Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Mailer] Option to enforce STARTTLS #48297

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Swanty opened this issue Nov 23, 2022 · 14 comments · Fixed by #59479
Closed

[Mailer] Option to enforce STARTTLS #48297

Swanty opened this issue Nov 23, 2022 · 14 comments · Fixed by #59479
Labels
Feature Mailer Stalled

Comments

@Swanty
Copy link

Swanty commented Nov 23, 2022

Description

// https://github.com/symfony/mailer/blob/6.1/Transport/Smtp/EsmtpTransport.php#L136

if (!$stream->isTLS() && \defined('OPENSSL_VERSION_NUMBER') && \array_key_exists('STARTTLS', $this->capabilities)) {

That line will be true only if server reports that it has STARTTLS support, but during a man-in-the-middle attack one could remove this capability and communication would happen in cleartext.

It would be great if there was an option to enforce STARTTLS 🙏

Example

No response
@plandolt
Copy link
Contributor

plandolt commented Nov 28, 2022
edited
Loading

This sounds a lot like MTA-STS.

@Swanty
Copy link
Author

Swanty commented Nov 28, 2022

This sounds a lot like MTA-STS.

The RFC says This document defines a mechanism for recipient domains to publish policies, via a combination of DNS and HTTPS, but that's not exactly what I'm suggesting, since I have no control over recipient servers.

I'm working on a hotel management software, where each hotel can specify SMTP recipient server for mailing their hotel emails and I'd like to make it more secure for cases when port 587 is used or when hotel staff knows that the recipient server port supports STARTTLS.
e.g. a checkbox in our UI "Enforce STARTTLS". When enabled, it would forcefully attempt STARTTLS and if it cannot be established then mail sending would throw an error, instead of continuing in cleartext.

The alternative is to use port 465 (implicit SSL/TLS), but not all recipient servers support TLS on that port (some only SSL, which is outdated).

@ssddanbrown ssddanbrown mentioned this issue Jul 3, 2023
Closed
@carsonbot
Copy link

Thank you for this suggestion.
There has not been a lot of activity here for a while. Would you still like to see this feature?

@ssddanbrown
Copy link
Contributor

I would like to see this feature.

In my use-case, I have an open source application with configurable SMTP details, so it's used with many different mail services.
I want to be able to provide assurance that that emails are being sent over TLS or STARTTLS.
Initially I incorrectly assumed that TLS and STARTTLS would be equally supported by email services, so I forced full TLS usage in these scenarios but this caused problems where only STARTTLS is supported, and not full TLS.

I tried to extend the existing Esmtp transport but I could not find a clean way of doing this.
For now I'm keeping a fork which patches in the ability to require TLS or STARTTLS.
Note: this is not PR ready since it's targeting an old branch and lacks added tests.

I'd be happy to work on and provide a PR for this.
Would Symfony be willing to review a PR if I put one forward?

@Swanty Would it work for you if the option enforces either STARTTLS or TLS? Or do you need specific indication of STARTTLS usage (so fail if TLS is used instead)?

@carsonbot carsonbot removed the Stalled label Jul 4, 2023
@Swanty
Copy link
Author

Swanty commented Aug 31, 2023
edited
Loading

@Swanty Would it work for you if the option enforces either STARTTLS or TLS? Or do you need specific indication of STARTTLS usage (so fail if TLS is used instead)?

Yes, your patch works great for my use case - thank you 🙏
As long as there's no chance for mails to be sent in cleartext I'm happy :>

@xabbuh
Copy link
Member

xabbuh commented Jan 31, 2024

fixed in #53621

@xabbuh xabbuh closed this as completed Jan 31, 2024
@derrabus
Copy link
Member

@xabbuh #53621 was about disabling STARTTLS while this issue is about enforcing it. Those are two different things.

@derrabus derrabus reopened this Jan 31, 2024
@nicolas-grekas
Copy link
Member

#53621 paved the way to show how this should be done. Could be by renaming auto_tls to just tls and support bool|auto as a value.
PR welcome.

@carsonbot
Copy link

Thank you for this suggestion.
There has not been a lot of activity here for a while. Would you still like to see this feature?

@carsonbot
Copy link

Could I get an answer? If I do not hear anything I will assume this issue is resolved or abandoned. Please get back to me <3

@carsonbot
Copy link

Hey,

I didn't hear anything so I'm going to close it. Feel free to comment if this is still relevant, I can always reopen!

@KirbyDE
Copy link

KirbyDE commented Oct 1, 2024

It's somewhat sad to see that this was closed automatically.

Being able to make sure a SMTP session uses TLS would be very useful, especially regarding Art. 25 GDPR
https://gdpr-info.eu/art-25-gdpr/

@derrabus
Copy link
Member

derrabus commented Oct 1, 2024

The thing is, if nobody builds a certain feature, we just won't have it. The auto-close of the ticket does not mean that it's a won't fix. We would still accept a PR that delivers the feature.

If you believe that this feature is useful, or even better, you actually need it, you would be in the best position to build it.

@ssddanbrown ssddanbrown mentioned this issue Jan 11, 2025
Merged
@ssddanbrown
Copy link
Contributor

I've started a PR for this at #59479

@derrabus derrabus reopened this Jan 11, 2025
nicolas-grekas added a commit that referenced this issue Feb 11, 2025
@nicolas-grekas
feature #59479 [Mailer] [Smtp] Add DSN param to enforce TLS/STARTTLS …
af2df09 
…(ssddanbrown)

This PR was merged into the 7.3 branch.

Discussion
----------

[Mailer] [Smtp] Add DSN param to enforce TLS/STARTTLS

| Q             | A
| ------------- | ---
| Branch?       | 7.3
| Bug fix?      | no
| New feature?  | yes
| Deprecations? | no
| Issues        | Fix #48297
| License       | MIT

Adds 'require_tls' param which can be set to true to enforce the use of TLS/STARTTLS within the ESMTP transport.
This was discussed in #48297.
These changes are based upon patches [I've been maintaining](ssddanbrown/symfony-mailer@e9de8dc) for my own projects.

This is my first PR to Symfony, I've tried to follow the guide as best as possible, and I was also using #53621 as a general guide. There are some other ways I could have gone about things, but I've tried to avoid touching as much existing Symfony code as possible.

In #48297, nicolas-grekas mentioned unifying such an option with `auto_tls` under a `tls` option, but I think these are distinct options which may not be as clear combined (in addition to any expectations of such an option disabling/enabling TLS in general).

Commits
-------

a93d5f6 [Mailer] [Smtp] Add DSN param to enforce TLS/STARTTLS
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature Mailer Stalled
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Mailer] [Smtp] Add DSN param to enforce TLS/STARTTLS ssddanbrown/symfony
8 participants
@nicolas-grekas @plandolt @derrabus @xabbuh @Swanty @ssddanbrown @carsonbot @KirbyDE