Group inbound emails not working in 7.14; sending XOAUTH2 instead of basic auth!

I have been trying to upgrade to 7.14.3 from 7.13.3. After the upgrade, I am having an issue with Inbound emails.

My email server is hmailserver. Emails work fine in 7.13.3. However, after switching to 7.14.3 and PHP 8.1, Inbound emails stop working. The mail server log shows these errors:

“IMAPD” “RECEIVED: A0002 AUTHENTICATE XOAUTH2 **********=”
“IMAPD” “SENT: A0002 NO Unsupported authentication mechanism.”

So, it appears that something in SuiteCRM 7.14.3 or PHP 8.1 is sending "XOAUTH2 ", which is not being recognized by the mail server and emails are failing.

In the group inbound email settings, the “Auth type” is set to “Basic Auth” and not “OAuth”. So why is SuiteCRM email is still trying to use XOAUTH2 to authenticate with my mail server?

Has anybody else encountered this or similar issue? Is there any fix to make SuiteCRM use the basic auth method that worked in 7.13 and not send the newer XOAUTH2?

I’m currently using basic Auth for a group email account on 7.14.2 and it works fine. I don’t remember that being an issue on 7.13, but you might want to try upgrading.

I got that issue after upgrading. Not sure what you mean by “but you might want to try upgrading”

Is “Use SSL” checkbox enabled in your setup?

Not sure if you saw the mail logs, but SuiteCRM is sending XOAUTH2 for basic auth; which seems incorrect.

Ah sorry, I misread that you upgraded to 7.13. I can confirm there are no issues with 7.14.2 and basic auth on group accounts. I’ve been using it for a while now without issues. There could be something else going on.

Glad to hear it’s working for you. It’s not for me. I tried both upgrade and fresh installation.

It is evident from the logs that the 7.14 version is sending XOAUTH2 even when basic auth is selected. It is possible that your mail server is smarter/modern, and may be able to handle XOAUTH2.

The main issue is why is SuiteCRM sending XOAUTH2 even when Basic Auth is set.

I am seeking some expert who may have possibly written the new email code to shed some light on how/what to change to ensure basic auth is sent and not XOAUTH2. In my opinion this is a bug.

I’m just using regular Cpanel email as a group account, I have a few actually and all working with basic auth. Yes I have Use SSL enabled. Here’s my setup. SSL is checked but there’s a but where it doesn’t appear checked.

Thanks for sharing. Appreciate it. However, you probably don’t have access to the mail server logs that would show the authentication command sent. I have access to the mailsever, and after I enabled logging, I saw those XOAUTH2 messages coming in from SuiteCRM even when basic auth was selected.

Do you know what your backend email server is?

I route my email through WHM/Cpanel it eventually ends up though Godaddy on their secureserver.net.

If there is something specific I can check to help you let me know.

Thanks. Not sure what more/other info I can provide. The 7.14 version has issues with my email server. It is using oauth even the option is checked not to do so (I have shared the log in earlier post).

Whoever made the changes to 7.14 email/imap module, decided that all email servers support oauth and broke all instances that have non-oauth.

Since I can’t change my email server, time to look for another CRM.

I don’t think that’s the case, my server does not support Oauth, it’s smiple user/password for IMAP and it works fine for me for group emails on 7.14

I would double check in your DB that the setting for that inbound email account is simple auth. Could be a frontend/backend thing because if it was forcing Oauth for all connections my email would cease to work.

I have deleted the previous inbound email and re-added it. Still the same issue. I have created two instances with the same database. One is 7.13 and another is a local fresh 7.14.

Adding the same inbound email and clicking on test connection shows the following in email server logs:

7.13:
“DEBUG” 2188 “2024-02-14 11:13:32.147” “TCP connection started for session 86715”
“DEBUG” 2188 “2024-02-14 11:13:32.147” “Performing SSL/TLS handshake for session 86715. Verify certificate: False”
“IMAPD” 11604 86715 “2024-02-14 11:13:32.172” “" “SENT: * OK IMAPrev1”
“IMAPD” 2188 86715 “2024-02-14 11:13:32.172” "
” “RECEIVED: 00000000 CAPABILITY”
“IMAPD” 2188 86715 “2024-02-14 11:13:32.172” “" “SENT: * CAPABILITY IMAP4 IMAP4rev1 CHILDREN IDLE QUOTA SORT ACL NAMESPACE RIGHTS=texk[nl]00000000 OK CAPABILITY completed”
“IMAPD” 11604 86715 “2024-02-14 11:13:32.172” "
” “RECEIVED: 00000001 LOGIN @.com "
“IMAPD” 11604 86715 “2024-02-14 11:13:32.172” "
” “SENT: 00000001 OK LOGIN completed”
image

7.14
“DEBUG” 2188 “2024-02-14 11:15:58.554” “Creating session 86725”
“DEBUG” 2188 “2024-02-14 11:15:58.570” “TCP connection started for session 86716”
“DEBUG” 2188 “2024-02-14 11:15:58.570” “Performing SSL/TLS handshake for session 86716. Verify certificate: False”
“IMAPD” 11156 86716 “2024-02-14 11:15:58.681” “" “SENT: * OK IMAPrev1”
“IMAPD” 13516 86716 “2024-02-14 11:15:58.760” "
” “RECEIVED: A0001 CAPABILITY”
“IMAPD” 13516 86716 “2024-02-14 11:15:58.760” “" “SENT: * CAPABILITY IMAP4 IMAP4rev1 CHILDREN IDLE QUOTA SORT ACL NAMESPACE RIGHTS=texk[nl]A0001 OK CAPABILITY completed”
“IMAPD” 11604 86716 “2024-02-14 11:15:58.792” "
” “RECEIVED: A0002 AUTHENTICATE XOAUTH2 dXNlcj1haW1yYW5AYmluZmVyLmNvbQFhdXRoPUJlYXJlciBAbeaMush36B/d/yeIXM0MAQE=”
“IMAPD” 11604 86716 “2024-02-14 11:15:58.792” “***” “SENT: A0002 NO Unsupported authentication mechanism.”
“DEBUG” 11156 “2024-02-14 11:15:58.808” “The read operation failed. Bytes transferred: 0 Remote IP: ***, Session: 86716, Code: 2, Message: End of file”
“DEBUG” 11156 “2024-02-14 11:15:58.808” “Ending session 86716”
image

As, you can clearly see that 7.14 email/imap logic is doing something completely different. The key is in these logs:
7.13: RECEIVED: 00000001 LOGIN @.com ***"
7.14: RECEIVED: A0002 AUTHENTICATE XOAUTH2

The fact that it is working for you does not help me. I have shown you factual data on what is going on in the backend, while you are speculating on what may be happening. :slight_smile:

Perhaps you can replicate this issue by setting up the latest 7.14.3 locally and try setting up the Inbound group email with the GoDaddy IMAP server. I will be curious if that works for you.

Are you pressing the test button? Don’t press the test button. If you can select the folders. you’re connected and it works. I seem to remember there a bug with the button not the connection. I just added a new email account using basic auth through Godaddy (No Oauth supported) and it works. See below…

Thanks for all your help. The folder option is not working for me. That too sends the XOAUTH2 to the server.

Is the example you shared from a local fresh 7.14.3 installation? If not, then do not have the same environment and are not testing the same thing.

Btw, my PHP version is 8.1.26.

Hi Binfer,

I have the exact same problem with version 8.7.1 (current) and opened an GitHub issue here:

Did you find out how to solve the problem? I’d love to know.

Kind regards
Anders

I’ve found out that the problem is the IMAP server I’m connecting to is not advertising AUTH=PLAIN when PHP imap_open() is sending the CAPABILITY command:

me@laptop:~$ telnet imap.server.com 143
Trying 1111:111:fff1:11::1...
Connected to imap.server.com.
Escape character is '^]'.
* OK [CAPABILITY IMAP4 IMAP4rev1 STARTTLS UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION] perdition ready on fd00:dead:beef:1234::15 00011e1d
A0001 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 STARTTLS UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION
A0001 OK CAPABILITY

When simulating the connection from SuiteCRM (PHP8.2) using ‘nc -l 143’ and modifying the above CAPABILITY response inserting AUTH=PLAIN, then SuiteCRM (php imap_open) correctly sends the LOGIN command.

So it is aparently not a SuiteCRM problem. My apologies.

However, if anyone knows how to circumvent the problem, I’d love to know.