Barebones CMS

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
STARTTLS error when using gmail account
#1
Hi,

I'm trying to install your SSO but I can't get past the mail setup.I want to use a gmail account but it says that STARTTLS command must be issued first (see attachment). If I change the smtp port from 587 to 465 the connection times out.

We are sending emails through this gmail account I'm trying to set up here using PHPMailer and it runs just fine.

If you need more info just let me know.

Thank you in advance for looking into this.

Have a nice day

Daniel


Attached Files Thumbnail(s)
   
Reply
#2
465 is the SSL-enabled port for GMail. If it is timing out, then your host is probably blocking outbound connections to that port. You can try asking them to open that port for you or you can find a different host because your current host is intentionally blocking ports.

GMail is complaining that STARTTLS isn't being used for insecure port 587 before sending e-mail. The underlying library, Ultimate E-mail Toolkit, does not currently support STARTTLS (although it wouldn't be too difficult to add). The problem with STARTTLS is that the plain-text EHLO request can be intercepted and turned into a MITM attack and so STARTTLS is basically useless unless it is forced by the client. Hence the primary reason I didn't implement the feature is that STARTTLS is inherently insecure. GMail appears to defend against a MITM attempt on the plain text port by incorrectly requiring STARTTLS. Thus, GMail is also partly to blame here for violating official Internet Standards. The spec says MITM is possible, which means MITM *MUST* be possible on that port no matter how terrible that idea sounds. STARTTLS is a feature, not a requirement. GMail is therefore broken-by-design. PHPMailer and other mail clients are broken too for using STARTTLS feature detection over plain text EHLO.

The best option is to run your own mail server. In my experience, GMail has other issues beyond their apparent STARTTLS requirement on the insecure port. It's not really a viable sending (or receiving) platform for automated processes. GMail opens the mail ports to accommodate regular e-mail clients (Outlook, Thunderbird, etc) but throttles outbound communications from a GMail account on those ports quite heavily. Setting up a GMail account for outbound server usage is asking for trouble.

You can also install SSO server without filling out the SMTP/POP3 details up front. It'll just be more difficult to diagnose issues like this one later.
Author of Barebones CMS

If you found my reply to be helpful, be sure to donate!
All funding goes toward future product development.
Reply
#3
Thanks for the quick response and explanation. I'll contact our host then or I'll have to convince our company to run our own mail server.

Thanks again and have a nice weekend.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)