PHPMailer:我是否连接到外部 SMTP?
PHPMailer: Am I connected to external SMPT or not?
我得到了以下由 PHPMailer 输出的日志:
2020-02-03 13:39:00 Connection: opening to some-external.smtp.host:25, timeout=300, options=array()
2020-02-03 13:39:00 Connection: opened
2020-02-03 13:39:00 SERVER -> CLIENT: 220-my-own.domain.com ESMTP Exim 4.92 #2 Mon, 03 Feb 2020 13:39:00 +0000 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
2020-02-03 13:39:00 CLIENT -> SERVER: EHLO url-at-my-own.domain.com
2020-02-03 13:39:00 SERVER -> CLIENT: 250-url-at-my-own.domain.com Hello url-at-my-own.domain.com [31.186.175.24]250-SIZE 52428800250-8BITMIME250-PIPELINING250-AUTH PLAIN LOGIN250-STARTTLS250 HELP
2020-02-03 13:39:00 CLIENT -> SERVER: MAIL FROM:<info@domain.com>
2020-02-03 13:39:00 SERVER -> CLIENT: 250 OK
2020-02-03 13:39:00 CLIENT -> SERVER: RCPT TO:<recipient@hotmail.com>
2020-02-03 13:39:00 SERVER -> CLIENT: 550-Please turn on SMTP Authentication in your mail client. 550-(test.admin.mijnvolksuniversiteit.nl) [31.186.175.24]:50402 is not550 permitted to relay through this server without authentication.
2020-02-03 13:39:00 SMTP ERROR: RCPT TO command failed: 550-Please turn on SMTP Authentication in your mail client. 550-(url-at-my-own.domain.com) [31.186.175.24]:50402 is not550 permitted to relay through this server without authentication.
2020-02-03 13:39:00 CLIENT -> SERVER: QUIT
2020-02-03 13:39:00 SERVER -> CLIENT: 221 url-at-my-own.domain.com closing connection
2020-02-03 13:39:00 Connection: closed
现在,问题是 'obvious',服务器要求我对自己进行身份验证,但这不是这里的问题。重要的是知道我是否真的连接到 'some-external.smtp.host' 或 'my-own.domain.com'.
上的东西
我正在与管理 'some-external.smtp.host' 的外部方打交道,该方声称我不需要进行身份验证,因为 'my-own.domain.com' 服务器 IP 已列入白名单。
他们特别声称我似乎已连接到本地 SMTP 服务器,因为第 3 行 'SERVER -> CLIENT: 220-my-own.domain.com ESMTP Exim' 中包含我自己的域名而不是他们的域名。
我相信,因为第 1 行明确指出与 'some-external.smtp.host' 建立了连接,而第 2 行指出连接已成功打开,所以第 3 行中的 220 消息是外部主机(又名 SERVER)通过名称寻址本地服务器(又名 CLIENT)。
因为我没有对服务器的管理员访问权限,所以我正在寻找方法来找出谁就在这里。我真的希望排除我没有连接到本地的东西,这真的是他们的服务器阻碍了我。
用于启动PHPMailer 的代码如下:
$mail = new PHPMailer(true);
try {
//Server settings
$mail->SMTPDebug = SMTP::DEBUG_CONNECTION;
$mail->isSMTP();
$mail->Host = $this->vu['setting_mailrelay_host'];
if($this->vu['setting_mailrelay_username'] != '' && $this->vu['setting_mailrelay_password'] != '') {
$mail->SMTPAuth = true;
$mail->Username = $this->vu['setting_mailrelay_username'];
$mail->Password = $this->vu['setting_mailrelay_password'];
}
$mail->SMTPSecure = $this->vu['setting_mailrelay_security'];
if($this->vu['setting_mailrelay_security'] == '') {
$mail->SMTPAutoTLS = false;
}
$mail->Port = $this->vu['setting_mailrelay_port'];
//Recipients
$mail->setFrom($this->vu['email'], $this->vu['name']);
$mail->addAddress($email_to, trim($person['last_name']));
$mail->addReplyTo($this->vu['email'], $this->vu['name']);
// Content
$mail->isHTML(true);
$mail->Subject = $subject;
$mail->Body = $mailBody;
$mail->AltBody = $message_plain;
$mail->send();
echo 'Message has been sent';
} catch (Exception $e) {
echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}";
}
我的SMTPAuth是假的,用户名和密码都是空的,因为外部方坚持我不需要验证。
SMTPSecure 为空且 SMTPAutoTLS 为假,因为外部方坚持认为应关闭加密。
更新:
如果我启用 TLS,日志如下:
2020-02-04 13:08:11 Connection: opening to some-external.smtp.host:25, timeout=300, options=array()
2020-02-04 13:08:11 Connection: opened
2020-02-04 13:08:11 SERVER -> CLIENT: 220-my-own.domain.com ESMTP Exim 4.92 #2 Tue, 04 Feb 2020 13:08:11 +0000 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
2020-02-04 13:08:11 CLIENT -> SERVER: EHLO url-at-my-own.domain.com
2020-02-04 13:08:11 SERVER -> CLIENT: 250-my-own.domain.com Hello url-at-my-own.domain.com [31.186.175.24]250-SIZE 52428800250-8BITMIME250-PIPELINING250-AUTH PLAIN LOGIN250-STARTTLS250 HELP
2020-02-04 13:08:11 CLIENT -> SERVER: STARTTLS
2020-02-04 13:08:11 SERVER -> CLIENT: 220 TLS go ahead
2020-02-04 13:08:11 Connection failed. Error #2: stream_socket_enable_crypto(): Peer certificate CN=`my-own.domain.com' did not match expected CN=`some-external.smtp.host' [/home/tstvubo/public_html/vendor/phpmailer/phpmailer/src/SMTP.php line 429]
SMTP Error: Could not connect to SMTP host.
2020-02-04 13:08:11 CLIENT -> SERVER: QUIT
2020-02-04 13:08:12
2020-02-04 13:08:12
2020-02-04 13:08:12 Connection: closed
这会导致服务器抱怨任何一方的证书不匹配,好吧...如果我调整调用 PHP 代码以应用:
$mail->SMTPOptions = ['ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
]
];
结果如下:
2020-02-04 13:12:51 Connection: opening to some-external.smtp.host:25, timeout=300, options=array ( 'ssl' => array ( 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true, ),)
2020-02-04 13:12:51 Connection: opened
2020-02-04 13:12:51 SERVER -> CLIENT: 220-my-own.domain.com ESMTP Exim 4.92 #2 Tue, 04 Feb 2020 13:12:51 +0000 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
2020-02-04 13:12:51 CLIENT -> SERVER: EHLO url-at-my-own.domain.com
2020-02-04 13:12:51 SERVER -> CLIENT: 250-my-own.domain.com Hello url-at-my-own.domain.com [31.186.175.24]250-SIZE 52428800250-8BITMIME250-PIPELINING250-AUTH PLAIN LOGIN250-STARTTLS250 HELP
2020-02-04 13:12:51 CLIENT -> SERVER: STARTTLS
2020-02-04 13:12:51 SERVER -> CLIENT: 220 TLS go ahead
2020-02-04 13:12:51 CLIENT -> SERVER: EHLO url-at-my-own.domain.com
2020-02-04 13:12:51 SERVER -> CLIENT: 250-my-own.domain.com Hello url-at-my-own.domain.com [31.186.175.24]250-SIZE 52428800250-8BITMIME250-PIPELINING250-AUTH PLAIN LOGIN250 HELP
2020-02-04 13:12:51 CLIENT -> SERVER: MAIL FROM:<info@domain.com>
2020-02-04 13:12:52 SERVER -> CLIENT: 250 OK
2020-02-04 13:12:52 CLIENT -> SERVER: RCPT TO:<recipient@hotmail.com>
2020-02-04 13:12:52 SERVER -> CLIENT: 550-Please turn on SMTP Authentication in your mail client. 550-(url-at-my-own.domain.com) [31.186.175.24]:36810 is not550 permitted to relay through this server without authentication.
2020-02-04 13:12:52 SMTP ERROR: RCPT TO command failed: 550-Please turn on SMTP Authentication in your mail client. 550-(url-at-my-own.domain.com) [31.186.175.24]:36810 is not550 permitted to relay through this server without authentication.
2020-02-04 13:12:52 CLIENT -> SERVER: QUIT
2020-02-04 13:12:52 SERVER -> CLIENT: 221 my-own.domain.com closing connection
2020-02-04 13:12:52 Connection: closed
现在它再次要求身份验证。
由此得出以下结论:
我肯定连接到外部 SMTP 服务器。
不管外界怎么说,简单的IP白名单是不行的。
我需要一些身份验证凭据或适当的证书才能与之通信。
判决?
实际阅读错误消息总是一个 非常非常好的主意,尤其是这一点:
Peer certificate CN='my-own.domain.com' did not match expected CN='some-external.smtp.host'
这意味着虽然您可能要求连接到 some-external.smtp.host(因为这是您在 Host 属性 中输入的内容),但您实际上已连接到 my-own.domain.com.
这通常是由于防火墙规则重定向了 SMTP 流量 – 这也意味着 TLS 正在完全它的设计目的并提醒您您的流量实际上受到中间人攻击(通过您自己的防火墙),因此像往常一样禁用证书验证是个坏主意。 the PHPMailer troubleshooting guide.
中涵盖了这个确切的问题
所以他们说的是对的;不是他们这样做的——是您的邮件服务器在请求身份验证,而不是他们的。
我得到了以下由 PHPMailer 输出的日志:
2020-02-03 13:39:00 Connection: opening to some-external.smtp.host:25, timeout=300, options=array()
2020-02-03 13:39:00 Connection: opened
2020-02-03 13:39:00 SERVER -> CLIENT: 220-my-own.domain.com ESMTP Exim 4.92 #2 Mon, 03 Feb 2020 13:39:00 +0000 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
2020-02-03 13:39:00 CLIENT -> SERVER: EHLO url-at-my-own.domain.com
2020-02-03 13:39:00 SERVER -> CLIENT: 250-url-at-my-own.domain.com Hello url-at-my-own.domain.com [31.186.175.24]250-SIZE 52428800250-8BITMIME250-PIPELINING250-AUTH PLAIN LOGIN250-STARTTLS250 HELP
2020-02-03 13:39:00 CLIENT -> SERVER: MAIL FROM:<info@domain.com>
2020-02-03 13:39:00 SERVER -> CLIENT: 250 OK
2020-02-03 13:39:00 CLIENT -> SERVER: RCPT TO:<recipient@hotmail.com>
2020-02-03 13:39:00 SERVER -> CLIENT: 550-Please turn on SMTP Authentication in your mail client. 550-(test.admin.mijnvolksuniversiteit.nl) [31.186.175.24]:50402 is not550 permitted to relay through this server without authentication.
2020-02-03 13:39:00 SMTP ERROR: RCPT TO command failed: 550-Please turn on SMTP Authentication in your mail client. 550-(url-at-my-own.domain.com) [31.186.175.24]:50402 is not550 permitted to relay through this server without authentication.
2020-02-03 13:39:00 CLIENT -> SERVER: QUIT
2020-02-03 13:39:00 SERVER -> CLIENT: 221 url-at-my-own.domain.com closing connection
2020-02-03 13:39:00 Connection: closed
现在,问题是 'obvious',服务器要求我对自己进行身份验证,但这不是这里的问题。重要的是知道我是否真的连接到 'some-external.smtp.host' 或 'my-own.domain.com'.
上的东西我正在与管理 'some-external.smtp.host' 的外部方打交道,该方声称我不需要进行身份验证,因为 'my-own.domain.com' 服务器 IP 已列入白名单。
他们特别声称我似乎已连接到本地 SMTP 服务器,因为第 3 行 'SERVER -> CLIENT: 220-my-own.domain.com ESMTP Exim' 中包含我自己的域名而不是他们的域名。
我相信,因为第 1 行明确指出与 'some-external.smtp.host' 建立了连接,而第 2 行指出连接已成功打开,所以第 3 行中的 220 消息是外部主机(又名 SERVER)通过名称寻址本地服务器(又名 CLIENT)。
因为我没有对服务器的管理员访问权限,所以我正在寻找方法来找出谁就在这里。我真的希望排除我没有连接到本地的东西,这真的是他们的服务器阻碍了我。
用于启动PHPMailer 的代码如下:
$mail = new PHPMailer(true);
try {
//Server settings
$mail->SMTPDebug = SMTP::DEBUG_CONNECTION;
$mail->isSMTP();
$mail->Host = $this->vu['setting_mailrelay_host'];
if($this->vu['setting_mailrelay_username'] != '' && $this->vu['setting_mailrelay_password'] != '') {
$mail->SMTPAuth = true;
$mail->Username = $this->vu['setting_mailrelay_username'];
$mail->Password = $this->vu['setting_mailrelay_password'];
}
$mail->SMTPSecure = $this->vu['setting_mailrelay_security'];
if($this->vu['setting_mailrelay_security'] == '') {
$mail->SMTPAutoTLS = false;
}
$mail->Port = $this->vu['setting_mailrelay_port'];
//Recipients
$mail->setFrom($this->vu['email'], $this->vu['name']);
$mail->addAddress($email_to, trim($person['last_name']));
$mail->addReplyTo($this->vu['email'], $this->vu['name']);
// Content
$mail->isHTML(true);
$mail->Subject = $subject;
$mail->Body = $mailBody;
$mail->AltBody = $message_plain;
$mail->send();
echo 'Message has been sent';
} catch (Exception $e) {
echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}";
}
我的SMTPAuth是假的,用户名和密码都是空的,因为外部方坚持我不需要验证。
SMTPSecure 为空且 SMTPAutoTLS 为假,因为外部方坚持认为应关闭加密。
更新: 如果我启用 TLS,日志如下:
2020-02-04 13:08:11 Connection: opening to some-external.smtp.host:25, timeout=300, options=array()
2020-02-04 13:08:11 Connection: opened
2020-02-04 13:08:11 SERVER -> CLIENT: 220-my-own.domain.com ESMTP Exim 4.92 #2 Tue, 04 Feb 2020 13:08:11 +0000 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
2020-02-04 13:08:11 CLIENT -> SERVER: EHLO url-at-my-own.domain.com
2020-02-04 13:08:11 SERVER -> CLIENT: 250-my-own.domain.com Hello url-at-my-own.domain.com [31.186.175.24]250-SIZE 52428800250-8BITMIME250-PIPELINING250-AUTH PLAIN LOGIN250-STARTTLS250 HELP
2020-02-04 13:08:11 CLIENT -> SERVER: STARTTLS
2020-02-04 13:08:11 SERVER -> CLIENT: 220 TLS go ahead
2020-02-04 13:08:11 Connection failed. Error #2: stream_socket_enable_crypto(): Peer certificate CN=`my-own.domain.com' did not match expected CN=`some-external.smtp.host' [/home/tstvubo/public_html/vendor/phpmailer/phpmailer/src/SMTP.php line 429]
SMTP Error: Could not connect to SMTP host.
2020-02-04 13:08:11 CLIENT -> SERVER: QUIT
2020-02-04 13:08:12
2020-02-04 13:08:12
2020-02-04 13:08:12 Connection: closed
这会导致服务器抱怨任何一方的证书不匹配,好吧...如果我调整调用 PHP 代码以应用:
$mail->SMTPOptions = ['ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
]
];
结果如下:
2020-02-04 13:12:51 Connection: opening to some-external.smtp.host:25, timeout=300, options=array ( 'ssl' => array ( 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true, ),)
2020-02-04 13:12:51 Connection: opened
2020-02-04 13:12:51 SERVER -> CLIENT: 220-my-own.domain.com ESMTP Exim 4.92 #2 Tue, 04 Feb 2020 13:12:51 +0000 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
2020-02-04 13:12:51 CLIENT -> SERVER: EHLO url-at-my-own.domain.com
2020-02-04 13:12:51 SERVER -> CLIENT: 250-my-own.domain.com Hello url-at-my-own.domain.com [31.186.175.24]250-SIZE 52428800250-8BITMIME250-PIPELINING250-AUTH PLAIN LOGIN250-STARTTLS250 HELP
2020-02-04 13:12:51 CLIENT -> SERVER: STARTTLS
2020-02-04 13:12:51 SERVER -> CLIENT: 220 TLS go ahead
2020-02-04 13:12:51 CLIENT -> SERVER: EHLO url-at-my-own.domain.com
2020-02-04 13:12:51 SERVER -> CLIENT: 250-my-own.domain.com Hello url-at-my-own.domain.com [31.186.175.24]250-SIZE 52428800250-8BITMIME250-PIPELINING250-AUTH PLAIN LOGIN250 HELP
2020-02-04 13:12:51 CLIENT -> SERVER: MAIL FROM:<info@domain.com>
2020-02-04 13:12:52 SERVER -> CLIENT: 250 OK
2020-02-04 13:12:52 CLIENT -> SERVER: RCPT TO:<recipient@hotmail.com>
2020-02-04 13:12:52 SERVER -> CLIENT: 550-Please turn on SMTP Authentication in your mail client. 550-(url-at-my-own.domain.com) [31.186.175.24]:36810 is not550 permitted to relay through this server without authentication.
2020-02-04 13:12:52 SMTP ERROR: RCPT TO command failed: 550-Please turn on SMTP Authentication in your mail client. 550-(url-at-my-own.domain.com) [31.186.175.24]:36810 is not550 permitted to relay through this server without authentication.
2020-02-04 13:12:52 CLIENT -> SERVER: QUIT
2020-02-04 13:12:52 SERVER -> CLIENT: 221 my-own.domain.com closing connection
2020-02-04 13:12:52 Connection: closed
现在它再次要求身份验证。
由此得出以下结论:
我肯定连接到外部 SMTP 服务器。
不管外界怎么说,简单的IP白名单是不行的。
我需要一些身份验证凭据或适当的证书才能与之通信。
判决?
实际阅读错误消息总是一个 非常非常好的主意,尤其是这一点:
Peer certificate CN='my-own.domain.com' did not match expected CN='some-external.smtp.host'
这意味着虽然您可能要求连接到 some-external.smtp.host(因为这是您在 Host 属性 中输入的内容),但您实际上已连接到 my-own.domain.com.
这通常是由于防火墙规则重定向了 SMTP 流量 – 这也意味着 TLS 正在完全它的设计目的并提醒您您的流量实际上受到中间人攻击(通过您自己的防火墙),因此像往常一样禁用证书验证是个坏主意。 the PHPMailer troubleshooting guide.
中涵盖了这个确切的问题所以他们说的是对的;不是他们这样做的——是您的邮件服务器在请求身份验证,而不是他们的。