Open Jonatanestam opened 7 years ago
shogunpol
commented
7 years ago @Jonatanestam , the issue has been tested on recent version of SuiteCRM(7.7.8), and not appear, however, i did test using gmail, and it work in my instance only for SMTP port 587. Also when you click "SEND TEST EMAIL" button, please retype password again and save it. Please let me know if this helps.
Jonatanestam
commented
7 years ago @shogunpol, It's true that when you change the postfix config from plain text to ssl / tsl, the default port changes, but I modified the file /etc/postfix/master.cf, so it won't happen . I can send emails from Outlook, Android and iOs using the same port (25) .
I tried retype password again and saved it, but it still does not work.
Logs
Unsuccessful attempt 1 (TSL). `
`
Unsuccessful attempt 2 (Plain Text) `
`
Successful attempt 3 (Plain text, whenI disabled TSL/SSL in postfix main.cf configuration file) `
supernoveau
commented
7 years ago @Jonatanestam in the Postfix config smtp is used to send email whereas smtpd is used to receive emails.
I have a similar issue using TLS and Postfix smptd- identical message: Error:SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting.
I have a strong email password as suggested as relevant here: https://github.com/salesagility/SuiteCRM/issues/1123.
I have tried the public $SMTPAutoTLS = false; fix in include/phpmailer/class.phpmailer.php suggested there too, with no impact.
pgorod
commented
7 years ago I've had problems with STMP Connect failed, and I have seen they are popping up more frequently in the forums. I've been waiting for a well-defined case to post as an Issue, but I don't have one. I still don't understand exactly what works and what doesn't. Most people (me included) end up solving this by changing email accounts or email authentication methods, but we should be able to use any valid method with proper credentials.
I am sure there's a bug somewhere.
chris001
commented
7 years ago @Jonatanestam @almccann If you go thru #1123 there are many fixes to try. Especially:
extension=openssl.so to php.iniThis is a bug, because, the code should be good enough that, "IT JUST WORKS (tm)".
supernoveau
commented
7 years ago I have tried everything in 1123 @chris001 .
If I add $this->SMTPDebug = 2; to line 89/90 of include/SugarPHPMailer.php the log detail is identical: SugarPHPMailer encountered an error: SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting in suitecrm.log. No difference either if I change SMTPDebug = 0 to SMTPDebug = 2 in the parent include/phpmailer/class.phpmailer.php.
I am using TLS and port 587.
I have compiled PHP with openssl support (i.e. --with-openssl=/path/to/openssl in Configure Command and OpenSSL support enabled of phpinfo()).
I have public $SMTPAutoTLS = false; in include/phpmailer/class.phpmailer.php.
Which other fixes do you refer to as "many more"? There is commentary in 1123 about bugs with strong passwords versus weak passwords but I don't see a resolution.
chris001
commented
7 years ago Strong passwords refers to the issue with using extreme punctuation marks in passwords. Try using a password with only alphanumeric characters. A-Z, a-z, 0-9. Will get back to you about the other fixes.
chris001
commented
7 years ago @almccann
supernoveau
commented
7 years ago Thanks @chris001
I am running Postfix on a remote host with Let's Encrypt. The report from openssl s_client -starttls smtp -crlf -connect almccann.almccann.com:587 passes and returns 0 as per suggested external test in troubleshooting PHPMailer link.
If I reset password while logged out via 'forgot password' link response is:
2017-05-10 01:45:05 SERVER -> CLIENT: 220 almccann.almccann.com ESMTP Postfix (Debian/GNU) 2017-05-10 01:45:05 CLIENT -> SERVER: EHLO suitecrm.almccann.com 2017-05-10 01:45:06 SERVER -> CLIENT: 250-almccann.almccann.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN 2017-05-10 01:45:06 CLIENT -> SERVER: STARTTLS 2017-05-10 01:45:06 SERVER -> CLIENT: 220 2.0.0 Ready to start TLS 2017-05-10 01:45:07 SMTP Error: Could not connect to SMTP host. 2017-05-10 01:45:07 CLIENT -> SERVER: QUIT 2017-05-10 01:45:07 SERVER -> CLIENT: 2017-05-10 01:45:07 SMTP ERROR: QUIT command failed: 2017-05-10 01:45:07 SMTP connect() failed. And when you read the Postfix logs on the remote host, what does the detailed error say, at 2017-05-10 01:45:07.
I can guess what it says. I'll let you post it for the readers here to learn from.
If the postfix log doesn't say enough details, then you need to increase the logging detail level in the postfix config, and do the password reset again, until you get postfix to log the detailed reason for the error.
supernoveau
commented
7 years ago Thanks @chris001
Increasing the log level just logs the encrypted bytes.
Here is the log:
May 10 01:45:05 almccann postfix/submission/smtpd[5160]: connect from d23-16-203-158.bchsia.telus.net[23.16.203.158]
May 10 01:45:06 almccann postfix/submission/smtpd[5160]: Anonymous TLS connection established from d23-16-203-158.bchsia.telus.net[23.16.203.158]: TLSv1.2 with cipher ECDHE-RSA-AES1
28-GCM-SHA256 (128/128 bits)
May 10 01:45:07 almccann postfix/submission/smtpd[5160]: lost connection after STARTTLS from d23-16-203-158.bchsia.telus.net[23.16.203.158]
May 10 01:45:07 almccann postfix/submission/smtpd[5160]: disconnect from d23-16-203-158.bchsia.telus.net[23.16.203.158]@almccann
supernoveau
commented
7 years ago @chris001
smtp_use_tls and smtpd_use_tls are deprecated for smtp_tls_security_level and smtpd_tls_security_level. I use these with may which is equivalent.
I'm not caching nor insisting on high ciphers.
The Dovecot SASL configurations are the same. I also include the path to the CA directory smtpd_tls_CApath which is an improvement.chris001
commented
7 years ago @almccann Did you mean Postfix? Dovecot, the IMAP server, is for reading email. Postfix, the SMTP server, is for sending email, which is what this issue is about. I suggest you do this, to set a known good baseline Postfix configuration:
.conf configuration files in /etc to a folder ~/etc/ located in your home folder.wget http://software.virtualmin.com/gpl/scripts/install.sh
b. Are you sure you set a fully qualified domain name for your system? This one is really important. Find out with the following command:
hostname -f
If it is fully qualified, continue to the next step. If not, read up on fully qualified domain names before proceeding. You'll thank me later.
c. sudo /bin/sh install.shsupernoveau
commented
7 years ago Hi @chris001
Why do you think the mail configuration is the issue and not PHPMailer or another class?
The mail server is working on port 587 using TLS. The response from openssl s_client -starttls smtp -crlf -connect almccann.almccann.com:587 returns 0 as expected, and according to the PHPMailer troubleshooting guide the verify error:num=20:unable to get local issuer certificate is not a problem for PHPMailer.
I send using mac mail and openssl connects.
No, I meant Dovecot. Postfix uses Dovecot to implement SASL: http://www.postfix.org/SASL_README.html.
I use the FQDN- that's the FQDN I am connecting to when I verify using openssl.
Using another piece of software relying on shell scripts to edit configuration files just adds another layer of complexity to the mail server I don't want. When I see your suggestion I ask:
supernoveau
commented
7 years ago Further to the above, I have tested my mail server connection with nodemailer and this service is able to connect and send email, only if tsl.rejectUnauthorized:false is set because the TLS certificate is self-signed.
This is the nodemailer test code I used: https://github.com/almccann/nodemailer-example.
Does this type of flag exist in PHPMailer or your codebase for self-signed certificates? Does this clarify the mail server is configured adequately?
@chris001
supernoveau
commented
7 years ago Finally, thanks for all your help @chris001
The issue ended up being not including the FQDN as a domain to the certificate.
chris001
commented
7 years ago @almccann
Your choice whether you install Virtualmin. It's optional, but it's very helpful. It runs on nearly all Unix based OS. It's probably the most popular GPL free open source server control panel. It maintains your working baseline smtp server config, and alerts you when the config is not good, which'd make adjusting your smtp server's security config easier for you to work with than manually editing config files blindly, but if you don't want to install any server control panel software, that's fine.
Next, about your TLS cert. Self-signed certs are highly frowned upon, insecure, worthless, garbage, and totally unnecessary now that we have Let's Encrypt ("LE"). You said you're running postfix with a genuine LE TLS cert, now you say "the TLS certificate is self-signed". It can't be both. Which one is it? It's possible your LE cert expired and therefore is rejected. LE certs expire after 3 months. You must run a script to auto renew it. "The correct fix for this is to replace the invalid, misconfigured or self-signed certificate with a good one. " References: https://github.com/PHPMailer/PHPMailer/issues/540 https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting
Another bonus point to use Virtualmin is, it automatically renews your LE cert every 90 days when they're about to expire.
chris001
commented
7 years ago @almccann If Virtualmin control panel had been managing your server, you wouldn't have even had this issue. Virtualmin automatically generates, and renews, the LE TLS cert for you, and includes the FQDN automatically on the cert. @Jonatanestam Are you running your smtp mail server with a self-signed TLS cert?
Jonatanestam
commented
7 years ago @chris001 I´m running smtp mail server with a Comodo Cert, it is active and works fine.
I only use strong passwords (upper and lower case letters, numbers and special characters), I've decided to quit using insecure passwords.
chris001
commented
7 years ago @Jonatanestam Can you increase the php.ini log_errors setting, try resetting your password as described above, try sending sending a mail with TLS. Is it still failing for you. Post your php error log entries showing the error while sending mail, with personal information redacted.
This error and many others like it, will be far easier to solve, when an onscreen error report will be added to the app.
pgorod
commented
7 years ago I'm seeing 2 or 3 posts a week on the forums with this issue. It seems we still don't have a complete diagnosis and a solution. I wonder if we should try to enlist any of those people from the forums to get them to contribute some testing on their systems? What should we ask?
chris001
commented
7 years ago That's a great question... for the SuiteCRM developers.
chris001
commented
7 years ago @mattlorimer Many related issues for SMTP #1123 #3423 #3647 #2895
sergio91pt
commented
7 years ago @Jonatanestam
I'm assuming the ssmtpd_ options you posted are typos, and they're correct in the configuration file.
You should set smtpd_tls_security_level to may. According to the documentation, encrypt is not standards-compliant:
You can ENFORCE the use of TLS, so that the Postfix SMTP server announces STARTTLS and accepts no mail without TLS encryption, by setting "smtpd_tls_security_level = encrypt". According to RFC 2487 this MUST NOT be applied in case of a publicly-referenced Postfix SMTP server. This option is off by default and should only seldom be used.
Is the mail server and the crm on the same machine? Your logs, on the first post, imply so. Or are you sing some sort of proxy?
Normally there's no point in using TLS on the loopback. Unless you want to force authenticated email, since your server supposedly has smtpd_tls_auth_only = yes.
Is that the case?
If so, are you sure it is correctly configured? What are your smtpd_sender_restrictions and mynetworks?
Now, it is clear that you don't have a proper hostname configured on your server.
Run postconf myhostname
Does it match your certificate or is it localhost.localdomain? This was also almccann's problem.
Jonatanestam
commented
7 years ago @chris001 Sorry for my late reply. I changed server and I was busy.
Php log error:
[Fri Jun 23 10:04:07.661381 2017] [:error] [pid 26271] [client xxx.xxx.xxx.xx:50481] PHP Warning: stream_socket_enable_crypto(): Peer certificate CN=mydomain.com' did not match expected CN=localhost' in /var/www/html/mydomain.com/crm/include/phpmailer/class.smtp.php on line 369, referer: https://mydomain.com/crm/index.php?module=EmailMan&action=config
@sergio91pt I set smtpd_tls_security_level to may: /etc/postfix/main.cf -smtpd_tls_security_level = may /etc/postfix/master.cf -o smtpd_tls_security_level = may
Then I restarted the service systemctl restart postfix.service
Php error:
PHP Warning: stream_socket_enable_crypto(): Peer certificate CN=mydomain.com' did not match expected CN=localhost' in /var/www/html/mydomain.com/crm/include/phpmailer/class.smtp.php on line 369, referer: https://mydomain.com/crm/index.php?module=EmailMan&action=config
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination mynetworks = myPublicIP.0/28, 127.0.0.0/8
I don’t have smtpd_sender_restrictions
postconf myhostname myhostname = server.myDomain.com
sergio91pt
commented
7 years ago @Jonatanestam If you're running the email server in the same machine, you don't need TLS. In the CRM, disable TLS and don't use authentication and it will work because of mynetworks.
With that configuration, you can't force authenticated email anyway. Any CRM user can use 127.0.0.1 as their SMTP server and send email using whatever they want in the From field (which is used for the MAIL FROM command). Any compromised account can transform your CRM in an open mail relay.
Did you use localhost as the SMTP server?
Change it to mydomain.com. TLS should work now.
chris001
commented
7 years ago @Jonatanestam Thanks for providing the php error log message.
The solution to this issue would be to either:
localhost hostname, in other words, you're trying to access the locally hosted mail server thru the loopback interface name and IP for higher speed, rather than use the locally hosted mail server's public name, interface, and IP.It'd be smart to also add a nice looking onscreen error message reporting feature, to make these errors much faster to solve the first time!
Jonatanestam
commented
7 years ago @chris001 @sergio91pt
Finally I can send emails.
I saw the error log "CN=mydomain.com' did not match expected CN=localhost'" and I understood that I had to replace localhost by mydomain in SMTP Mail Server.
Then I didn't see any errors in the php log, but it doesn't worked. I retypeed mail password and saved it. Now I can send mails.
Thanks alot for your help.
sergio91pt
commented
7 years ago @chris001 Regarding point 2, the correct way is to use /etc/hosts.
Let's face it, if we take into account the current state of SuiteCRM there's no reasonable use case. If you require SSL/TLS for localhost, you're not running an authenticated relay for SuiteCRM but, probably, a full fledged mail server with open ports. That is a huge red flag. Threat model? Both services are probably accessible from the internet.
Out of the box SuiteCRM is very susceptible to brute force attacks:
[A-Za-z0-9]{6}. Users can use even weaker passwords.Also Module loader cannot be easily disabled (although this is available - haven't tested it yet). Compromise an admin account and you have a trivial way to install a backdoor.
And if you think nobody knows about your CRM...
I just don't know how hacking only amounts to #3423 for now, could be much worse. A CRM stores sensitive customer information and is probably a very enticing target for hackers.
chris001
commented
7 years ago Thanks @sergio91pt
The weak password hash issue is also mentioned in #1197
@JimMackin reason for raising the issue is confirmed here:
http://php.net/manual/en/faq.passwords.php#faq.passwords.bestpractice
Sugar 6.5 made a big deal of upgrading from md5() to crypt(), but the password_hash() method from #1197 is better yet than crypt(): Plus, there's an official php.net compatibility library for PHP < 5.5.
https://developer.sugarcrm.com/2012/05/16/new-for-sugar-6-5-stronger-password-storage-encryption/
@salesagility @gregsoper Is the brand name SuiteCRM trademarked? You should do a trademark claim and get all of the SuiteCRM squatter domains taken down. It's unethical/illegal for them to run a website using the brand name in the URL, that reflects badly on the software. http://suitecrm.co http://suitecrm.no http://suitecrm.fr http://suitecrm.se http://suitecrm.dk http://suitecrm.be http://suitecrm.ro http://suitecrm.cn 90 found! Most are surely squatters. See all of them here: https://www.tcpiputils.com/domain-search You'll need to type the keyword "suitecrm" and click GO.
pgorod
commented
7 years ago Very good points.
While we're discussing Security, let's not forget this SugarCRM 6.5.25 update is waiting to be merged: #3226. On their site they say this is a security update and "we strongly recommend that you install this update at the earliest opportunity."
And if everybody on this thread goes into this Trello suggestion and votes for it, it will surely climb to the top of the backlog list.
chris001
commented
7 years ago @pgorod Sales Agility Ltd is currently working on customizing SuiteCRM for rich clients located in 7 wealthy first-world countries. Their team currently stands at only 32 engineers, architects, business analysts and support engineers. They just aren't devoting enough resources to timely update the product here on girhub! Very little incentive!
gregsoper
commented
7 years ago @chris001
How exactly do you expect us to finance the 5 person full-time product team?
A magic money tree perhaps?
I get terribly exasperated by comments like this. Unwarranted, ungrateful, unnecessary and most of all unknowing.
If you are aware of a different business model that enables us to keep innovating, keep updating, keep supporting and keep improving SuiteCRM, then I'd be interested to hear it.
Otherwise, less noise and more light would be appreciated.
pgorod
commented
7 years ago @chris001 I was going to come here and write more or less what Greg wrote. Of course they're trying to make money, I hope they make tons of it. It would only benefit SuiteCRM, the powerful open-source project we're all enjoying for free.
If somebody spends, say, $10.000 a month on something which benefits me, do I go and complain that they should be spending $20.000 a month on it? Or complain if they can recover that amount and make some profit, when business goes well? I really think all I can say is "thank you". This is not taking sides, it's not flattery or boot-licking, it's plain and simple justice - and logic.
I realize you're frustrated and bitter; how could I not realize it when you've been airing it in every post, every comment for the past month? But please, deal with it in a more productive way, because frankly you're making these online communities a bit like those offices where one doesn't want to walk into in the morning, because one knows there will be people there "angry by default".
I share with you some of the technical objectives you've been asking for and promoting. I highly value your input into this project. But I don't see how you feel this attitude is going to be productive. You're not bringing SalesAgility in your direction, you're alienating them and making them tired of your constant repetition.
At this point it really doesn't matter how right you are, because you lose your reason because of the tone, because of the way you address SA employees. I see them working hard. I see them passionate and involved with the project. I see them sensitive to code quality issues. I see them setting up their team and their processes. Ok, then a lot is still left undone, unchanged, and delayed. They are not perfect, they are not omnipotent, but neither are we, right? Can we now team up work together to the best of our abilities and resources? Can we now cut each other some slack, and be polite, and friendly, and patient?
SuiteCRM doesn't just need a better SalesAgility, it also needs a better Chris. I think both are needed for this project. Let's keep people wanting to walk into this "office" every morning, we all benefit in the long run.
Sorry if I'm being unjust in any way - if I was too aggressive calling for less aggressiveness, I evidently failed and I apologize... Peace.
chris001
commented
7 years ago @gregsoper Thanks for your reply. Sorry if you felt exasperated. I could say the same thing, and I think I'm speaking for many from the community here, we/I've felt terribly exasperated, many times. Grateful at many times as well.
Let's see what we can do to reduce the amount of exasperation and increase the amount of good times.
Activate Google AdSsense on all pages of the community forum. This should bring in between several hundred to 1000 pounds per month, maybe more, depending on total number of visitors and other factors. Enough to fund 10-30 developer hours per month. This would make a nice positive impact on product development. And suitable because AdSense funds are generated directly by community user activity in the forum.
Start another crowd funding campaign. As I mentioned in Nov 2014, after the Oct 2014 campaign https://www.kickstarter.com/projects/1212639306/100-enhancements-to-suitecrm-in-400-days-open-sour funding was unsuccessful due to goal not reached, do it again right away, yet this time AVOID KICKSTARTER it's terribly unsuitable because you either reach goal, or you get nothing, and your amount sought was too high and the campaign length too short and your visibility not large enough, to get there in time. Instead of KS you must use one of the many crowd fund raising platforms which allow you to receive every pound, dollar, euro contributed (IndieGogo is one example but there are many others) regardless of goal reached or not. Then, obviously, fund the app development as you go, based on quantity of funds received. Let the fundraising campaign never end, it can and should go on and on until the product quality performance and features are perfect and fully caught up to and surpassing competing modern CRM software quality and feature standards, fully able to install and run Sugar 7 modules, etc.
Form a separate entity similar to Joomla's Open Source Matters organization, which receives contributions, AdSense revenue, donations, and contributions toward software development. It's important to keep the commercial interests of your company separate from the pure product development interests of the software. More donations will be forthcoming as companies and individual donors will get the assurance they're giving to the non profit organization whose purpose is to better the open source software and not giving to a commercial company.
gregsoper
commented
7 years ago @chris001
Thank you for a more positive tone. It would be appreciated if this was maintained going forward.
chris001
commented
7 years ago @gregsoper
Thank you for everything you do Greg.
Now, let's get to the action and make this better. Of the 3 action items mentioned above which are for the benefit of the better funding and more community-driven development of the software - 1. Google AdSense on the Community Forum, 2. Start a new crowd funding campaign on an open ended platform such as IndieGogo to fund developing the software, and 3. Establish a not for profit corp to govern the project software development much like Joomla has done to great success with OSM, could you please comment. Agree with time frame, disagree with your fully detailed reasons, etc. Speaking on behalf of the community and with an understanding of how community driven open source works, 1 and 2 need done as soon as possible Friday if you have free time, 3 needs done as soon as about $2-3000 in funds become available from crowd funding and/or adsense revenues.
gregsoper
commented
7 years ago @chris001
With respect: We have a business plan and a strategic plan that are designed to deliver more and better community services and code to the project. It does not include any of the above. I won't discuss these in public or outside of SalesAgility and our trusted advisers. I appreciate your enthusiasm and input but ask you to trust us to deliver on our plans. We have made huge progress in the 3.5 years since we forked SugarCRM. We intend to continue on a path that we confidently expect will deliver community and code we can all be proud of and can all be part of.
chris001
commented
7 years ago @gregsoper Interesting. Why the "won't discuss these in public" secrecy about your strategic plan not including fund raising thru AdSense, Crowdfunding, and formation of a not for profit entity to govern the software development? Is it because of your concerns related to your commercial business? Please provide detailed explanation of the nature why you don't want to share your strategic plan to help the software grow without external funding or community software development governance, to the github community here watching this thread.
gregsoper
commented
7 years ago @chris001
chris001
commented
7 years ago Thank you @gregsoper for your two snaps and a twirl, heard across github.
In reply to your points above:
Question: When compared with how the example project described in the video is managed, in which ways could the SuiteCRM open source project be managed better as an open source project?As always, all are welcome to join in the conversation.
samus-aran
commented
7 years ago @chris001
You've missed the point Chris and choosing not to listen again. You did ask him to repeat – repeat to disclose information and strategies that don't need to be provided to an individual member who requests it because they demand it. We have told you, with respect and professionalism which you seem to be lacking more day by day, that we don't answer to you specifically. You are a member that chooses not to listen and rage personal attacks to 'get attention'. You're attitude is terrible and you have stepped over the line with the above post. Your comment is not progressing the discussion, not respecting an opinion, and you are pulling insults (seriously, autistic..) to make a 'point' which is simply an opinion not fact. When we do declare strategies they are publicly announced and discussed then and have been but you are choosing to not see them or want everything done immediately. This project is not a foundation and therefore doesn't have community members head of their departments or have even established anything of that magnitude. You are pulling these big projects whom have again had more years and footing than most open source projects do and where did they started off at may I ask? Pretty sure they held their strategies internally until they decided it it was logical to open it out to the community... You come across has having a very narrow view of what an OS project is and that its one way or the other. Strategies and company information are not a term anyone would deem as a 'secret' so claiming we hold them is not true and another wrongful accusation to suit your argument.
So with that Chris, its pretty disheartening that you have stooped that low to voice your opinion with petty insults and don't appear to be accepting anything we say. You've purposely twisting our words to suit your agenda which is using the wrong attitude to 'helping' the community by firing an attack over things that you know are in progress, you know that are in discussions and you know we don't feel we need to address you individually. To that conclusion we have decided to place a temporary ban on you for a 3 month period and have released a Code of Conduct along with the project. Please review and hopefully you'll reflect on your inappropriate approach on trying to 'help' the project and return with a better attitude and better ways to communicate.
muratyaman
commented
7 years ago You've just lost a huge contributor! Pity! I'm not sure who has a "hidden" agenda here! What's so sensitive in your roadmap you cannot share with the community?!
You focused on 7.9 for email client, some people decided that it had the highest priority, instead of fixing hundreds of bugs here or merging so many pull requests waiting in the queue, and yet you have "successfully" created so many more bugs on 7.9!!
You write code, and you don't test it?! and then expect the community sort out the mess for you?! If so, at this rate, you will lose many more contributors and it can only get worse.
I understand you expectations from community, like constructive criticism, politeness, positive tone, etc. Your attitude has to change as well.
This codebase itself is already a very big source of stress for everyone involved! We don't need extra stress, right?
If it's a huge responsibility, let's act like it is.
Cheers.
pgorod
commented
7 years ago @muratyaman I understand your frustration, and I'm not happy with the way things went, but also - maybe this my portuguese character coming up, we are mellow and typically don't opt for conflict - I am completely unable to understand what kind of positive result Chris could expect from his stance.
I am subscribed on almost every thread in the forums and tons of Issues and PR's here, and there were literally dozens of posts by Chris insisting on the same things, asking for "detailed clarifications" where people were obviously not interested in giving them. It was very tiresome even for me, and I was not the target of his insistence. It was truly a collision course, deliberately chosen, and in my view very poisoning for the community.
This doesn't mean that I would have banned him, but it means I've been scratching my head over this in the past weeks, wondering how could he be calmed down and especially, how could he adapt his expectations and his demands to what the other side expects and demands. Because I wasn't seeing that attitude of really trying to see things from the other side's perspective and position, and trying to build from there, not from some idealized vision of what open-source should be.
PR's should be merged - fine. Bugs should be fixed - fine. New versions shouldn't introduce many new bugs - fine. Repeat all this thirty times and try to force a company into changing into what you think it should be - NOT fine.
I am speaking on my own behalf, I have my opinion. I am with Chris on many of his technical opinions, I am not with him on his chosen collision course with SalesAgility. So it is important to point out he doesn't speak for the Community (and obviously neither do I).
This could all have gone so much better, with just a bit more patience and understanding...
horus68
commented
7 years ago I considered this ban an overreaction if only based on the public words by @chris001 3 months for a ban? Also find it strange that a code of conduct was written after the ban, not before it.
As I already posted in the forum https://suitecrm.com/forum/announcements/14874-suitecrm-7-9-2-maintenance-patch-now-available#49989 Salesagility has been losing community power users. But that's their option to do so. We are seeing here is a company planning things differently from some of their support community. It's their right and if users don't like it they must leave and create a fork or stay but quiet. As for now, I will wait to see those promised plans from SalesAgility. But you all know what happens when things come to this point, no software stays the same.
samus-aran
commented
7 years ago Hi @horus68
We had the code of conduct discussed internally due to Chris attitude in the prior weeks. But no the code of conduct didn't come after, it came at the same time.
Of course we don't feel it was an overreaction and you are free to discuss that, but we felt it was justified. We had spoken to chris on a number of occasions, and it looked as though he was calming down and taking a more positive tone to express his opinions. However the latest post was not and sadly we didn't feel he was going to get any better unless we do everything (disclose and implement) he expected. We felt that his choice of words were extremely poor and insulting and no one, not a SA team member or the member of Community, should or would stand for. He wasn't providing a positive attitude in the way he was voicing his opinion and thus felt a temporary ban was a suitable action.
I know you have address the forum post to which I have responded and so we can only go from here on the plans put into place to resolve bugs etc, but that doesn't deter the fact that chris, as a member of the community, was not something that was a benefit to the project unless his attitude changes.
samus-aran
commented
7 years ago Sorry @muratyaman I didn't see your post.
We don't have a 'hidden' anything. What we were referring to was the funding aspect and disclosing a public management team. The roadmap is public (not very much we admit at the moment) and will be but that isn't the issue here.
Regards to this release, we completely agree. Learning from the short 3 month release cycle we felt the amount we took on was highly underestimated and thus here we are. The decision to tackle that email client was briefly discussed in the forum stating that we also underestimated the use of it a mistake we won't re-do again.
That is why we have re-focused on the stability of the instance on 7.10 and agreed that the product can not continue the way it is going if we don't tackle a serious dent on the bugs. We felt we weren't able to do so as we had already schedule 7.9 to be email client and there was no way we would've done both feature and bug fixing-athon during those small 3 months on our then team's resources (smaller than they were now).
That's not exactly true, we don't expect the community to sort out the mess not at all - I don't think I actually said anything like that. What we would like is the community to help us test the PRs that the community supplies and lets be honest that not all the bugs are our - alot are legacy.
Its a shame that you feel we view the Community differently than we actually do. We are always positive to the community but honest - we don't think we have addressed the community as anything rude or faulting without taking on criticism ourselves. I would honestly be interested in how that can be addressed because that is clearly something that is perhaps we are not open with.
However we felt a ban of a single member was required for a foul and insulting attitude to a team member and highly doubt that it would've improved. It is a temporary ban and any ban is not a thought taken lightly - considering we haven't had on in the 3+ years of actually beginning the project.
gregsoper
commented
7 years ago For Everyone:
It may help if you understood a little about us:
We are growing up in public. Nobody in SalesAgility has led an open source project before. We are learning as we go. This is not easy.
When we forked SugarCRM 3.5 years ago, there were 8 of us. It was a brave thing to do. Some might say foolish. There are now 34 of us and we expect there to be 40 by the end of this year.
We have to maintain a balance between the commercial projects that we do and the full-time SuiteCRM Product team. The commercial work that we do is what pays for the Product team to work exclusively on code for the community.
There are now 5 members of that team. Put that in context: When we forked, there were none. We developed code in the gaps between commercial projects. We have made a lot of progress and we continue to invest. We expect the Product team to double in size over the next 12 months and probably double again the year after.
This is a big project, with a big code base and a big community. To service that very well requires more resource than we have today. We tread a fine line in trying to balance all our objectives within a constrained resource pool. We don't always tread that line perfectly.
Our commitment to open source and to community is at the heart of what we do and who we are. Please do not expect everything to be perfect today, or even this year. We are a learning organisation. We fail, learn succeed. The difference when you're running an open source project is that everyone sees every mistake we make.
It would be appreciated if you could reflect on what we are doing and have done:
We have created a great product and we continue to invest in the product. We have created a great Product team and we continue to expand the team. We have created a large and vibrant community and we continue to invest in that community. We have made a commitment to being a completely open source project and we continue to articulate that commitment.
Put that into a big picture:
This is a project that is improving and at its core has a burning desire to improve. This is a project that is growing. This is a project that IS committed to the community.
Once you have done that, then I hope you will assist us in our mission to create the world's best CRM application and have every line of code as free and open source.
We can't do it without you. We are not perfect, we don't have infinite resources to resolve every PR quickly, we don't have infinite resources to fix every bug tomorrow ... but our aim is to get there.
As far as Chris001 is concerned, I support the ban. His final post contained insulting comments made about us being "autistic" that were deeply hurtful to at least one member of our team including one who has a child on the autism spectrum. That is not acceptable. We are time constrained. I would rather the Product team was working on issues, PRs, new code and community than being sidelined for hours by a persistently and aggressively argumentative community member who didn't want to listen to the answers we provided.
rainolf
commented
6 years ago I've added around line 79 in include/SugarPHPMailer.php
$this->SMTPOptions = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true ) );
Works like a charm....for further reading: https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting#php-56-certificate-verification-failure
Of course...better to add a valid ssl certificate.
Hope it Helps....
Issue
Hello. SuiteCRM can't send emails when TLS is on. I use my own SMTP server. Perhaps that the problem isn't my server config, because I able to send mails with Outlook, Android (default mail app) and iOs (default mail app). When TLS is off all works fine.
Expected Behavior
Send mails when TLS is on.
Actual Behavior
SuiteCRM error. Error:SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting
Mail log using SSL
Mail log using TLS
Mail log using Plain
Possible Fix
If I comment out these lines of code on /etc/postfix/main.cf
smtpd_use_tls = yesssmtpd_tls_auth_only = yesssmtpd_tls_security_level = encryptssmtpd_tls_cert_file = /xx/xxxx/MySuiteCRMDomain_com.crtssmtpd_tls_key_file = /xxx/xx/server.keyssmtpd_tls_CAfile = /xxx/xxx/cacert.pemAll works fineContext
I can´t send emails.
Your Environment