I made a script in Python3 which sends emails to localhost, but I could not use TLS because it gave me the next error:
STARTTLS extension not supported by server.
I was trying to solve that, but then I thought about the question:
Does using TLS make any sense when sending mail to localhost?
I mean, you send your email in plain text to your localhost mail server, and this is the one in charge of encrypting the mail and send it via TLS, isn't it?
Related
I want to send an email to a mailbox on Gmail's servers. But I cannot understand why Google wants to authenticate me, the sender.
I want to act as the sending mail server. So using openssl, I open a TCP connection to smpt.gmail.com. Openssl takes care of the TLS handshake, and I am ready to send a message of the SMTP protocol
openssl s_client -connect smtp.gmail.com:587 -star
ttls smtp
CONNECTED(00000005)
.. Lots of TLS or SSL details ...
---
250 SMTPUTF8
I send the HELO message:
HELO smtp.gmail.com
250-smtp.gmail.com at your service
And I try to send a message:
MAIL FROM: <me#nowhere.com>
530-5.7.0 Authentication Required. Learn more at ...
But Gmail servers responds that I need to be authenticated.
I would understand authenticating with the mail server if I were reading from a mailbox, but I don't get why I need to authenticate to send a message to a mailbox.
I can't find much documentation on the internet regarding this either.
Is there some kind of mechanism where every owner of a mailserver on the planet needs to create a google account just to send emails to a gmail mailbox?
How does the mail servers at Microsoft outlook send messages to Gmail servers?
What am I missing here?
Modern SMTP splits message submission into a separate transaction, distinct from message transport. You are generally required to authenticate with your local MTA (Gmail's if you are sending from Gmail, Outlook if that's where you are sending from, etc) to submit a message, and then the transport network of SMTP proper takes it from there.
There used to be a time when you were able to submit a message to a remote MTA by something called direct injection, but spammers abused this (along with pretty much every other feature of email) to the point where this model was no longer sustainable.
The modern message submission protocol runs on port 587, and generally requires authentication, and thus can obviously only accept submissions from local users for whom the server has identity and authentication information.
The transport protocol, by contrast, runs on the original port number, 25, which is more or less universally firewalled now for residential IP addresses. (Inside an organization, you might still be able to connect to a local mail server on port 25 and perhaps even submit messages without authenticating.)
In addition, regular mail servers on the modern Internet need to maintain a positive reputation. This helps keep the bad apples somewhat isolated, but raises the bar for newcomers and minor independent operators. See e.g. SenderBase for one such reputation system, though the big operators typically have their own proprietary ones which are not available to outsiders.
My Web-server sends emails to one of our clients who uses Mimecast.com enforced TLS. We Send our emails to our client via gmail.com using secure TLS via our web server. Our SSL certificate is up to date and so is the client we are sending emails to. Delivery is successful but when the client sends us any emails Mimecast turns that message into secure message. Basically you have to log into their secure email web-app and access the emails from there.
This is not convenient for us.
It appears that my TLS is working correctly, but every time they send me an email it uses their secure mail web-app (as if my TLS is not working). MimeCast declined to help. How do I ensure that my email-servers TLS will work with mimecast's email server?
I found that the sort of SSL/TSL that was allowed on my web server was not compatible because it was too new. I updated the webserver to allow older protocols.
Wondering if we have options for a failing smtp mail at "localhost" after changing DNS host.
The problem setup is this:
SMTP mail is being sent from a server, with mail being configured on the server itself. Originally, server was host of DNS domain as well as web app.
Using JavaMail, a request is sent to "localhost" without any authentication
The DNS settings have changed, server hosting web app is no longer the "from" email address
The Java web app cannot be modified and is still sending to "localhost"
Question: Do we have any options?
I'd like to intercept the "localhost" smtp mail request and forward it along to our domain's mail server, with new credentials, but am unsure if that is possible. A stand-alone script to watch for those requests?
We did receive the suggestion to edit our DNS settings on the new hosting and add "MX" and "A" records, but that would require a change of source code, which is not an option at this time.
Thanks!
If there's no SMTP server running on localhost, and you just want to redirect mail to another mail server without authentication, you could use a simple "proxy/tunnel" using something like the "netcat" program.
If there is an SMTP server running on localhost, you might be able to configure it to forward all messages to your other mail server.
Otherwise, is it possible to change the properties used by JavaMail in your web app, without changing the source code? For example, do the properties come from a file or from System.getProperties()?
I am using google apps for email. I can send email out through c# code fine with smtp.gmail.com.
I would like to be able to use the name smtp.mydomain.com instead, but still have it go to smtp.gmail.com. I tried just seeing a CNAME in my DNS settings, but I get this error:
"The remote certificate is invalid according to the validation procedure."
Any ideas?
Thanks.
Yes, you can't, the TLS certificate used to communicate privately with the remote SMTP server is signed with smtp.gmail.com. The only solution is to create a SMTP relay with sendmail for example on your own server.
I'm trying to make an SVN post-commit script that makes backups to a Gmail drive. Blat doesn't seem to support TLS. Are there any good scripting programs on windows that can send an email via TLS?
I don't know about other mail senders, but stunnel is able to accept a plain text connection and tunnel it through an SSL connection. You can have it listen on localhost:25 and make an SSL connection to an smtps server (tcp/465). I have used it in a similar situation where a WebDAV client didn't support SSL.
The blat folks are saying the stunnel is the best bet for tls support but i've found that gmail doesn't require tls to send mail. Now, the data may not be encrypted but I send out email via my account (to other gmail accounts only) all the time as an automated process and it works great. if you need it let me know and i'll drop in the command-line parms.