问题
i use imap_open() to establish a connection with my mailserver for checking bounced emails.
$pop3conn = imap_open('{localhost:110/pop3}', MAILLOGIN, MAILPWD);
if($pop3conn == false)
echo'<br />no conn';
else
{
// check mail headers and bodies
}
I get a PHP Notice about insecure authentication:
Notice: Unknown: SECURITY PROBLEM: insecure server advertised AUTH=PLAIN (errflg=1) in Unknown on line 0
I have searched on php.net and googled for hours, but can't find a solution how to get rid of this.
the only thing i found did also not work: adding /secure to the servername.
$pop3conn = imap_open('{localhost:110/pop3/secure}', MAILLOGIN, MAILPWD);
then i get:
Notice: Unknown: Can't do secure authentication with this server (errflg=2) in Unknown on line 0
Thanks in advance for any help!
回答1:
I am a little surprised this is giving you in Unknown on line 0 as this normally only happens when the error occurs before the script begins to execute - however, the only real solution to this problem is to hide PHP errors.
It looks as though the server you are connecting to doesn't support secure authentication, and the only solution to this is to ask the server administrator to support it. Or to use a different server. There is nothing you can do in your code to work around that particular problem, so you will just have to handle the error instead of trying to fix it (much as I hate to recommend that approach to anyone for anything).
You may find that even calling ini_set('display_errors', 0) or using the evil @ operator won't fix this, since it is in Unknown on line 0 - although you shouldn't be showing PHP errors in a production environment anyway. You should ensure that your php.ini in production is set to hide errors from the user.
回答2:
It's not really a bogus message, it just means that it's a plaintext unencrypted connection. Here is how you can do :
$error = imap_errors();
if (count($error) > 1 || $error[0] != 'SECURITY PROBLEM: insecure server advertised AUTH=PLAIN') {
// More than 1 error or not the expected error
var_dump($error);
throw new Exception('IMAP error detected');
}
回答3:
The question is few year old but I came across with the same issue:
imap_open("{imap.domain.com:143}INBOX", 'username', 'password');
gaves me error SECURITY PROBLEM: insecure server advertised AUTH=PLAIN.
So, it says I am sending the credentials unsecured. All I had to do is to go to my mail provider to find out any other way how to connect securely.
Standard ports are:
Protocol Unsecured Secured
POP3 110 995 (SSL, TLS)
IMAP4 143 993 (SSL, TLS)
SMTP 25 465 (SSL), 587 (TLS, STARTTLS)
And according to the documentation of PHP function imap_open() I have modified the parameters as followed:
imap_open("{imap.domain.com:993/imap/ssl}INBOX", 'username', 'password');
So now I have the communication encrypted/secured and PHP does not report errors any more.
来源:https://stackoverflow.com/questions/9034854/how-to-secure-imap-open-connection