4

So, I have a generic/application/system account (terminology varies) which has access to multiple mailboxes. The username I use is in the format <domain>/<username>/<mailbox> and this is the only "out of the ordinary" thing. The following line works on PHP 7.0.6 (my laptop) but not on 5.4.16 (dev server):

$mbox = imap_open("<host>:993/ssl/novalidate-cert", 
               "<domain>/<username>/<mailbox>", <pass>,
               NULL, array('DISABLE_AUTHENTICATOR' => 'GSSAPI'));

The error I get is:

PHP Notice: Unknown: Can not authenticate to IMAP server: AUTHENTICATE failed. (errflg=2) in Unknown on line 0

What I have tried:

  • The mailboxes' original account (username in <domain>/<user> format) which works
  • Using /debug in $mailbox and OP_DEBUG flag - non of which did anything useful
  • Debugging messages to the server using python. This verifies that the username is sent as three-segment string and also works
  • Removing the 3rd segment (mailbox) thinking I can select it later - leads to authentication failure in both cases/versions

Questions:

  1. Is this a PHP bug?
  2. Is there any other way to do this? (I cannot change PHP version)
  3. Can I somehow enable message logging? (no root so no tcpdump option)
Machavity
  • 30,841
  • 27
  • 92
  • 100
urban
  • 5,392
  • 3
  • 19
  • 45
  • Hi, do you trying to connect to Gmail or it happens to all domains? I found something about that this trying to set flag for two times (http://php.net/manual/en/function.imap-open.php search `errflg=2` in this page, there is post) and one more point- you are sending a flag about SSL and then another one about that you dont care about cert (novalidate-cert)? Did you try to remove `/ssl`? I think it could be problem what you are getting. Let me know if you try to remove `/ssl` :) – Hrabosch Jun 28 '16 at 09:30
  • Hi @Hrabosch. I am connecting to MS exchange server (not sure about the version but I can find out). Removing `/ssl` makes it hang (no response, no login, no error). I also tried to use port `143`(without ssl) instead of `993` which results in the same error message. I would assume that excludes SSL issues... Do you know of any ways to debug this and see the IMAP messages? – urban Jun 28 '16 at 09:40
  • So, I will try few points what i know describe in answer, wait for it :) – Hrabosch Jun 28 '16 at 10:33
  • `$mbox = imap_open("{:993/ssl/novalidate-cert/}", "/", , NULL, array('DISABLE_AUTHENTICATOR' => 'GSSAPI'));` – Wolfeh Jul 05 '16 at 08:39
  • @Wolfeh Hey, I do use `{}` around the host part but because the account can access multiple "mailboxes"/accounts (not folders, each mailbox has "INBOX" so I have 3+ folders with that name) I have to add the mailbox to the end of the username. That does work with php7 and python... – urban Jul 05 '16 at 09:00

1 Answers1

1

In my opinion, you can try to do something like this:

$mbox = imap_open("<host>:993/ssl/novalidate-cert", 
               "<domain>/<username>/<mailbox>", <pass>,
               NULL, array('DISABLE_AUTHENTICATOR' => 'GSSAPI')) or 
                   die(var_dump(imap_errors()));

You should be able to see more errors. Next, what you can try is switch to PLAIN instead of GSSAPI and maybe try to set n_retries to 1 and last think, add flag about IMAP.

$mbox = imap_open("<host>:993/imap/ssl/novalidate-cert", 
                   "<domain>/<username>/<mailbox>", <pass>,
                   NULL,  1, array('DISABLE_AUTHENTICATOR' => 'PLAIN')) or 
                       die(var_dump(imap_errors()));

I think there is problem with Exchange which dont allow authentication protocols that it does not support. If you are running it on win and it works and your dev environment is on Linux, I almost sure that this is that problem.

Hrabosch
  • 1,541
  • 8
  • 12
  • Hey, checked all those... no luck :( Note that I am using the `PLAIN` auth since the flag is disabling the `GSSAPI`. The last if enabled leads to a warning about kerberos (which is common). `/imap` does not change anything it seems... – urban Jun 28 '16 at 15:31
  • And var_dump? Does it show something more? And what about to try disable all? :D GSSAPI,NTLM and PLAIN. Did you try to disable all? And did you try NTLM? – Hrabosch Jun 28 '16 at 19:21
  • Did try all combinations. I have used [fMailbox](http://flourishlib.com/api/fMailbox) with the same credentials and all worked! Iam 99% sure that this is a bug in the php version I am using. Unfortunately, I cannot change it... – urban Jun 29 '16 at 09:34
  • And what about that if you have blocked port in firewall? Are you able to connect to dev environment and try to `telnet imap.domain.com 993`, plese fill correct domain. If not, then there is problem in firewall! – Hrabosch Jun 29 '16 at 10:17
  • Hey @Hrabosch, checked connectivity and verified it is OK... I will post here if I manage to solve this but since the bounty expires I give it to you for your time and effort :) – urban Jul 05 '16 at 09:03
  • Thank you :) But try to check firewall there, because it looks like network problem. – Hrabosch Jul 05 '16 at 10:24