Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Missing support for SMTP with SSL #4252

Open
alexandervlpl opened this issue Oct 1, 2016 · 27 comments

Comments

@alexandervlpl
Copy link

commented Oct 1, 2016

See forum topic.

It turns out Sentry only supports TLS (and not SSL) for outgoing email. This is not immediately apparent (or documented). Settings like the ones below (though correct in Django) don't actually work in Sentry:

EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'mail.privateemail.com'
EMAIL_HOST_USER = 'info@ookmijnbedrijf.nl'
EMAIL_HOST_PASSWORD = '***'
EMAIL_PORT = 465
EMAIL_USE_SSL = True
EMAIL_USE_TLS = False
SERVER_EMAIL = EMAIL_HOST_USER

When I try to send a test email I get this:

Connection unexpectedly closed: timed out

@tkaemming

This comment has been minimized.

Copy link
Member

commented Oct 7, 2016

Looks like SSL support was introduced in Django 1.7, but we're stuck on Django 1.6 for the time being, so this might be case for a while, unfortunately.

@mattrobenolt

This comment has been minimized.

Copy link
Member

commented Oct 7, 2016

Oh, TIL. I was assuming this would be an easy fix that I somehow overlooked when porting this stuff to use options. :(

@tkaemming

This comment has been minimized.

Copy link
Member

commented Oct 7, 2016

I was assuming this would be an easy fix that I somehow overlooked when porting this stuff to use options.

Me too — I was halfway through implementing it, then looked at the Django source for what the SSL constructor parameter to the email backend was… and realized it wasn't there. 😕

@dirkdevriendt

This comment has been minimized.

Copy link

commented Oct 20, 2016

Update: As it turns out, the behaviour I describe below was due to a config discrepancy between the sentry web process and sentry worker instances. So the part that worked was actually using TLS (which works out of the box). I'll leave the relevant part for future reference...


We have a nice case as well :-)
I "borrowed" from https://github.com/creativ/docker-sentry-aws-ses to set Sentry up with SSL support:

  • install django-smtp-ssl==1.0
  • add SENTRY_OPTIONS['mail.backend'] = 'django_smtp_ssl.SSLEmailBackend' to sentry.conf.py
  • use appropriate ENV variables

Seemed like all was well, since a mail sent from https://.../manage/status/mail/ "Send a test mail" yields no errors and the test mail arrives

However: when I go on https://.../account/settings/ and click a "Resend Verification Email" link, I get the error below.

SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:590)
  File "celery/app/trace.py", line 240, in trace_task
    R = retval = fun(*args, **kwargs)
  File "celery/app/trace.py", line 438, in __protected_call__
    return self.run(*args, **kwargs)
  ...
  File "python2.7/ssl.py", line 830, in do_handshake
    self._sslobj.do_handshake()
@alexandervlpl

This comment has been minimized.

Copy link
Author

commented Mar 28, 2017

@dirkdevriendt : thanks for the workaround! Unfortunately, I can't get this to work. django-smtp-ssl==1.0 is installed and my sentry.conf.py looks like this now:

SENTRY_OPTIONS['mail.backend'] = 'django_smtp_ssl.SSLEmailBackend'
SENTRY_OPTIONS['mail.host'] = 'mail.domain.com'
SENTRY_OPTIONS['mail.port'] = 465
SENTRY_OPTIONS['mail.username'] = 'noreply@domain.com'
SENTRY_OPTIONS['mail.password'] = '*****'
SENTRY_OPTIONS['mail.use-tls'] = False
SENTRY_OPTIONS['mail.from'] = SENTRY_OPTIONS['mail.username']
SENTRY_OPTIONS['mail.list-namespace'] = 'domain.com'

I no longer see any errors when sending a test email or account verification email. According to my sentry worker log, messages are sent:

15:00:59 [INFO] sentry.mail: mail.sent (message_id='<20170328150059.13381.76920@domain.com>')

However, no emails are actually received and it looks like something is failing silently. What am I doing wrong? Does anyone have any tips?

@dirkdevriendt

This comment has been minimized.

Copy link

commented Mar 30, 2017

FYI: these are the ENVVARs we have in the configuration; we're on Amazon AWS

SENTRY_EMAIL_BACKEND    django.core.mail.backends.smtp.EmailBackend
SENTRY_EMAIL_HOST       email-smtp.eu-west-1.amazonaws.com
SENTRY_EMAIL_PORT       587
SENTRY_EMAIL_USER       <user_id>
SENTRY_EMAIL_PASSWORD   ***
SENTRY_EMAIL_USE_TLS    True
SENTRY_SERVER_EMAIL     <user_email>

To be clear, I'm not sure non-TLS ever worked for us...

@alexandervlpl

This comment has been minimized.

Copy link
Author

commented Mar 30, 2017

Thanks for the tip! I switched on TLS, but not luck. Something is still failing silently. Which version of Sentry are you running?

In the meantime, back to refreshing the Sentry page on my phone to avoid missing new issues. ☹️

@tkaemming , @mattrobenolt : it would be great to have some kind of officially documented workaround for this, while we wait for the jump to a newer Django version. In any case, thanks for your hard work!

@alexandervlpl

This comment has been minimized.

Copy link
Author

commented Mar 31, 2017

Actually, I found my workaround: the excellent Slack plugin!

@tyan4g

This comment has been minimized.

Copy link

commented May 11, 2017

so the problem is still there??I want to use sentry.io but , sentry io is kind of slow in my place .and sometimes it's blocked .so we need to deploy on my local server..

@dcramer

This comment has been minimized.

Copy link
Member

commented May 11, 2017

@tyan4g we're still on Django 1.6, so it looks like this is sitll a problem

@jstdoit

This comment has been minimized.

Copy link

commented Jul 26, 2017

+1

1 similar comment
@l33klin

This comment has been minimized.

Copy link

commented Nov 8, 2017

+1

@ElliotCui

This comment has been minimized.

Copy link

commented Nov 22, 2017

Hi, @tkaemming
I have the same problem, too.
And I tried to solve this by only updating django from 1.6 to 1.11, in my self built docker image.
But after i finished updating django and run the following commands.

$ docker run --rm sentry config generate-secret-key
$ docker run -it --rm -e SENTRY_SECRET_KEY='t7*-1&t*e_o-wyw+y4g6v!95qb9b_77tdc5&ppfvr!+xz^xgu%' --link sentry-postgres:postgres --link sentry-redis:redis sentry upgrade

The error occurs like this:

Traceback (most recent call last):
  File "/usr/local/bin/sentry", line 11, in <module>
    sys.exit(main())
...
  File "/usr/local/lib/python2.7/site-packages/sentry/runner/importer.py", line 44, in load_module
    mod = self._load_module(fullname)
  File "/usr/local/lib/python2.7/site-packages/sentry/runner/importer.py", line 62, in _load_module
    from django.utils.importlib import import_module
sentry.runner.importer.ConfigurationError: ImportError: No module named importlib
...

How should I solve this problem or I can just wait for sentry docker image updating ?
Wish your reply. Thx!

@mattrobenolt

This comment has been minimized.

Copy link
Member

commented Nov 22, 2017

And I tried to solve this by only updating django from 1.6 to 1.11, in my self built docker image.

This is definitely not going to work, as you found out. This is not a trivial change, and in Django land, this is 5 major releases. There are many reasons why we’re locked into 1.6.

How should I solve this problem or I can just wait for sentry docker image updating ?

If django-smtp-ssl doesn’t work or solve the problem, there’s unfortunately nothing we’re going to be able to do until we upgrade Django ourselves, which will be a long time away, if ever.

@lilydjwg

This comment has been minimized.

Copy link

commented Jan 26, 2018

This issue happens to me, and I find the name of this setting are surprisingly confusing.

There are two kinds of encryption a SMTP connection can use:

  • Use a STARTTLS command over a plain connection to negotiate. This scheme can reuse the port for unencrypted traffic
  • Use a dedicated port like HTTPS, and do TLS handshake on connecting. All SMTP commands are encrypted. This is usually referred to as SMTPS.

Sentry's mail.use-tls = True actually means the former, but the doc doesn't say that. I configured a SMTPS port for it, so Sentry tried to talk plain commands while the mail server expected a TLS handshake, and it hanged there. Setting the right port solves the issue.

PS: SSL is an old name for TLS. TLS has newer versions while all three SSL versions has died. The usage among mail documentation seems to be different.

@lambdaq

This comment has been minimized.

Copy link

commented Apr 13, 2018

incase anyone else is having the same problem:

smtp.exmail.qq.com:465 only supports SSL, so you will get an error:

SMTPServerDisconnected 
sentry.tasks.email.send_email
errorConnection unexpectedly closed: timed out
@wych42

This comment has been minimized.

Copy link

commented Apr 20, 2018

@lambdaq With smtp.exmail.qq.com,you should set port as 25, a working config like this:

SENTRY_EMAIL_HOST=smtp.exmail.qq.com
SENTRY_EMAIL_PASSWORD=password
SENTRY_EMAIL_USER=user@xx.com
SENTRY_EMAIL_PORT=25
SENTRY_EMAIL_USE_TLS=True
SENTRY_SERVER_EMAIL=user@xx.com
@zming

This comment has been minimized.

Copy link

commented Apr 26, 2018

I also get the same error like:
SMTPServerDisconnected
sentry.tasks.email.send_email
errorConnection unexpectedly closed: timed out

use aliyun smtp service, the confige:
SENTRY_EMAIL_HOST: "smtp.mxhichina.com"
SENTRY_EMAIL_USER: "php@jjcclife.com"
SENTRY_EMAIL_PASSWORD: "******"
SENTRY_EMAIL_USE_TLS: "true"
SENTRY_EMAIL_PORT: 465

@wych42

This comment has been minimized.

Copy link

commented Apr 27, 2018

@Qinzm Maybe you can try set port to 25.

@Wirone

This comment has been minimized.

Copy link

commented Jul 2, 2018

@dirkdevriendt's solution works for me. Just added package to requirements, changed mailer backend in config, started everything with --build and messages were sent :)

But this is not something I expected, it should work out of the box ;-)

@duxinxiao

This comment has been minimized.

Copy link

commented Nov 9, 2018

So it's still not resolved? I think TLS support is really important

@zming

This comment has been minimized.

Copy link

commented Nov 9, 2018

I run sentry by docker-compose way,add python plugins “django-smtp-ssl~=1.0” to requirements.txt;
It's userful.

@ElliotCui

This comment has been minimized.

Copy link

commented Nov 9, 2018

@duxinxiao
Use TLS and port 587 solve the problem

$> docker run -d --name cb-sentry \
  -e SENTRY_SECRET_KEY='s7*-1&t*e_o-wyw+y4g6v!95qb9b_77tdc5&ppfvr!+xz^xgu%' \
  -e SENTRY_EMAIL_BACKEND='django.core.mail.backends.smtp.EmailBackend'\
  -e SENTRY_EMAIL_HOST='smtp.exmail.com' \
  -e SENTRY_EMAIL_PORT=587 \
  -e SENTRY_EMAIL_USER='noreply@xxx.com' \
  -e SENTRY_EMAIL_PASSWORD='xxxx' \
  -e SENTRY_EMAIL_USE_TLS=True \
  -e SENTRY_SERVER_EMAIL='noreply@xxx.com' \
  -e SENTRY_TIME_ZONE='Asia/Shanghai' \
  --link sentry-redis:redis \
  --link sentry-postgres:postgres \
  sentry
@duxinxiao

This comment has been minimized.

Copy link

commented Nov 10, 2018

@ElliotCui Thanks! I will have a try

@Wirone

This comment has been minimized.

Copy link

commented Nov 16, 2018

@ElliotCui how TLS can solve SSL issue? These are 2 different protocols. Our mail server does not support TLS and we had to create custom Sentry image supporting SSL (based on this comment) and we're using it for few months. Your advice isn't related to this issue, which explicitly states that there isn't support for SSL (and it's true).

@ningxiaowa

This comment has been minimized.

Copy link

commented Jan 29, 2019

mail.host: 'smtp.exmail.qq.com'
mail.port: 587
I change the port from 465 to 587, done......... fxxk

@Eduard-gan

This comment has been minimized.

Copy link

commented Feb 8, 2019

I don't know why by for Yandex i use 465 port and SSL in postclient and the only config that worked for me on Sentry 9 is :

mail.backend: 'smtp'  # Use dummy if you want to disable email entirely
mail.host: 'smtp.yandex.ru'
mail.port: 25
mail.username: 'sentry@mydomain.ru'
mail.password: 'mypassword'
mail.use-tls: true
mail.from: 'sentry@mydomain.ru'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
You can’t perform that action at this time.