mail() in lampp doesn't work - apache

I'm trting to send a simple mail script in PHP. It doesn't work and I have no error in mail log or error log.
Here's my php.ini config
SMTP = relais.videotron.ca
smtp_port = 25
sendmail_from = xxxx#xxxx.com (Of cours it's my ISP email there :D)
sendmail_path = /usr/sbin/sendmail -i -t
and my simple mail() test
mail("xxxx#xxxx.com","test","test");
Nothing's work. What could it be?

The built-in PHP mail command doesn't allow you to authenticate to an SMTP server. Your ISP SMTP server requires authentication and so is refusing the connection.
The info provided by your ISP confirms this;
SMTP server is accessible from an external network by using clear text
authentication using your code "VL" or alias for your mail Example:
customer#videotron.ca
Your options are either use an SMTP server that allows anonymous connections or (as Eamorr says) use a mailer class.

I use SwiftMailer:
require_once('../lib/swiftMailer/lib/swift_required.php');
...
function sendEmail(){
//Sendmail
$transport = Swift_SendmailTransport::newInstance('/usr/sbin/sendmail -bs');
//Create the Mailer using your created Transport
$mailer = Swift_Mailer::newInstance($transport);
$body="Dear $fname,\n\nYour job application was successful. \n\nYours,\n\nEamorr\n\n\n\n\n\n\n";
//Create a message
$message = Swift_Message::newInstance('Subject goes here')
->setFrom(array($email => "no-reply#yourdomain.com"))
->setTo(array($email => "$fname $lname"))
->setBody($body);
//Send the message
$result = $mailer->send($message);
}
You can send both plaintext and html email with ease.

Related

Problem using smtplib.SMTP_SSL with yahoo as server

I am trying to send an email through python using yahoo as my server but when I do I get the error
"ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1125)"
I'm guessing that, as it says, my ssl version doesn't match yahoo's but I cannot find what version yahoo is using anywhere. I am using ssl.OPENSSL_VERSION to identify my version which gives it as "OpenSSL 1.1.1i"
Anyone know how I can fix this? I've included the code below
import smtplib
msg = "Hello!, this is a test email. Goodbye!"
fromadd = '*****#yahoo.com'
toadd = 'email#domain.com'
subject = 'Python Test Email'
username = str('*****#yahoo.com')
password = str('********')
server = smtplib.SMTP_SSL('smtp.mail.yahoo.com', 587)
server.ehlo()
server.login(username, password)
server.sendmail(fromadd, toadd, msg)
server.quit()
and the exact error message:
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1125)
server = smtplib.SMTP_SSL('smtp.mail.yahoo.com', 587)
Port 587 is for plain SMTP, where TLS is initiated by an explicit plain text STARTTLS command (explicit TLS). For this use smtplib.SMTP with starttls().
To use smtplib.SMTP_SSL (implicit TLS, i.e. directly after TCP connect) one should connect to port 465 instead.

Authentication Required when sending mail via exim4 and gmail

hey guys a have problems with sending mail via sendmail over exim4 and gmail from my server; i created new email on gmail, configured exim to work as a smarthost but im getting error
SMTP error from remote mail server after MAIL FROM:<root#localhost> SIZE=1330: host smtp.gmail.com [64.233.162.108]: 530-5.7.0 Authentication Required. Learn more at\n530 5.7.0 https://support.google.com/mail/?p=WantAuthError r12sm5237727ljd.6 - gsmtp
here is my /etc/exim4/update-exim4.conf.conf
dc_eximconfig_configtype='smarthost'
dc_other_hostnames=''
dc_local_interfaces='127.0.0.1'
dc_readhost='host.ru'
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost='smtp.gmail.com::587'
CFILEMODE='644'
dc_use_split_config='true'
dc_hide_mailname='false'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
and my /etc/exim4/passwd.client
smtp.gmail.com:check#gmail.com:pass123
what am i do wrong guys ?

NiFi bypass host name verification in SSL context service

I am trying to connect to a REST endpoint via the GetHTTP Processor in NiFi 1.5.0.
The problem that I am faceing is, that the SSL certificate is issued to the domain but I only have direct access to the IP:Port address (company firewall).
With that I run into the problem that host name and certificate owners don't match up and the IP is not added as subject alternative name.
When I try to connect, I get this error message:
javax.net.ssl.SSLPeerUnverifiedException: Certificate for
<[IP-ADDRESS]> doesn't match any of the subject alternative names: []
Is there a way to bypass the host name verification?
I have found this NiFi Jira ticket but it doesn't seem to be addressed yet. Is there a workaround I could use?
You could try using InvokeHttp and use the "Trusted Hostname" property.
As the "Trusted Hostname" property is deprecated in recent versions of NiFi you can use the ExecuteScript processor with Ruby. The example is below. The body of the POST request must be in FlowFile contents. The body of the response will be in FlowFile contents after the processor.
require "uri"
require "net/http"
require "openssl"
java_import org.apache.commons.io.IOUtils
java_import java.nio.charset.StandardCharsets
java_import org.apache.nifi.processor.io.StreamCallback
# Define a subclass of StreamCallback for use in session.read()
class JRubyStreamCallback
include StreamCallback
def process(inputStream, outputStream)
text = IOUtils.toString(inputStream, 'utf-8')
url = URI("https://...")
https = Net::HTTP.new(url.host, url.port)
https.use_ssl = true
https.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["Authorization"] = "Basic ..."
request["Content-Type"] = "application/json"
request.body = text
response = https.request(request)
outputStream.write((response.read_body).to_java.getBytes(StandardCharsets::UTF_8))
end
end
jrubyStreamCallback = JRubyStreamCallback.new
flowFile = session.get()
if flowFile != nil
flowFile = session.write(flowFile, jrubyStreamCallback)
session.transfer(flowFile, REL_SUCCESS)
end

Gmail smtp Hostname does not match the server certificate

I'm having an error with gmail gem while trying to send a mail, this is working fine on local, and was working fine on heroku, but now im moving this app to a VPS server. This is the error:
e = g.compose do
to 'test#gmail.com'
subject 'testasea'
body 'test'
end
=> #<Mail::Message:25450040, Multipart: false, Headers: <From: .......>
e.deliver!
=> OpenSSL::SSL::SSLError: hostname does not match the server certificate
I've added this into an initializer file, without any luck:
ActionMailer::Base.smtp_settings = {
:enable_starttls_auto => true,
:openssl_verify_mode => 'none' # I've tested with 0 and false,
}
I tried to monkey path the class
OpenSSL::SSL::SSLSocket.class_eval do
def post_connection_check(hostname)
return true
end
end
with no luck, when I do that i receive a 535 Incorrect authentication data, however I know data is ok because i can do
g.inbox.count :read
And it returns me the right number.
I would like to know:
the incorrect certificate is the one my server (smtp client) is sending? or the one that is received by gmail smtp server?
why it works in local?
Why if i monkey path the class I received an authentication error?
Is there any workaround? i dont care if is not safe, is just a tenting application,.
This is only a guess, but if you are in a WHM VPS there is a function that restricts outgoing SMTP connections, you can find it in Tweak Settings.
Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak)
It redirects all SMTP connections, If this is enabled you will receive your server self-signed ssl certificate, and if you bypass it using the monkey patch or setting configuration to dont check ssl certificate you will probably found an authentication error as you are in fact connecting to the LOCAL SMTP server.
Just disable it and test again.

permanent ldap authenticated session

I am trying to build a simple web based directory navigation/administration application.
Application requirements:
An Active Directory (or another directory service) domain user access
this web application and log in with the same domain user/password
credentials.
Then the user can navigate the directory tree, create/edit entries,
edit an entry's attribute, etc..
I'm using perl Net::LDAP for the ldap operations, as in:
#!/usr/bin/perl -wT
use Net::LDAP;
use CGI qw(:standard);
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
my $ssl = 1;
my $srv = '192.168.56.110';
my $uri = $ssl ? 'ldaps://' : 'ldap://';
my $c = Net::LDAP->new($uri . $srv) or
die "Unable to connect to server: $#\n";
# !!! This is a temporary workaround !!!
my $binddn = "cn=Administrator,cn=users,dc=example,dc=com";
my $passwd = "password";
my $mesg = $c->bind($binddn, password => $passwd);
die 'Unable to bind: ' . $mesg->error . "\n" if $mesg->code;
# DN to be deleted
my $dn = param('DN');
$mesg = $c->delete($dn);
die 'Error in delete: '. $mesg->error() ."\n" if $mesg->code();
$c->unbind;
I can call this cgi script with a HTML form, as in:
<form action="/cgi-bin/del.cgi" method="post">
<br>Peter Parker
<input type="radio" name="DN"
value="cn=peter parker,cn=users,dc=example,dc=com">
<br>Clark Kent
<input type="radio" name="DN"
value="cn=clark kent,cn=users,dc=example,dc=com">
<br>
<input type="submit" value="Delete User">
</form>
The problem with this code is that the ldap operations are using administrative credentials, not the credentials of the user running the web application. I'm using this workaround because I can't ask the user for his/her credentials every time.. and I don't know how to keep a user permanently authenticated.
My web application authenticate the user via ldap, asking he's credentials and issuing a bind request to the directory service, as in:
...
# read user supplied credentials
my $user_id = param('user_id');
my $password = param('password');
# now find the DN of user_id in directory
my $ssl = 1;
my $srv = '192.168.56.110';
my $uri = $ssl ? 'ldaps://' : 'ldap://';
my $c = Net::LDAP->new($uri . $srv) or
die "Unable to connect to server: $#";
# admin credentials are needed here to find the user DN
my $rootdn = "cn=Administrator,cn=users,dc=example,dc=com";
my $rootpw = "secret";
my $mesg = $c->bind($rootdn, password => $rootpw);
die "Unable to bind: ". $mesg->error if $mesg->code;
$mesg = $c->search(
base => 'dc=example,dc=com',
scope => 'sub',
filter => "(&(objectClass=user)(sAMAccountName=$user_id))",
attrs => ['sAMAccountName'],
);
die "Bad search: ". $mesg->error() if $mesg->code();
my ($entry) = $mesg->entries;
die "User not found: $user_id\n" unless $entry;
my $dn = $entry->dn;
# User DN found.. now check the credentials
$mesg = $c->bind($dn, password => $password);
die "Unable to bind: ". $mesg->error if $mesg->code;
$c->unbind();
# credentials validated!
print header, start_html('Welcome!'), h1('Hello, YOU!'), end_html;
After that, a cookie is sent to the user browser initiating a web session.
I could keep the user credentials in a database and then pass it to del.cgi (and other similar script) any time I needed.. but I don't think it's good security practice.
What can I do to keep a permanent ldap authenticated session as long as the web session is active?
There is no session. When an LDAP client connects to the directory server, the connection is unauthenticated. The bind request, should it be successful, establishes the authorization state of the connection. The connection remains in that authorization state until the next bind request, client disconnect, or server disconnect. Depending on the local setup, it may be possible to keep the connection open indefinitely with keep-alives or something similar. or the client can transmit another bind request periodically. Modern, professional-quality directory servers support disconnecting idle clients, or disconnecting clients after a certain period of time has passed, or after a set number of LDAP operations have been transmitted. Note that network administrators may disallow permanent connections for reasons of their own.
LDAP clients should check for response controls after the LDAP requests. Failure to check for response controls will result in the client missing important information from the server.
LDAP clients must be aware that the server can send an unsolicited notification in the form of an extended result. Failure to be handle the unsolicited notification can result in a badly behaved LDAP client. Most notifications are disconnect notifications, meaning the server is disconnecting the client for whatever reason.
Please see "LDAP: programming Practices" for more information.
Out of curiosity, why code such a thing? Apache Directory Studio is an excellent LDAP client.