Uploaded image for project: 'Observium'
  1. Observium
  2. OBS-5037

SMTP auth without SSL

Details

    • Library Bug
    • Resolution: Fixed
    • Major
    • None
    • Professional Edition
    • Scripts
    • None
    • Linux observium-isp.cell 3.10.0-1160.118.1.el7.x86_64 #1 SMP Wed Apr 24 16:01:50 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
      centos 7

    Description

      Hei All , 

      I am using 25.2.13882 , I need to send alerts via email with authentication

      I can see that by default it uses SSL or TLS , but in my case is not secured 

      $config['email']['backend']         = 'smtp';
      $config['email']['smtp_host']       = 'mail.server';          // Outgoing SMTP server name.
      $config['email']['smtp_port']       = 25;                   // The port to connect.
      $config['email']['smtp_timeout']    = 10;                   // SMTP connection timeout in seconds.
      $config['email']['smtp_auth']       = TRUE;
      $config['email']['smtp_username']   = 'myuser';
      $config['email']['smtp_password']   = 'mypass';

      tried :

      $config['email']['smtp_secure'] = NULL; 
      and 
      $config['email']['smtp_secure'] = ''; 

       

      both of them ended with authentication + secure and not only authentication

       

      Attachments

        Activity

          [OBS-5037] SMTP auth without SSL
          landy Mike Stupalov added a comment -

          Little update in r14057.

          Restored default detect StartTLS.
          By default do not verify SMTP remote hostname for certificate (your case).

          For force disable StartTLS set config option to 'no' (or boolean FALSE):

          $config['email']['smtp_secure'] = 'no';

          landy Mike Stupalov added a comment - Little update in r14057. Restored default detect StartTLS. By default do not verify SMTP remote hostname for certificate (your case). For force disable StartTLS set config option to 'no' (or boolean FALSE): $config['email']['smtp_secure'] = 'no';
          landy Mike Stupalov added a comment -

          This is was default pear library behavior.

          Disabled StartTLS by default in r14056.

          Also previously was added options for do not validate certificate hostname for StartTLS.

          landy Mike Stupalov added a comment - This is was default pear library behavior. Disabled StartTLS by default in r14056. Also previously was added options for do not validate certificate hostname for StartTLS.
          Eng Ip added a comment -

          its not SNMP relates - snmpwalk is not needed 

          these is the error even when checking the box of none in UI 

           o                      [ authentication failure [SMTP: STARTTLS failed \{enableCrypto: false; crypto_method: STREAM_CRYPTO_METHOD_SSLv23_CLIENT (57); attempts: 1; E_WARNING (2): stream_socket_enable_crypto(): Peer certificate CN=`mail.013net.net' did not match expected CN=`mailgw.netvision.net.il'} (code: 220, response: 2.5.0 Go ahead with TLS negotiation)]]

          Eng Ip added a comment - its not SNMP relates - snmpwalk is not needed  these is the error even when checking the box of none in UI   o                      [ authentication failure [SMTP: STARTTLS failed \{enableCrypto: false; crypto_method: STREAM_CRYPTO_METHOD_SSLv23_CLIENT (57); attempts: 1; E_WARNING (2): stream_socket_enable_crypto(): Peer certificate CN=`mail.013net.net' did not match expected CN=`mailgw.netvision.net.il'} (code: 220, response: 2.5.0 Go ahead with TLS negotiation)] ]
          bot Observium Bot added a comment -

          General questions and device support can be discussed in our Discord channel, click here to join.

          Please make and attach additional information about the device:

          • full snmp dump from device: 

            snmpwalk -v2c -c <community> -t 3 -Cc --hexOutputLength=0 -Ih -ObentxU <hostname> .1 > myagent.snmpwalk
            		 
            snmpwalk -v2c -c <community> -t 3 -Cc --hexOutputLength=0 -Ih -ObentxU <hostname> .1.3.6.1.4.1 >> myagent.snmpwalk

            If device not support SNMP version 2c, replace -v2c with -v1.

          • If you have problems with discovery or poller processes, please do and attach these debugs: 

            ./discovery.php -d -h <device>
            		 
            ./poller.php -d -h <device>

          • additionally attach device and/or vendor specific MIB files

          This comment is added automatically.

          bot Observium Bot added a comment - General questions and device support can be discussed in our Discord channel, click here to join . Please make and attach additional information about the device: full snmp dump from device: snmpwalk -v2c -c <community> -t 3 -Cc --hexOutputLength=0 -Ih -ObentxU <hostname> .1 > myagent.snmpwalk snmpwalk -v2c -c <community> -t 3 -Cc --hexOutputLength=0 -Ih -ObentxU <hostname> .1.3.6.1.4.1 >> myagent.snmpwalk If device not support SNMP version 2c, replace -v2c with -v1. If you have problems with discovery or poller processes, please do and attach these debugs: ./discovery.php -d -h <device> ./poller.php -d -h <device> additionally attach device and/or vendor specific MIB files This comment is added automatically.

          People

            landy Mike Stupalov
            Eng Ip
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: