search

laminas / laminas-mail

Provides generalized functionality to compose and send both text and MIME-compliant multipart e-mail messages
https://docs.laminas.dev/laminas-mail/
BSD 3-Clause "New" or "Revised" License
94 stars 64 forks source link

IMAP supports only LOGIN authentication method. Ignores LOGINDISABLE capability. #258

Open abelardoacosta opened 8 months ago

abelardoacosta commented 8 months ago

Bug Report

Q A
Version(s) x.y.z

Unknown version, it is the version used in the latest version of GLPI-Project and according to the LOGIN code it is the same. The module requirement is the following: "php": "^7.3 || ~8.0.0 || ~8.1.0", "ext-iconv": "*", "laminas/laminas-loader": "^2.8", "laminas/laminas-mime": "^2.9.1", "laminas/laminas-stdlib": "^3.6", "laminas/laminas-validator": "^2.15", "symfony/polyfill-mbstring": "^1.12.0", "webmozart/assert": "^1.10", "symfony/polyfill-intl-idn": "^1.24.0"

Summary

We have changed the mail server and receiving mail via IMAP has stopped working. It always gave a username/password failure problem. After investigating and doing some tests, the problem is in the login that sends "LOGIN USERNAME PASSWORD" and it must send: AUTHENTICATE LOGIN

The server displays the following header on the connection:

I think it is already implemented in the SMTP protocol.

I have temporarily fixed it by modifying the login function in the Protocol\Imap.php file and changing the line:

return $this->requestAndResponse('LOGIN', $this->escapeString($user, $password), true);

by:

return $this->requestAndResponse('AUTHENTICATE LOGIN',["",base64_encode($user)."\r\n".base64_encode($password)], true);

But surely this is not the correct solution since I am not a programmer.

Greetings

Xerkus commented 8 months ago

Imap implementation here follows obsoleted RFC2060 which had no LOGINDISABLE capability. Conversely, LOGIN is the only authentication mechanism supported by imap implementation here.

Not a bug strictly speaking. Marking it as feature request.

abelardoacosta commented 7 months ago

Hi @Xerkus

After speaking with my provider, he tells me that the RFC indicated (RFC2060) is obsolete. The next revision was done (RFC3051) as well. The latest is RFC9051 RFC-2060 Documentation → https://datatracker.ietf.org/doc/html/rfc2060 (December 1996) RFC-3051 Documentation → https://datatracker.ietf.org/doc/html/rfc3501 (March 2003) RFC-9051 Documentation → https://datatracker.ietf.org/doc/html/rfc9051 (August 2021)