Inbound Email Errors with Exchange IMAP

ceopx · 20 March 2020 01:55

Version 7.11.12
Sugar Version 6.5.25 (Build 344)

Outbound email works fine with Exchange SMTP, but the IMAP on inbound is failing. I keep getting the following error emailed to me by cron every minute.

PHP Notice: Unknown: Kerberos error: No Kerberos credentials available (default cache: KEYRING:persistent:10002) (try running kinit) for [199.193.205.202] (errflg=1) in Unknown on line 0

PHP Notice: Unknown: [BADCHARSET (US-ASCII)] The specified charset is not supported. (errflg=2) in Unknown on line 0

I’ve created and tested the account in a client and it works fine. SuiteCRM isn’t choosing the right authentication method for Exchange. Any ideas on fixing this?

pgr · 20 March 2020 17:02

Are you the same person that posted this Issue?

Just to keep track of things

ceopx · 21 March 2020 00:30

Yup! I’ll change my UID to match for future clarity!

ceopx · 23 March 2020 07:11

After wasting hours on this bug I’ve come to the conclusion what the problem is and proper resolution.

PHP-IMAP + MS Exchange = Connection issues.

Solution 1 - Recompile PHP-IMAP without Kerberos support. Difficult and might break other apps on the server.

Solution 2 - Need a way to modify the IMAP authentication / checking code in InboundMail.php to force PLAIN authentication on MS Exchange servers and ignore GSSAPI if advertised.

I want CRON emails to know if something is not functioning, but if I turn this on I get an email every minute when mail is checked.

I tried reading through the PHP to find the code that reports the error and comment it out, but I wasn’t able to figure it out.

I’d highly recommend making sure that email works flawless with Google, MS Exchange, and Standard Linux Mail Servers. That would cover 99% of the world.

ceopx · 23 March 2020 07:45

I found a solution just before giving up. I know this isn’t right, but it worked, the constant CRON emails stopped on every check, Inbound Mail check works.

Changed this:

    protected function getImapConnection($mailbox, $username, $password, $options = 0)
{
    $connection = null;
    $authenticators = ['', 'GSSAPI', 'NTLM'];

    while (!$connection && ($authenticator = array_shift($authenticators)) !== null) {
        if ($authenticator) {
            $params = [
                'DISABLE_AUTHENTICATOR' => $authenticator,
            ];
        } else {
            $params = [];
        }

        $connection = $this->getImap()->open($mailbox, $username, $password, $options, 0, $params);
    }

    return $connection;
}

To this:

    protected function getImapConnection($mailbox, $username, $password, $options = 0)
{
    $connection = null;
    $authenticators = ['', 'GSSAPI', 'NTLM'];

    while (!$connection && ($authenticator = array_shift($authenticators)) !== null) {
        if ($authenticator) {
            $params = [
                'DISABLE_AUTHENTICATOR' => 'GSSAPI', 'NTLM',
            ];
        } else {
            $params = ['DISABLE_AUTHENTICATOR' => 'GSSAPI', 'NTLM'];
        }

        $connection = $this->getImap()->open($mailbox, $username, $password, $options, 0, $params);
    }

    return $connection;
}

pgr · 23 March 2020 14:06

I am glad you got it working.

This information could be useful, can you post it as a comment on the github issue?

It isn’t a proper solution, but it might help to achieve one. Thanks

ceopx · 23 March 2020 21:29

Sure, no problem. I have posted it to GitHub. Thanks!