Hoping to be useful let me say I’m happy to see that Phabricator is using PHPMailer to handle SMTP. That library is used for a very large amount of projects in the world so I know it somehow well.
Having said that it seems that Phabricator is using a very old version of PHPMailer: the version 5.1 is now 10-years old I think.
I don’t know if this is a place to talk about the security concerns of using such old version, anyway I’m here to note that because of this actually Phabricator does not support any other
SMTP AUTH method but
AUTH LOGIN, because it was hardcoded in PHPMailer 5.1:
So, if someone is having this error with a correct SMTP configuration:
(phpmailerException) SMTP Error: Could not authenticate. at [<phabricator>/externals/phpmailer/class.phpmailer.php:798
It’s because Phabricator it’s actually hardcoded with
AUTH PLAIN and maybe your mailserver expects
AUTH LOGIN or whatever.
I think that:
- first of all the documentation could say that the only accepted SMTP
AUTHmethod is actually
PLAINetc. (this is an useful information, it’s somehow rare that a CMS does not support the customization of the
AUTHaction, they always have a configuration string with
- then someone should look around for any known CVE for this version and then patch our downstream version to eventually give some backward compatibility fixes if not already done before (P.S. it seems patched, thanks to @epriestley notes)
- maybe one day Phabricator should advance PHPMailer to a more recent version to add a small option for the
AUTHaction (e.g. to use
LOGINas well, as supported by the library)
(I’m absolutely independent in giving these fixes and I do not expect you must do this for me. I’m here only in the hope to simplify troubleshooting and maybe improve the software!)
Thank you for reading!