[ZBXNEXT-679] SMTP authentication support Created: 2007 Sep 01 Updated: 2016 Jun 02 Resolved: 2015 Oct 23 |
|
Status: | Closed |
Project: | ZABBIX FEATURE REQUESTS |
Component/s: | Documentation (D), Frontend (F), Server (S) |
Affects Version/s: | None |
Fix Version/s: | 2.5.0 |
Type: | New Feature Request | Priority: | Major |
Reporter: | Alexei Vladishev | Assignee: | Unassigned |
Resolution: | Fixed | Votes: | 23 |
Labels: | authentication, notifications, smtp | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Issue Links: |
|
Description |
Implement SMTP authentication. http://www.zabbix.com/forum/showthread.php?t=1323 Specification: https://www.zabbix.org/wiki/Docs/specs/ZBXNEXT-679 |
Comments |
Comment by Lukasz Urbaniak [ 2012 Aug 15 ] |
Can we have this implemented? It will help us a lot |
Comment by Raymond Kuiper [ 2012 Oct 15 ] |
This will probably also need some changes in the frontend, not just server. (username/password field) NONE/STARTTLS/SSL options and ports should be available. I'd also like to see a "verify/do not verify certificate" radiobutton. |
Comment by Maxim Krušina [ 2012 Nov 03 ] |
IMHO this is very important feature, because lot of mail providers today simply doesnt work without smtp auth (both our isp nd gmail |
Comment by Ilir [ 2015 Jan 18 ] |
Looking forward to this feature as it seems very easy to implement and would complete Zabbix in a major way. Thanks everyone. |
Comment by Aleksandrs Saveljevs [ 2015 May 26 ] |
(1) According to (32) in ZBXNEXT-282, SSLCALocation only works when cURL is used with OpenSSL. However, http://curl.haxx.se/libcurl/c/CURLOPT_CAPATH.html no longer claims that - rather, it says that any backend works. It should be verified which cURL version introduced this support and we should fix documentation accordingly. asaveljevs According to cURL Git repository at https://github.com/bagder/curl.git, CURLOPT_CAPATH stopped being OpenSSL-specific in version 7.42.0: $ cat RELEASE-NOTES Curl and libcurl 7.42.0 ... This release includes the following bugfixes: ... o GnuTLS: add support for CURLOPT_CAPATH $ cat docs/libcurl/opts/CURLOPT_CAPATH.3 ... .SH AVAILABILITY This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS backend provides the option only for backward compatibility. In version 7.41.0, it used to say the following: $ cat docs/libcurl/opts/CURLOPT_CAPATH.3 ... .SH AVAILABILITY This option is OpenSSL-specific and does nothing if libcurl is built to use GnuTLS. NSS-powered libcurl provides the option only for backward compatibility. asaveljevs Fixed the following pages:
RESOLVED sasha CLOSED |
Comment by Aleksandrs Saveljevs [ 2015 May 26 ] |
(2) Currently, we rely on http://curl.haxx.se/libcurl/c/CURLOPT_LOGIN_OPTIONS.html for SMTP authentication support, which appeared in cURL 7.34.0. As the specification says, it should be decided whether we wish to use http://curl.haxx.se/libcurl/c/CURLOPT_USERPWD.html for cURL >= 7.31.0 and < 7.34.0. asaveljevs Also, CURLOPT_LOGIN_OPTIONS is only required for SMTP authentication, but not for encryption. So, if a user only wishes to use encryption, but not SMTP authentication, we can lower the cURL version requirement. wiper I don't think it's worth adding support for CURLOPT_USERPWD unless someone really needs it. asaveljevs According to http://pkgs.org/search/libcurl , libcurl 7.32 is used in Fedora 20 and OpenSUSE 13.1. CentOS 7 uses libcurl 7.29. asaveljevs Added support for CURLOPT_USERPWD in cURL 7.31.0 to 7.33.0 in r53882 and r53890. asaveljevs CURLOPT_LOGIN_OPTIONS and ";AUTH=PLAIN" in CURLOPT_USERPWD are not strictly required: cURL chooses AUTH=PLAIN even if it is not explicitly specified. Therefore, we have lowered cURL version requirement in r53897 to cURL 7.20.0 (the one which has CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT). asaveljevs If later we add support for some other login options, we will probably print a warning for cURL < 7.31.0 that this setting is not supported. RESOLVED. wiper Please review a small change in r53907. asaveljevs Thank you! CLOSED. |
Comment by Aleksandrs Saveljevs [ 2015 May 26 ] |
Server side available for review and testing in svn://svn.zabbix.com/branches/dev/ZBXNEXT-679 . Frontend side remains to be done. |
Comment by Andris Zeila [ 2015 May 28 ] |
(3) [S] Consider using CURLOPT_DEBUGFUNCTION curl option to provide debug information with CURLOPT_VERBOSE. This would allow to:
asaveljevs Option documentation: http://curl.haxx.se/libcurl/c/CURLOPT_DEBUGFUNCTION.html . asaveljevs RESOLVED in r53881. It adds smtp_debug_function(), which seems to do the same as cURL's default verbose logging function (see Curl_debug() and showit() in lib/sendf.c). wiper CLOSED |
Comment by Andris Zeila [ 2015 Jun 01 ] |
Database upgrade and server side SMTP authentication/encryption support successfully tested. |
Comment by Oleg Egorov (Inactive) [ 2015 Jun 03 ] |
(4) [F] Finished frontend side in r53887, 53905, r53924 And please see before testing: iivs CLOSED. |
Comment by Ivo Kurzemnieks [ 2015 Jun 05 ] |
(5) Translation strings? oleg.egorov
RESOLVED iivs CLOSED. <richlv> there seems to be at least one unlisted new string :
iivs This is true, translation strings removed:
and few translation strings added:
CLOSED. |
Comment by Ilir [ 2015 Jun 06 ] |
Sorry for the (possibly) stupid question but when is this expected to be released? Is there any way we can patch it in now? Thanks! -Ilir |
Comment by richlv [ 2015 Jun 06 ] |
it's scheduled for zabbix 3.0 |
Comment by Ivo Kurzemnieks [ 2015 Jun 08 ] |
(6) [F] As discussed: If "Connection security" is set to "None", then "SSL verify peer" and "SSL verify host" checkboxes should not be visible and if "Authentication" is set to "None", then "User" and "Password" fields should not be visible. oleg.egorov RESOLVED IN r54018 iivs Just like in other forms when switching type in items, for example, the filled fields remain untouched, but in media types they are still cleared. Let's just hide them and clear upon save. REOPENED. oleg.egorov And as was discusses with sasha. CLOSED |
Comment by Ivo Kurzemnieks [ 2015 Jun 08 ] |
(7) Please update to latest trunk and resolve conflicting code do to coding style changes array(); => []; oleg.egorov Updated to the latest trunk r54008. RESOLVED iivs CLOSED. |
Comment by Ivo Kurzemnieks [ 2015 Jun 08 ] |
(8) [F] "Each API method must have it's own validation method. The validation method must be called “validate” followed by the name of the method. For example, the method for validating the create() method must be called validateCreate()." There is a good validation that can be re-used from svn://svn.zabbix.com/branches/dev/ZBXNEXT-2033_244 oleg.egorov RESOLVED IN r54029 iivs As discussed, add better API validation for new fields. REOPENED. oleg.egorov And as was discusses with sasha. CLOSED |
Comment by Ivo Kurzemnieks [ 2015 Jun 08 ] |
(9) [F] When I enter a very large port number via API, I get error: Incorrect API message "Incorrect media type port \"\" provided.". Also API does not properly validate new checkbox fields allowing to enter any numeric value, thus potentially breaking something in frontend. oleg.egorov RESOLVED IN r54015 iivs CLOSED. |
Comment by Ivo Kurzemnieks [ 2015 Jun 08 ] |
(10) [F] Fatal error occurs when no port is provided in frontend. To avoid this, we could use CNumericBox instead of CTextBox. oleg.egorov RESOLVED IN r54015 iivs CLOSED. |
Comment by Ivo Kurzemnieks [ 2015 Jun 08 ] |
(11) [F] Coding style and other improvements:
oleg.egorov RESOLVED IN r54029 iivs Thanks! See my changes in r54252 oleg.egorov CLOSED |
Comment by Ivo Kurzemnieks [ 2015 Jul 02 ] |
TESTED, |
Comment by Oleg Egorov (Inactive) [ 2015 Jul 02 ] |
Implemented in 2.5.0(trunk) r54263 |
Comment by richlv [ 2015 Jul 28 ] |
(13) documentation
what else ? martins-v Updated documentation:
Please review. RESOLVED.
REOPENED martins-v Thanks, RESOLVED. sasha Thanks! CLOSED |
Comment by Oleksii Zagorskyi [ 2016 Jun 02 ] |
zabbix API doc for new field was not updated, requested in |