search

markov2 / perl5-MailTools

Various ancient e-mail related modules
http://perl.overmeer.net/CPAN
1 stars 2 forks source link

SMTPS support #3

Closed Tachi107 closed 2 years ago

Tachi107 commented 2 years ago

Originally opened on https://rt.cpan.org/Public/Bug/Display.html?id=143873

I was reading Mail::Mailer's manpage and saw that SMTPS support doesn't seem in a great shape.

The manpage says that to use SMTPS you have to use the deprecated Net::SMTP::SSL module, but Net::SMTP has been supporting SMTPS since version 1.28 (Perl 5.22), so could you please consider using that instead?

In case you didn't know, the smtps port 465 and its usage have been un-deprecated in 2018, and its usage is now highly recommended, as opportunistic TLS with StartTLS is now considered not secure enough.

Tachi107 commented 2 years ago

I will consider everything... but have no active knowledge about the state of the SSL modules. That piece of code is written by other people in the previous century.

So: please be very specific with your suggested code and documentation changes. In that case, I will probably apply it.

What I mean is making it possible to send SMTPS emails with the "smtp" method, by passing "SSL => 1", similar to how it is done with "StartTLS => 1".

As the "smtp" method already uses Net::SMTP, I believe that enabling smtps support is as simple as setting the SSL parameter to 1. I've read the docs on https://metacpan.org/pod/Net::SMTP

In case you didn't know, the smtps port 465 and its usage have been un-deprecated in 2018, and its usage is now highly recommended, as opportunistic TLS with StartTLS is now considered not secure enough.

The preferred policy is something to mention in the manual-page, but does not change the code which should offer alternatives.

Ok, I think I can help with that.

Please provide explicit patches.

I've never used Perl, so I don't know how much easily I could manage to implement this new feature. Since it seems trivial to do, I'll give it a try.

Tachi107 commented 2 years ago

I'm finding it quite hard to wrap my head around how the current codebase works, but I think that the lines that should be modified are these:

https://github.com/markov2/perl5-MailTools/blob/f3a5fb53781e7e7a7e9aada7ba4fe3c049e85b46/lib/Mail/Mailer/smtp.pm#L16-L31

It should become something like:

    my $smtp;

    if($opt{SSL})
    {   $Net::SMTP::VERSION >= 1.28
            or die "SSL requires Net::SMTP 1.28";

        $smtp = Net::SMTP->new($host, %opt, SSL => 1)
            or return undef;
    }
    else
    {   $smtp = Net::SMTP->new($host, %opt)
            or return undef;
    }

@markov2, is that valid Perl? Do you think it is possible to make this cleaner? As opposed to starttls, SMTPS (SSL) support must be enabled when calling new(), according to the Net::SMTP documentation

markov2 commented 2 years ago

libnet 1.28 was released in 2014 (according to the Changes file). This is long enough ago to make it a package requirement without forcing too many installations to upgrade Net::SMTP. This simplifies your code into:

my $stmp = Net::SMTP->new($host, %opt, SSL => $opt{SSL})
        or return undef;

However: the whole %opt is already passed, so explicitly passing SSL is double, hence useless. For now, I only see a need to upgrade the Net::SMTP minimal version requirement.

Why doesn't your code work with the current version of the library?

Tachi107 commented 2 years ago

the whole %opt is already passed, so explicitly passing SSL is double, hence useless.

Oh ok, I didn't try passing SSL => 1 to Net::SMTP, I though that some other changes were required.

Why doesn't your code work with the current version of the library?

I'm not using the library directly, I've encountered while trying to get caff working.

In the end my patch didn't work anyway, and it seems that passing SSL => 1 isn't enough to send emails from caff using my remote SMTP server.

I just gave up and set up a local MTA instead (I've used nullmailer to be precise).

In the end I don't know if the issue is in your library or caff, and my Perl skills are non-existent so I'm unable to figure it out by myself.

Thanks for bearing with me and my useless issue :)

Tachi107 commented 2 years ago

Oh, forgot to say, it may be worth mentioning in the manual that sending emails via the submissions (465) port with implicit TLS is possible by passing SSL => 1, similar to how StartTLS works.

markov2 commented 2 years ago

Actually: I am really happy when people report issues. Even when they end up being non-issues. Net::SMTP has many options, which require a lot of documentation. Copying part of that content (like a remark on the submission port) is hazardous and hard to maintain. That's why I only refer to the module.

Your report did result in an improvement of the library with patch https://github.com/markov2/perl5-MailTools/commit/6a627b327bedc93cb7bcbd35e475363f47a6eb34

Tachi107 commented 2 years ago

That's nice, thanks!