- fix not having initial 'handshake' in smtp plain auth method causing failed authentication

ip-qi · ip-qi · commit 23b58b35e846 · 2025-02-25T14:07:37.000+01:00
- fix uppercase wording for login/plain into lowercase
- added $SMTPAuthMethod in Config\Email file with default value of login
- refactor SMTPAuthenticate() to reduce complexity and code repetition
diff --git a/app/Config/Email.php b/app/Config/Email.php
@@ -30,6 +30,11 @@ class Email extends BaseConfig
      */
     public string $SMTPHost = '';
 
+    /**
+     * Which SMTP authentication method to use: login, plain
+     */
+    public string $SMTPAuthMethod = 'login';
+
     /**
      * SMTP Username
      */
diff --git a/system/Email/Email.php b/system/Email/Email.php
@@ -280,11 +280,11 @@ class Email
     protected $SMTPAuth = false;
 
     /**
-     * Which SMTP atuh method to use ('LOGIN', 'PLAIN')
+     * Which SMTP authentication method to use: login, plain
      *
      * @var string
      */
-    protected $SMTPAuthMethod = 'LOGIN';
+    protected $SMTPAuthMethod = 'login';
 
     /**
      * Whether to send a Reply-To header
@@ -2019,21 +2019,22 @@ protected function SMTPAuthenticate()
             return false;
         }
 
-        switch ($this->SMTPAuthMethod) {
-            case 'LOGIN':
-                $this->sendData('AUTH LOGIN');
-                $reply = $this->getSMTPData();
+        // send initial 'handshake' command
+        $this->sendData('AUTH ' . strtoupper($this->SMTPAuthMethod));
+        $reply = $this->getSMTPData();
 
-                if (str_starts_with($reply, '503')) {    // Already authenticated
-                    return true;
-                }
+        if (str_starts_with($reply, '503')) {    // Already authenticated
+            return true;
+        }
 
-                if (! str_starts_with($reply, '334')) {
-                    $this->setErrorMessage(lang('Email.failedSMTPLogin', [$reply]));
+        if (! str_starts_with($reply, '334')) {
+            $this->setErrorMessage(lang('Email.failedSMTPLogin', [$reply]));
 
-                    return false;
-                }
+            return false;
+        }
 
+        switch ($this->SMTPAuthMethod) {
+            case 'login':
                 $this->sendData(base64_encode($this->SMTPUser));
                 $reply = $this->getSMTPData();
 
@@ -2044,31 +2045,13 @@ protected function SMTPAuthenticate()
                 }
 
                 $this->sendData(base64_encode($this->SMTPPass));
-                $reply = $this->getSMTPData();
-
-                if (! str_starts_with($reply, '235')) {
-                    $this->setErrorMessage(lang('Email.SMTPAuthPassword', [$reply]));
-
-                    return false;
-                }
                 break;
 
-            case 'PLAIN':
-                // Generate single command for PLAIN authentication
+            case 'plain':
+                // send credentials as the single second command
                 $authString = "\0" . $this->SMTPUser . "\0" . $this->SMTPPass;
 
-                $this->sendData('AUTH PLAIN ' . base64_encode($authString));
-
-                if (str_starts_with($this->getSMTPData(), '503')) {    // Already authenticated
-                    return true;
-                }
-
-                if (! str_starts_with($this->getSMTPData(), '235')) {
-                    $this->setErrorMessage(lang('Email.failedSMTPLogin', [$this->getSMTPData()]));
-
-                    return false;
-                }
-
+                $this->sendData(base64_encode($authString));
                 break;
 
             default:
@@ -2077,6 +2060,15 @@ protected function SMTPAuthenticate()
                 return false;
         }
 
+        $reply = $this->getSMTPData();
+        if (! str_starts_with($reply, '235')) {  // Authentication failed
+            $errorMessage = $this->SMTPAuthMethod === 'plain' ? 'Email.failedSMTPLogin' : 'Email.SMTPAuthPassword';
+
+            $this->setErrorMessage(lang($errorMessage, [$reply]));
+
+            return false;
+        }
+
         if ($this->SMTPKeepAlive) {
             $this->SMTPAuth = false; // Prevent re-authentication for keep-alive sessions
         }
diff --git a/user_guide_src/source/libraries/email.rst b/user_guide_src/source/libraries/email.rst
@@ -120,7 +120,7 @@ Preference          Default Value       Options                      Description
                                         or ``smtp``
 **mailPath**        /usr/sbin/sendmail                               The server path to Sendmail.
 **SMTPHost**                                                         SMTP Server Hostname.
-**SMTPAuthMethod**  LOGIN               ``LOGIN``, ``PLAIN``         SMTP Authentication Method.
+**SMTPAuthMethod**  login               ``login``, ``plain``         SMTP Authentication Method.
 **SMTPUser**                                                         SMTP Username.
 **SMTPPass**                                                         SMTP Password.
 **SMTPPort**        25                                               SMTP Port. (If set to ``465``, TLS will be used for the connection
