settings
$mail->SMTPDebug = 4; // Enable verbose debug output
$mail->SMTPOptions = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true ) );
$mail->isSMTP(); // Send using SMTP
$mail->Host = 'smtp.example'; // Set the SMTP server to send through
$mail->SMTPAuth = true; // Enable SMTP authentication
$mail->Username = 'Username'; // SMTP username
$mail->Password = 'Password'; // SMTP password
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; // Enable TLS encryption; `PHPMailer::ENCRYPTION_SMTPS` encouraged
$mail->Port = 587; // TCP port to connect to, use 465 for `PHPMailer::ENCRYPTION_SMTPS` above
//Recipients
$mail->setFrom('[email protected]', 'Mailer');
$mail->addAddress('[email protected]', 'Joe User'); // Add a recipient
$mail->addReplyTo('[email protected]', 'Jhonatan');
// Content
$mail->isHTML(true); // Set email format to HTML
$mail->Subject = 'Here is the subject';
$mail->Body = 'This is the HTML message body <b>in bold!</b>';
$mail->AltBody = 'This is the body in plain text for non-HTML mail clients';
$mail->send();
echo 'Message has been sent';
} catch (Exception $e) {
echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}";
}
At first it was giving me the same erros like this one:
stream_socket_enable_crypto(): SSL operation failed with code 1
Added this line: $mail->SMTPOptions = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true ) );
And fix it, now works..
Yea, this needs to be reported upstream. Once you get a confirmation it's fixed, then let us know what version it's fixed in. Adding @DavidLiedke, @paulgevers, and @mortenstevens as an FYI.
Guys, we are doing a release this coming weekend.
@paulgevers, keep entering the wrong contact.
Hmm, not sure we should really override those SSL details without an admin option. By default, verifying the server is who it claims to be is definitely more secure and prevents information leakage for things like GPDR legistations (UK) and other similar things elsewhere.
Thanks for the investigation and info @zuka1337 useful to know!
File:
include/vendor/phpmailer/src/PHPMailer.php
public $SMTPOptions = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true ) );

Is gonna be fix in the next release?
Cacti 1.2.16
PHP 7.2.24
Thanks @netniV @TheWitness
Do we need to have a feature request to make the validation less secure?
Just for info, "fixing" this in the above mentioned file won't help in Debian, as there I strip out the vendor/phpmailer and use the Debian version of libphp-phpmailer.
Paul, it's a public var, so we can override that from the cacti side, from what I see above?
@TheWitness it's because the TLS doesn't match or is not from a trusted CA, so the standard SSL libraries will automatically reject it.
Yea, I got that which is why the F word popped.
I have had time to reflect and I really don't like the idea of just allowing insecure or badly configured servers, I think the default should remain as it is now.
Mail servers should be done right. If that means using something like Let's encrypt, or something a bit more permanent, that's the way to go.
Well, so the problem here is the mail config server?
Cacti is 0.0.01% of all plataform that uses this server mail (In the sense of understanding this subject,it is a wrong way of thinking saying that server mails are incorrectly configured), never seem to see any other platform refusing connections even without encript (port 25) as the mail server refuse cacti conection on centos 8.
Can you guys tell me why this happend on centos 8 and not centos 7?
Well this weekend I will test with public mail service google etc.
will let you know, the results
@TheWitness @netniV
If you could, I'm just basing it on the assumptions that the changes you requested above are used only when using TLS/SSL and the certificate does not have the correct SAN for the URL being requested. This is normal in a setup where a self-certificate has been assigned to a server, or it uses a different internal name to external but doesn't have the appropriate certificate.
If this is an internal server issue, one other solution would be to apply the CA of the cert as a trusted CA.
Even when SMTP Security is set to NONE is not possible to send test mail (dev env).
It does not happend with cacti in PROD which uses the same mail server (work as it should).
But if I set smtp options then all 3 options work (None, TLS and SSL)..
I wonder if PHP Mailer is picking up that TLS is available from the mail server and attempting to do it regardless... hard to say without looks of the commands being used.
Does it help with output of both status?
Fail and sucess?
Everything seams to be flawless but this:
2021-01-15 15:19:05 CLIENT -> SERVER: STARTTLS
2021-01-15 15:19:05 SMTP INBOUND: "220 Go ahead."
2021-01-15 15:19:05 SERVER -> CLIENT: 220 Go ahead.
2021-01-15 15:19:05 Connection failed. Error #2: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [/root/test/vendor/phpmailer/phpmailer/src/SMTP.php line 457]
2021-01-15 15:19:05 SMTP Error: Could not connect to SMTP host.
2021-01-15 15:19:05 CLIENT -> SERVER: QUIT
2021-01-15 15:19:05 SMTP INBOUND: ".
&@"
2021-01-15 15:19:05 SERVER -> CLIENT: .
&@
2021-01-15 15:19:05 SMTP ERROR: QUIT command failed: .
&@
2021-01-15 15:19:05 Connection: closed
2021-01-15 15:19:05 SMTP Error: Could not connect to SMTP host.
Message could not be sent. Mailer Error: SMTP Error: Could not connect to SMTP host.
I'm digging into this again, will let you know later
Yeah, so that follows from what I was saying, the STARTTLS command was issued by PHP Mailer, and the SSL libraries decided that the certificate being supplied by the server was not valid. Definitely one of a few things:
None of that is a cacti issue itself, but I do recognise that internal servers may need to reduce security in rare exceptions and really, they should be looking to correct the above rather than bypass / lower security in the code.
Maybe this should go into the Troubleshooting guide.