Conflict on socket with PHP mail functions

kkaland · August 24, 2009, 8:39am

Hi! I discovered an interesting bug/incompatibility while testing some PHP scripts and having COMODO SecureEmail installed. Whether I use PHP’s mail() function (which I suppose opens a socket to the mail server) or a PHP class that does the same thing, it seems that when PHP tries to write the open socket it is unable to complete the action and hangs, BUT ONLY IF the email contains a string such as the following:

Content-Type: text/plain;

No one of those characters will cause the hang, but a string like that will do it. If I remove it, then I can send emails fine with CSE installed. However, this is impractical in practice, since I can’t control the content of all the emails my project is sending.

I’m not sure if this is a bug or if there’s a workaround (I tried adding port 25, which I’m sending emails on, to the Comodo Secure Email ports, but no luck). I thought I would report it so it could be investigated further.

Again, I’ll say that this is somehow related to sockets - I got that far in debugging it from the PHP side. I then read that CSE installs itself on the network layer. It makes sense to me then that there’s some kind of conflict. Maybe CSE is intercepting PHP trying to communicate with the SMTP server and mangling or getting confused by the header-like string? Or maybe it’s sending a response to PHP that is unexpected? My SMTP server logs basically say that the client (PHP) closes the connection unexpectedly.

And just to wrap it up, when I uninstalled CSE, mail from PHP resumed working normally. I’d like to be able to re-install it, though, because I was testing it to see if some friends and I could use it to send secure information through email.

Thanks.

bulkaeu · August 25, 2009, 12:45pm

Hi kkaland!

We are looking into this issue now and will respond to you later.

Thanks for your detailed description of the problem it should help a lot in resolving this issue.

Regards, Eugene.

kkaland · August 26, 2009, 3:04am

Thanks for the quick reply. Hopefully, you have some luck in figuring it out. CSE really seems a lot better than the whole OpenPGP setup, which confuses even technical users sometimes. Let me know how it goes…if this can be sorted out, I’ll give it another look.

Sincerely,
kkaland

kkaland · December 4, 2009, 12:24am

Hi guys,

Any luck with this? This product is such a great idea, but it would be good if it would still let my local mail server work properly as well as any scripts that directly access the socket.

I know so many people who could make use of it because they want secure email but don’t want the technical trouble of technologies such as OpenPGP. You should really market this tool more. One of my friends was even telling me that he thinks if someone can demystify secure email, they’d have a good business opportunity.

Let me know if there have been any updates on this issue, and I’d be happy to test again.

Kevin

bulkaeu · December 7, 2009, 2:35pm

Hi,

This issue is not fixed yet.
We are going to release Comodo SecureEmail (CSE) with Plug-in Mode which allows application to work with Microsoft Outlook only and don’t intercept other’s applications traffic (only in this mode).

I’ll post here as soon as this issue will be resolved.

Regards, Eugene.

martin.lawrence · February 12, 2010, 9:15am

Hi all,

I installed PEAR yesterday and I think that went ok although although there is only 1 reference to pear in phpinfo which is

include_path has a local value of .;c:\www\php\pear

I have downloaded the mail package and I have it under the site root

php root (dir)

PEAR (dir)

    Mail.php
    Mail (dir)

        mail.php
        null.php
        RFC822.php
        sendmail.php
        smtp.php

Is this the correct setup? When I run the example script

PHP Code:
require_once “Mail.php”;

$from = “John Evansjohn.evans@forcesresources.co.uk”;
$to = “John Evansjohn.evans@forcesresources.co.uk”;
$subject = “Hi!”;
$body = “Hi,\n\nHow are you?”;

$host = “auth.smtp.1and1.co.uk”;
$username = “john.evans:forcesresources.co.uk”;
$password = “********”;

$headers = array (‘From’ => $from,
‘To’ => $to,
‘Subject’ => $subject);
$smtp = Mail::factory(‘smtp’,
array (‘host’ => $host,
‘auth’ => true,
‘username’ => $username,
‘password’ => $password));

$mail = $smtp->send($to, $headers, $body);

if (PEAR::isError($mail)) {
echo(“

” . $mail->getMessage() . “

”);
} else {
echo(“

Message successfully sent!

”);
}
I get the following
HTML Code:

Strict Standards: Assigning the return value of new by reference is deprecated in C:\www\php\PEAR\Mail.php on line 154

Strict Standards: Non-static method Mail::factory() should not be called statically in C:\www\website\admin\test.php on line 20

Warning: include_once(Net/SMTP.php) [function.include-once]: failed to open stream: No such file or directory in C:\www\php\PEAR\Mail\smtp.php on line 206

Warning: include_once() [function.include]: Failed opening ‘Net/SMTP.php’ for inclusion (include_path=‘.;c:\www\php\pear’) in C:\www\php\PEAR\Mail\smtp.php on line 206

Fatal error: Class ‘Net_SMTP’ not found in C:\www\php\PEAR\Mail\smtp.php on line 210

Any help much appreciated as I am desperate to get this problem sorted. O0

kkaland · May 28, 2010, 6:27am

Hi to the Comodo guys,

It’s been forever since I checked this thread, but I was just wondering if any progress was made in terms of applications like PHP sending mail? Or if that plug-in mode was released…is there one that works with Thunderbird? Not all of my friends use Outlook.

Thanks,
Kevin

salvatoreg · May 30, 2010, 10:14pm

I’m not sure I understand why you have CSE installed on a server. Is it to gain access to CSE’s one-time use certificate?

kkaland · May 31, 2010, 5:09pm

Hi Sal,

That’s a fair question. I’m a Web Developer, so I run a local testing setup for my projects. Many of the people to whom I’d be recommending CSE also have local Web Server setups. I think it’s a reasonably common scenario and that it shouldn’t exclude one from the benefit of secure mail.

I hope that helps,
Kevin

salvatoreg · June 1, 2010, 3:53am

Not quite a reasonably scenario. CSE at this time is designed for the desktop/end-user, not so much server setups. What benefit are you looking for in having CSE installed? What feature set does CSE give you vs that say PHP’s OpenSSL functions do not?

kkaland · June 5, 2010, 6:49am

This is a laptop. I’m just a Web Developer. With software like WampServer, XAMPP, and Apache Triad out there, it’s more and more common to be running PHP on the local box. Anyway, I don’t want PHP to send secure mail really…just to send it.

I just want it to not fail because of CSE. Does CSE perhaps provide a “non-secure” port that could relay without doing anything fancy to the usual SMTP port? I guess I could just run the SMTP server on a port that CSE isn’t using. Maybe that’d work.

I think I’ve probably actually worked out a viable solution now though. Since I only need my local mail server to route mail locally (for testing emails in projects I work on), I can just change the port it uses and then CSE should leave me alone. I’ll give it a try soon and see. If it works it’ll be fine. Not many people have local mail server setups anyway…