Office 365 - SMTP error "first record does not look like a TLS handshake" #954
Comments
|
The info at The ip address logged is standard (nothing todo with email). It's looks like the ip stuff is just mis-reporting the real ip. We try to take it from the header first via "X-Forwarded-For" or "X-Real-IP" then Remote Address. In the last case this can be your load balancer ip vs the end users ip. |
|
Yes I have tried STARTTLS too. The smtp server is smtp.office365.com. It works in Thunderbird and other smtp clients fine. I will post the error of STARTTLS tomorrow. |
|
I have these errors when trying with STARTTLS: I followed the install guide here https://github.com/mattermost/platform/blob/master/doc/install/Docker-Single-Container.md#ubuntu, For Ubuntu 14.04. I also followed the guide here https://github.com/mattermost/platform/blob/master/doc/install/SMTP-Email-Setup.md to enable email. However i do not have |
|
Any help would be appreciated 😄 |
|
Hi @phillip-white-sociomantic, sorry I'm at a loss. When I find some time I'll create an O365 account and try it. My guess is there is some low level mis-match between how golang and exchange/windows implement TLS connections. |
|
may be related golang/go#5742 (not sure) |
|
I don't know that much about O365, but as a test you might try to disable TSL 1.1 and TSL 1.2 and only allow TLS 1.0 to see if it works (if that's even possible on O365). I also saw some references to O365 using port 25 with STARTTLS. |
|
Linking issues. See https://forum.mattermost.org/t/email-authentication-with-v1-0-not-working/314 |
|
I have tried the smtp service with hotmail. Which is STARTTLS:587. It works with that. It is not working for Office 365 still. |
|
I have the same problem with a GMail server. |
|
@phillip-white-sociomantic if you want some help troubleshooting this i'd be happy to help. is there a demo username/password i could test with? |
|
and fyi based on my experience supporting microsoft email products, they sometimes use nonstandard SSL (where its fully encrypted when you connect on ports you would expect to require |
|
I have it working with other MS services. Just Office 365 is an issue. @trashcan I can't give you access to our O365 system, but you can sign up for a free trial on their website. |
|
@phillip-white-sociomantic would you mind sharing a sample of EmailSettings for hotmail? We're trying to collect sample configurations to share with the community. |
|
Sure, my hotmail settings are: |
|
Still not working with Office 365. The same settings and credentials work on our printer smtp client, and in thunderbird. So i presume the mattermost config is missing something for office 365. I have setup a test o365 account to test this. It's only valid for 30 days so hopefully we can find the issue within that time. user / email: mattermost@mattermosttest.onmicrosoft.com |
|
Thanks. I've included the hotmail settings with https://github.com/mattermost/platform/blob/hotmail-sample/doc/install/SMTP-Email-Setup.md#hotmail Also thanks for setting up the test account. I'll try to make some time to test with O365. |
|
Hi @phillip-white-sociomantic circling back on this issue. Would you be open to starting a Troubleshooting discussion on this? There might be folks on the general forum who could help. Adding @esethna to help monitor where we are on this. |
|
@it33 Thanks for the feedback. There is an open discussion already https://forum.mattermost.org/t/email-authentication-with-v1-0-not-working/314. I also tried this again with v1.2.1. It is the same issue with O365. |
it33
changed the title
|
Thanks @phillip-white-sociomantic, posted there to see if there's anyone who can help, |
|
I have the same problem with gmail. Here is my email settings: |
|
I have changed ConnectionSecurity from TLS to STARTTLS then it works well. |
|
@phillip-white-sociomantic could you let us know if the above is able to solve your issue? |
|
Unfortunately not. It was the same problem with v1.2.1 |
|
Hi @phillip-white-sociomantic. I work at Microsoft. Hopefully I can help a bit. Microsoft servers (i.e. Office 365/Exchange Online) use explicit TLS for authentication. That's also called STARTTLS and you can identify it as the endpoint requires port 587 (as @coreyhulen mentioned, we also accept port 25 for our smtp.office365.com endpoint). Here, you have to explicitly send a STARTTLS command to negotiate TLS after starting with SMTP. Implicit TLS is where you negotiate TLS at the beginning of the connection and then proceed with SMTP. This is called SSL/TLS or TLS depending on the client. This is normally done on port 443. An SMTP error like "first record does not look like a TLS handshake" points to trying to use implicit TLS on an endpoint only supporting explicit TLS. As I mentioned, we only support STARTTLS for SMTP connections. Moving on the error you see with STARTTLS about authentication. 504 5.7.4 Unrecognized authentication type occurs when you try to send an unsupported AUTH command. The client should be sending AUTH LOGIN which is standard and used by every mail service and email client. Hope this helps. |
|
Hi @seanws, Would you know where to report a bug in Office365? The Go library we're using is reporting low level errors in the protocol, it works for all other services we use, only Office365 is having the error. |
|
@it33 You will need to create a service request under the Support tab in the Office 365 Admin Center. |
|
I looked into this with Corey, and the problem is this error when using smtp.office365.com:587 and STARTTLS: This is because AUTH PLAIN does not appear to be supported in this situation. ^ Notice that only AUTH LOGIN is advertised. Go's "net/smtp" doesn't support AUTH LOGIN, but there is some code linked here that does: So ideally you would parse the EHLO response, determine what types of AUTH are allowed, and then use that to determine which AUTH to use in https://github.com/mattermost/platform/blob/master/utils/mail.go#L49 (Sorry for the wall of text) |
|
Thanks @trashcan!! High appreciate your figuring this out. Opening an APR ticket for anyone in the community who would like to help solve the Office 365 SMTP issue So glad we got to a solution :) |
|
I was getting the same error but realised I had 2FA setup for my gmail account, created a test gmail account and it works fine. Just in case others are trawling for resolutions on this discussion... |
|
I am a bit lost here. I still see "Failed to open TLS connection [details: tls: first record does not look like a TLS handshake]" when I try to use smtp.office365.com:587 TLS. I am using Mattermost 3.7.3. Is there a workaround of some kind? |
|
We are receiving the same error configuring Mattermost 3.8.2 with Office 365 |
|
JFYI, I have worked around the issue with SMTP Relay server: https://hub.docker.com/r/turgon37/smtp-relay/ |
|
Hi, Am having the same problem with Office 365 integration with Mattermost. Has anyone any suggested simple work around? |
|
I have the same problem. This is unfortunately a stopper for us to deploy this tool in a production environment in out company. |
|
@kafferejsarn - we just added support for LOGIN method authentication, which may help with the issue: #8140 The change should ship in April, we haven't tested with Office365 yet but are working on it. If you'd also like to help test it out with Office365 that would be great! |
|
Why is this issue closed? This is still not working for 4.8.1 bundled with GitLab. What can I do? |
Hi All,
I have this issue when trying to test my email setup. I am running v 1.0 in Docker.
Errors:
I have configured the settings via the web console, which reflects to config_docker.json:
It is configured fine with my settings, and i have double checked them.
The errors indicate that it is trying to send from the ip of the computer i am using the web portal from (192.168.3.68).
How do i fix this?
The text was updated successfully, but these errors were encountered: