Post by straightlight » Thu Nov 19, 2020 7:58 pm

Based on your screenshot, you did not fully followed my instructions above.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ADD Creative » Thu Nov 19, 2020 10:01 pm

jenal5584 wrote:
Thu Nov 19, 2020 9:40 am
I test using forgot password url. Using mail protocol no issue. Just smtp got issue.
Image
That looks fine ssl:// on port 465 is correct. You could also use tls:// on port 587.

Does your email in System -> Settings -> Store (tab) -> E-mail match System -> Settings -> Mail (tab) -> SMTP Username?

What form are you sending from? Register, order, contact, etc.?

If it's the contact form there is a bug in that it will uses the customer's email address as the from address. Which of cause is wrong and could generate your error as it won't match the SMTP Username.

You could try the fix here.
https://github.com/opencart/opencart/co ... 2f7903601e

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by straightlight » Thu Nov 19, 2020 10:22 pm

ADD Creative wrote:
Thu Nov 19, 2020 10:01 pm
jenal5584 wrote:
Thu Nov 19, 2020 9:40 am
I test using forgot password url. Using mail protocol no issue. Just smtp got issue.
Image
That looks fine ssl:// on port 465 is correct. You could also use tls:// on port 587.

Does your email in System -> Settings -> Store (tab) -> E-mail match System -> Settings -> Mail (tab) -> SMTP Username?

What form are you sending from? Register, order, contact, etc.?

If it's the contact form there is a bug in that it will uses the customer's email address as the from address. Which of cause is wrong and could generate your error as it won't match the SMTP Username.

You could try the fix here.
https://github.com/opencart/opencart/co ... 2f7903601e
Aside from the contact page issue, not suggested to use mixed solutions. ISPs can restrict one of the use at times as ports needs to be used respectively.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ADD Creative » Fri Nov 20, 2020 1:10 am

I'm not suggesting a mixed solution. I merely informed that tls:// on port 587 could be used instead of ssl:// on port 465.

It was yourself who suggested a mixed solution that is unlikely to work.
straightlight wrote:
Wed Nov 18, 2020 9:26 pm
Your OC mail form settings are misconfigured. Ensure to follow your host's settings in your cPanel > Email > Your Email > Settings left-bottom corner page (SSL). The hostname must begin with: ssl:// in the hostname text box of the OC mail form settings. Port number: 587 .

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by straightlight » Fri Nov 20, 2020 1:28 am

ADD Creative wrote:
Fri Nov 20, 2020 1:10 am
I'm not suggesting a mixed solution. I merely informed that tls:// on port 587 could be used instead of ssl:// on port 465.

It was yourself who suggested a mixed solution that is unlikely to work.
straightlight wrote:
Wed Nov 18, 2020 9:26 pm
Your OC mail form settings are misconfigured. Ensure to follow your host's settings in your cPanel > Email > Your Email > Settings left-bottom corner page (SSL). The hostname must begin with: ssl:// in the hostname text box of the OC mail form settings. Port number: 587 .
There are hosts that won't allow 465 with SSL as mentioned earlier. 587 is for SSL, TLS is 465.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ADD Creative » Fri Nov 20, 2020 3:43 am

You seem to have thing a little mixed up. Port 465 in for implicit encryption (SMTPS) which could be TLS or in the past SSL. Port 587 is for opportunistic encryption with TLS using the STARTTLS command. The difference between them is not SSL or TLS, it's how the encryption is established. If you do a web search there are lots of articles that will explain this in more details.

You then also need to look at the OpenCart and PHP source code to understand what the ssl:// and tls:// SMTP hostname prefixes actually do.

Firstly the ssl:// prefix will be passed directly to the PHP fsockopen function. The will make PHP use implicit encryption. That should be TLS, but could also be SSL if an old version of PHP was used and an out of date SMTP server. If you look at the PHP source code since PHP 7.2 only TLS will be used for the ssl:// prefix, SSL isn't used at all. See: https://github.com/php/php-src/commit/b ... b9a20fa3dc

For the tls:// prefix. This is striped by OpenCart before passing the hostname to PHP fsockopen function. This means the connection is made with no encryption initially. See: https://github.com/opencart/opencart/bl ... hp#L81-L87 However, later on OpenCart will issue the STARTTLS and call the PHP stream_socket_enable_crypto function to turn on encryption.
https://github.com/opencart/opencart/bl ... #L123-L140

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by straightlight » Fri Nov 20, 2020 3:49 am

However, later on OpenCart will issue the STARTTLS and call the PHP stream_socket_enable_crypto function to turn on encryption.
Exactly, which is why port 587 is suggested to be used rather than port 465 because on port 465, the crypto library requirements won't be imposed during the process.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ADD Creative » Fri Nov 20, 2020 5:04 am

Yes port 587, but you need to use the tls:// prefix for OpenCart to issue the STARTTLS and call the PHP stream_socket_enable_crypto function. You suggested using the ssl:// prefix on port 587.
straightlight wrote:
Wed Nov 18, 2020 9:26 pm
Your OC mail form settings are misconfigured. Ensure to follow your host's settings in your cPanel > Email > Your Email > Settings left-bottom corner page (SSL). The hostname must begin with: ssl:// in the hostname text box of the OC mail form settings. Port number: 587 .

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by straightlight » Fri Nov 20, 2020 6:09 am

ADD Creative wrote:
Fri Nov 20, 2020 5:04 am
Yes port 587, but you need to use the tls:// prefix for OpenCart to issue the STARTTLS and call the PHP stream_socket_enable_crypto function. You suggested using the ssl:// prefix on port 587.
straightlight wrote:
Wed Nov 18, 2020 9:26 pm
Your OC mail form settings are misconfigured. Ensure to follow your host's settings in your cPanel > Email > Your Email > Settings left-bottom corner page (SSL). The hostname must begin with: ssl:// in the hostname text box of the OC mail form settings. Port number: 587 .
That's right because some hosts still requires the use of SSL instead of TLS with port 587 on their hostnames with OC. It's not universal, it's still server-specifics.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ADD Creative » Fri Nov 20, 2020 6:59 am

I would avoid any host that required that configuration as it would be very non-standard.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by straightlight » Fri Nov 20, 2020 7:00 am

ADD Creative wrote:
Fri Nov 20, 2020 6:59 am
I would avoid any host that required that configuration as it would be very non-standard.
Nothing wrong using SSL with port 587.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ADD Creative » Fri Nov 20, 2020 8:35 pm

Except it's 2020, no one should be SSL for any thing. SSL was deprecated in 2015!

Unless you are talking about the ssl:// prefix. Which will mean implicit TLS, then the default port for that is 465. You'll find it hard to find a host that will accept implicit TLS on port 587.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by straightlight » Fri Nov 20, 2020 8:47 pm

ADD Creative wrote:
Fri Nov 20, 2020 8:35 pm
Except it's 2020, no one should be SSL for any thing. SSL was deprecated in 2015!

Unless you are talking about the ssl:// prefix. Which will mean implicit TLS, then the default port for that is 465. You'll find it hard to find a host that will accept implicit TLS on port 587.
According to this article, however, it does look like the best option to do so; implicit TLS on port 587: https://stackoverflow.com/questions/157 ... 7/49771524 . Otherwise, as it mentions, only use port 465 if we have too with TLS. Otherwise, it's port 587 still with TLS it seem.

If others do find this post, please ensure to follow those criteria which implicit as well the IETF compliance with the corresponding RFCs.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ADD Creative » Fri Nov 20, 2020 9:17 pm

straightlight wrote:
Fri Nov 20, 2020 8:47 pm
According to this article, however, it does look like the best option to do so; implicit TLS on port 587: https://stackoverflow.com/questions/157 ... 7/49771524 . Otherwise, as it mentions, only use port 465 if we have too with TLS. Otherwise, it's port 587 still with TLS it seem.

If others do find this post, please ensure to follow those criteria which implicit as well the IETF compliance with the corresponding RFCs.
You need to read that article you posted again. It says the opposite to what you are saying. It says only use implicit SSL/TLS encryption on port 465, not 587. And to connect without encryption on port 587, but use STARTTLS to switch encryption on. Which is exactly what I have been trying to explain to you.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by straightlight » Fri Nov 20, 2020 9:20 pm

ADD Creative wrote:
Fri Nov 20, 2020 9:17 pm
straightlight wrote:
Fri Nov 20, 2020 8:47 pm
According to this article, however, it does look like the best option to do so; implicit TLS on port 587: https://stackoverflow.com/questions/157 ... 7/49771524 . Otherwise, as it mentions, only use port 465 if we have too with TLS. Otherwise, it's port 587 still with TLS it seem.

If others do find this post, please ensure to follow those criteria which implicit as well the IETF compliance with the corresponding RFCs.
You need to read that article you posted again. It says the opposite to what you are saying. It says only use implicit SSL/TLS encryption on port 465, not 587. And to connect without encryption on port 587, but use STARTTLS to switch encryption on. Which is exactly what I have been trying to explain to you.
He is correct. Just because ISPs abuse it and haven't updated their documentation does not make it incorrect. He didn't say it isn't used - just that it is not a practice that follows the RFCs. In other words, you should be using 25 and 587 with email, and only use 465 if you HAVE to, for some reason
This is the part I was referring too.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ADD Creative » Fri Nov 20, 2020 10:27 pm

straightlight wrote:
Fri Nov 20, 2020 9:20 pm
He is correct. Just because ISPs abuse it and haven't updated their documentation does not make it incorrect. He didn't say it isn't used - just that it is not a practice that follows the RFCs. In other words, you should be using 25 and 587 with email, and only use 465 if you HAVE to, for some reason
This is the part I was referring too.
That part just referrers to a suggested port. It doesn't tell you whether to use implicit SSL/TLS encryption or STARTTLS on which port. The statement is also a little out of date, with the RFCs updated in 2018 to recommend implicit TLS on port 465.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by straightlight » Fri Nov 20, 2020 10:35 pm

ADD Creative wrote:
Fri Nov 20, 2020 10:27 pm
straightlight wrote:
Fri Nov 20, 2020 9:20 pm
He is correct. Just because ISPs abuse it and haven't updated their documentation does not make it incorrect. He didn't say it isn't used - just that it is not a practice that follows the RFCs. In other words, you should be using 25 and 587 with email, and only use 465 if you HAVE to, for some reason
This is the part I was referring too.
That part just referrers to a suggested port. It doesn't tell you whether to use implicit SSL/TLS encryption or STARTTLS on which port. The statement is also a little out of date, with the RFCs updated in 2018 to recommend implicit TLS on port 465.
According to the 3-3 part, both STARTTLS are addressed to implement:
As a result, clients and servers SHOULD implement both STARTTLS on
port 587 and Implicit TLS on port 465 for this transition period.
Note that there is no significant difference between the security
properties of STARTTLS on port 587 and Implicit TLS on port 465 if
the implementations are correct and if both the client and the server
are configured to require successful negotiation of TLS prior to
Message Submission
.
Which means, if the implementation needs to be correct on both ends, it is still about server-specifics where ISPs must properly follow these terms. However, it also means more testing during troubleshooting to ensure that STARTTLS does respond on both ports...

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ADD Creative » Fri Nov 20, 2020 11:04 pm

straightlight wrote:
Fri Nov 20, 2020 10:35 pm
According to the 3-3 part, both STARTTLS are addressed to implement:
As a result, clients and servers SHOULD implement both STARTTLS on
port 587 and Implicit TLS on port 465 for this transition period.
Note that there is no significant difference between the security
properties of STARTTLS on port 587 and Implicit TLS on port 465 if
the implementations are correct and if both the client and the server
are configured to require successful negotiation of TLS prior to
Message Submission.
Which means, if the implementation needs to be correct on both ends, it is still about server-specifics where ISPs must properly follow these terms. However, it also means more testing during troubleshooting to ensure that STARTTLS does respond on both ports...
That quoted text is what I have been saying. However, you are reading it slightly wrong, Nowhere does it say that STARTTLS should be on both ports. TLS will already be established on connection to port 465 so there is no need for the start STARTTLS command.

At least you agree that you two previous statements were wrong.
straightlight wrote:
Fri Nov 20, 2020 8:47 pm
According to this article, however, it does look like the best option to do so; implicit TLS on port 587: https://stackoverflow.com/questions/157 ... 7/49771524 . Otherwise, as it mentions, only use port 465 if we have too with TLS. Otherwise, it's port 587 still with TLS it seem.
straightlight wrote:
Fri Nov 20, 2020 6:09 am
That's right because some hosts still requires the use of SSL instead of TLS with port 587 on their hostnames with OC. It's not universal, it's still server-specifics.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by straightlight » Fri Nov 20, 2020 11:06 pm

At least you agree that you two previous statements were wrong.
Nowhere to be said that my two previous statements were wrong. However, it seem in this scenario that both ports requires STARTTLS implementation instead of one.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ADD Creative » Sat Nov 21, 2020 2:32 am

straightlight wrote:
Fri Nov 20, 2020 11:06 pm
Nowhere to be said that my two previous statements were wrong. However, it seem in this scenario that both ports requires STARTTLS implementation instead of one.
Even you posted information the that your two previous statements were wrong. You posted this.
straightlight wrote:
Fri Nov 20, 2020 10:35 pm
According to the 3-3 part, both STARTTLS are addressed to implement:
As a result, clients and servers SHOULD implement both STARTTLS on
port 587 and Implicit TLS on port 465 for this transition period.
Note that there is no significant difference between the security
properties of STARTTLS on port 587 and Implicit TLS on port 465 if
the implementations are correct and if both the client and the server
are configured to require successful negotiation of TLS prior to
Message Submission.
Which says Which says STARTTLS should be on port 587 and Implicit TLS should be on port 465 (you can't implement both STARTTLS and Implicit TLS on the same port). This contradicts this statement.
straightlight wrote:
Fri Nov 20, 2020 8:47 pm
According to this article, however, it does look like the best option to do so; implicit TLS on port 587: https://stackoverflow.com/questions/157 ... 7/49771524 . Otherwise, as it mentions, only use port 465 if we have too with TLS. Otherwise, it's port 587 still with TLS it seem.
And this statement.
straightlight wrote:
Fri Nov 20, 2020 6:09 am
That's right because some hosts still requires the use of SSL instead of TLS with port 587 on their hostnames with OC. It's not universal, it's still server-specifics.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom
Who is online

Users browsing this forum: No registered users and 50 guests