Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Client side ConnectionTimeout breaks mail authentication #53647

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bytestream opened this issue Jan 26, 2024 · 0 comments
Closed

Client side ConnectionTimeout breaks mail authentication #53647

bytestream opened this issue Jan 26, 2024 · 0 comments
Labels
Bug Mailer Status: Needs Review

Comments

@bytestream
Copy link
Contributor

Symfony version(s) affected

6.4.2

Description

This issue is similar to what is described on #49701.

When connecting to smtp-mail.outlook.com using STARTTLS and XOAUTH2, it attempts to first authenticate using LOGIN and then XOAUTH2. More often than not, the LOGIN authenticator times out at AbstractStream.php#L84. That exception is caught at EsmtpTransport.php#L202 and triggers a RSET. The timeout only occurs client side and the server later replies, but that difference causes the expected response $codes to get all confused.

How to reproduce

Connect to smtp-mail.outlook.com using starttls, an xoauth2 access token, and a timeout of 15s.

Possible Solution

  • Increase SocketStream timeout to a higher value to prevent the client side socket from timing out but that is arbitrary and doesn't fully solve the problem.
  • A client side connection timeout should terminate the connection rather than continue

Additional Context

Failed to authenticate on SMTP server with username "...." using the following authenticators: "LOGIN", "XOAUTH2". Authenticator "LOGIN" returned "Connection to "smtp-mail.outlook.com:587" timed out.". Authenticator "XOAUTH2" returned "Expected response code "235" but got code "250", with message "250 2.0.0 Resetting".". 
[02:31:28] < 220 LO4P123CA0281.outlook.office365.com Microsoft ESMTP MAIL Service ready at Fri, 26 Jan 2024 14:31:28 +0000
[02:31:28] > EHLO [127.0.0.1]
[02:31:29] < 250-LO4P123CA0281.outlook.office365.com Hello [35.176.196.6]
[02:31:29] < 250-SIZE 157286400
[02:31:29] < 250-PIPELINING
[02:31:29] < 250-DSN
[02:31:29] < 250-ENHANCEDSTATUSCODES
[02:31:29] < 250-STARTTLS
[02:31:29] < 250-8BITMIME
[02:31:29] < 250-BINARYMIME
[02:31:29] < 250-CHUNKING
[02:31:29] < 250 SMTPUTF8
[02:31:29] > STARTTLS
[02:31:29] < 220 2.0.0 SMTP server ready
[02:31:29] > EHLO [127.0.0.1]
[02:31:29] < 250-LO4P123CA0281.outlook.office365.com Hello [35.176.196.6]
[02:31:29] < 250-SIZE 157286400
[02:31:29] < 250-PIPELINING
[02:31:29] < 250-DSN
[02:31:29] < 250-ENHANCEDSTATUSCODES
[02:31:29] < 250-AUTH LOGIN XOAUTH2
[02:31:29] < 250-8BITMIME
[02:31:29] < 250-BINARYMIME
[02:31:29] < 250-CHUNKING
[02:31:29] < 250 SMTPUTF8
[02:31:29] > AUTH LOGIN
[02:31:29] < 334 VXNlcm5hbWU6
[02:31:29] > [...username...]
[02:31:29] < 334 UGFzc3dvcmQ6
[02:31:29] > [...passwd...]
[02:31:44] > RSET /// Connection to "smtp-mail.outlook.com:587" timed out. (\Symfony\Component\Mailer\Exception\TransportException)
[02:31:53] < 535 5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully. Contact your administrator. [LO4P123CA0281.GBRP123.PROD.OUTLOOK.COM 2024-01-26T14:31:53.416Z 08DC1E4B43912AF4]
[02:31:53] > AUTH XOAUTH2 [...access_token...]
[02:31:58] < 250 2.0.0 Resetting
[02:31:58] > RSET
[02:31:59] < 235 2.7.0 Authentication successful
@bytestream bytestream added the Bug label Jan 26, 2024
@xabbuh xabbuh added the Mailer label Jan 26, 2024
This was referenced Jan 31, 2024
Merged
Merged
@fabpot fabpot closed this as completed Feb 3, 2024
fabpot added a commit that referenced this issue Feb 3, 2024
@fabpot
bug #53704 Fix client side connection timeout breaks mail authenticat…
03ebef7 
…ion (bytestream)

This PR was squashed before being merged into the 6.4 branch.

Discussion
----------

Fix client side connection timeout breaks mail authentication

| Q             | A
| ------------- | ---
| Branch?       | 6.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Issues        | Fix #53647
| License       | MIT

The authentication loop should only continue when an unexpected response has been received. Any other exception, for example,  `throw new TransportException('Connection to "localhost" timed out.'));` should be treated as fatal and thrown.

As demonstrated in #53647, when anything other than a server response is skipped it results in later commands not matching their expected response codes.

Commits
-------

bb2e7fd Fix client side connection timeout breaks mail authentication
fabpot added a commit that referenced this issue Feb 4, 2024
@fabpot
feature #53706 [Mailer] Add timestamp to SMTP debug log (bytestream)
4b4962a 
This PR was squashed before being merged into the 7.1 branch.

Discussion
----------

[Mailer] Add timestamp to SMTP debug log

| Q             | A
| ------------- | ---
| Branch?       | 7.1
| Bug fix?      | no
| New feature?  | yes
| Deprecations? | no
| Issues        |
| License       | MIT

When debugging #53647, the lack of a timestamp made it difficult to understand why the `RSET` was happening before a response had been received. The timestamps gave a clue towards the problem. The timestamps also help show slow connections which you're otherwise not aware of.

Commits
-------

53a637c [Mailer] Add timestamp to SMTP debug log
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Mailer Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@fabpot @bytestream @xabbuh @carsonbot