I have a valid mail server, with SSL certificates, DNS and PTR records and an overall secure configuration.
I am able to send mails from the terminal using sendmail tool. But when I try with this code :
package main
import (
"fmt"
"net/smtp"
)
func main(){
err := smtp.SendMail("localhost:25",nil, "yo#testgolang.com", []string {"someemail#gmail.com"}, []byte("This is a test form golang"))
if err != nil {
fmt.Println(err.Error())
}
}
I get the following error :
x509: certificate is valid for mydomain.com, not localhost
What should I change in my code ( or in the server config ) to be able to send mails from my code.
The source of the error is that, for security reasons, the involved parties expect hostnames to match the ones in the certificate. sendmail is probably not checking certificates (I haven't found mention greping the manpage).
The solution is to connect to the server using the proper domain name, or for testing to create a certificate that matches the domain name localhost.
Related
I don't know if I am asking this in the right place.
I have an SSL cert for my website, and I am trying to setup a mail server (same domain) using the same cert.
I am using Postfix and Dovecot. When I try logging in from Evolution mail client, I get an error "Peer failed to perform TLS handshake". When I try an online service to verify I get "Recipient address rejected: User unknown in local recipient table."
I guess my actual question is, can I actually use the same SSL cert for my website and my email server?
What do I do to debug next?
You can use a certificate you have for the web server also for your mail server as long as it matches the hostname you use to access your mail server. Of course the certificate need to properly setup at the mail server, i.e. include the necessary intermediate certificates similar to how it is (hopefully) setup on the web server.
I am using Postfix and Dovecot.
This means you need to take care of multiple configurations, both for SMTP in Postfix and IMAP/POP3 (whatever you use) in Dovecot. And in all cases the certificates subject/SAN must match the hostname you use to connect to the server.
When I try logging in from Evolution mail client, I get an error "Peer failed to perform TLS handshake".
There are not enough information about this setup to find out what exactly is causing the TLS error. It is not even clear if the error is caused when retrieving mail (IMAP/POP3, i.e. Dovecot) or while sending (Postfix).
When I try an online service to verify I get "Recipient address rejected: User unknown in local recipient table."
This has nothing to do with TLS at all. The test server simply tried to use a recipient which your mail server (Postfix) will not accept.
What do I do to debug next?
The next steps would probably be to check if the certificate matches the names you use in the first place and to look into log files for error messages or warnings. Following steps depend on what the result of these steps is.
I try to send an email from my METEOR server as described:
https://docs.meteor.com/api/email.html
But i want to send emails without authentication. I have no username and password. If i try MAIL_URL=smtp://#relay.xy.xxxxx.com:578 without username and password i get the error:
unable to verify the first certificate.
Is it possible to set a parameter like "SMTPAuth=false" as in PHP?
Try removing the # in the URL, that might help.
You are specifying port 578, which is a secure port, so it's probably trying to establish a TLS session with your server, which might not have a legitimate SSL certificate, which is likely to be causing this error message.
You know that if you have an email server that will accept unauthorised send requests, that a bot will find it, and then pour spam through it?
I am using google apps for email. I can send email out through c# code fine with smtp.gmail.com.
I would like to be able to use the name smtp.mydomain.com instead, but still have it go to smtp.gmail.com. I tried just seeing a CNAME in my DNS settings, but I get this error:
"The remote certificate is invalid according to the validation procedure."
Any ideas?
Thanks.
Yes, you can't, the TLS certificate used to communicate privately with the remote SMTP server is signed with smtp.gmail.com. The only solution is to create a SMTP relay with sendmail for example on your own server.
I've godaddy's 2048bit certificate for domain and 4 subdomains.
[www.site.com, mail.site.com, e.t.c.]
Standard Multiple Domain (UCC) SSL Up to 5 Domains - 1 year (annual)
That certificate works fine in Apache, ssl web checker says OK and browser shows green line in address string.
I've added this certificate to mail daemon, it has been accepted by Exim too.
When some client tries to send mail with SSL/TLS connection through mail server, mail program says "Certificate is BAD" though shows correct trusted info.
Client connects to hostname: mail.server.com, server's hostname is: ns1.server.com (not added to certificate), mail server says: 220 ns1.site.com ESMTP Exim 4.73
Mail clients tested: iPAD mail client, Mozilla Thunderbird, Mac mail client
Please help.
UPDATE:
Godaddy's ssl checker says: SSL Chain of Trust is Broken!
Here are a couple of things to check:
Is the hostname that the mail client uses in the TCP connect, listed in the server certificate as the Common Name (CN) of the subject distinguished name?
If not, is it listed using type "DNS:" in the Subject Alternative Name X509 v3 certificate extension?
If neither of the above, you might be getting "Remote Certificate Name Mismatch" (or similarly named error.)
If it is listed, then look for the Issuer of the certificate, and Issuer of the Issuer, etc., all the way to the root certificate of the chain. The root certificate should be installed on the client machine, in the "Trusted Root" certificate store for whatever client you are using (Windows, Mozilla, Java keystore, etc.)
If the root certificate is installed, then look at the intermediate certificates, if there are any in the chain (between root and server certificates). They have to either be installed locally, or arrive from the server alongside the server certificate -- either the server sends them each time or you've got the intermediate certificates already installed on the client end. Either way, they have got to be in hand to accept the server certificate.
Do the clients which reject the certificate have the appropriate root certificates in their cert store?
This is quite a specific question, and I have had no luck on the grails nabble forum, so I thought I would post here. I am using the grails mail plug-in, but I think my question is a general one about using authsmtp as an email gateway from my server.
I am having trouble sending mail from my app using authsmtp. I have installed and configured the mail plugin and was originally using my ISP's SMTP server to send mails. However when I deployed to AWS EC2 this failed because my elastic IP was blocked by the SMTP host. So I bought myself an authsmtp account and set up my server email address as an accepted one at authsmtp.
I then changed my configuration in SecurityConfig.groovy to point to the authsmtp server that I had been designated...
mailHost = "mail.authsmtp.com"
mailUsername = "myusername"
mailPassword = "mypassword"
mailProtocol = "smtp"
mailFrom = "valid-authsmtp-address#mydomain.com"
mailPort = 2525
...and I'm just trying to get this to work locally before I deploy back up to AWS. Sending mail fails and in my log I have this exception:
2010-02-13 10:59:44,218 [http-8080-1] ERROR service.EmailerService - Failed to send emails: Failed messages: com.sun.mail.smtp.SMTPSendFailedException: 513 5.0.0 Your email system must authenticate before sending mail.
org.springframework.mail.MailSendException; nested exception details (1) are:
Failed message 1:
com.sun.mail.smtp.SMTPSendFailedException: 513 5.0.0 Your email system must authenticate before sending mail. at
com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:1388)
at com.sun.mail.smtp.SMTPTransport.mailFrom(SMTPTransport.java:959)
at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:583)
I'm a bit lost since the username and password I provide in the
configuration are definitely correct.
A terse and not very helpful conversation with authsmtp support suggests
that I need to MD5 and/or base64 encode my credentials before sending, so my
question is in three parts...
1) any idea what's going on with the failure and why that message is
appearing?
2) how would I encode the credentials to pass to authsmtp and how would I
configure that for the mail plugin
3) has anyone successfully connected and sent mail through authsmtp from the
mail plugin and specifically from AWS EC2?
When sending Email using the Acegi plugin, under the hood a Spring JavaMailSenderImpl is used. Looking at its docs:
Note that the underlying JavaMail Session has to be configured with the property "mail.smtp.auth" set to true, else the specified password will not be sent to the mail server by the JavaMail runtime. If you are not explicitly passing in a Session to use, simply specify this setting via setJavaMailProperties(java.util.Properties).
So append to your SecurityConfig.groovy the following:
javaMailProperties = [ "mail.smtp.auth": true]
I didn't find a solution to this using the Grails mail plugin, so I'm still interested in an answer, however I did find a workround. It may be useful in case anyone else follows me down this lonely path.