Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SMTP Endpoints certificate errors when SSL MODE set to None #2564

Closed
windware-ono opened this issue Jul 30, 2023 · 7 comments · Fixed by #2790
Closed

SMTP Endpoints certificate errors when SSL MODE set to None #2564

windware-ono opened this issue Jul 30, 2023 · 7 comments · Fixed by #2790
Labels
bug

Comments

@windware-ono
Copy link

Describe the bug

Since I updated to the latest release 2.1.4 about a week ago, I saw incoming emails all being soft bounced saying,

SSL_connect returned=1 errno=0 peeraddr=172.17.0.1:2525 state=error: certificate verify failed (Hostname mismatch)

I suppose it was working before the update at version 2.1.1.

I had been setting the SSL MODE to None as 172.17.0.1 is a local machine's docker interface IP and doesn't require encrypted connection. (smtpd_tls_security_level is set as may in Postfix)

To Reproduce

  1. Let Postfix receive emails from Postal without requiring encryption.
  2. Set SSL MODE to None in Postal routing and route emails to that Postfix.
  3. Send an email.
  4. It gets a soft bounce with the above error.

Expected behavior

It should not try to verify for certificate validity if SSL MODE is set to None.

Environment details

  • OS: Ubuntu 22.04.2
  • Postal Version : 2.1.4

Additional information/context

It works if I set the SSL MODE as Auto.
@willpower232
Copy link
Collaborator

Are you referring to the smtp_relays in the config file or setting up a route in the UI?

@windware-ono
Copy link
Author

I meant changing the setting in the Routing -> SMTP Endpoints in the UI.

@willpower232
Copy link
Collaborator

Interesting, the code seems okay for that

postal/lib/postal/smtp_sender.rb

Lines 58 to 67 in 2f62baa

case ssl_mode
when "Auto"
smtp_client.enable_starttls_auto(self.class.ssl_context_without_verify)
when "STARTTLS"
smtp_client.enable_starttls(self.class.ssl_context_with_verify)
when "TLS"
smtp_client.enable_tls(self.class.ssl_context_with_verify)
else
# Nothing
end

I wonder if there is some kind of default so the "none" needs setting specifically somehow. The ruby docs suggest there are some disable methods available.

Are you able to make this code change to double check?

 else 
  smtp_client.disable_starttls()
  smtp_client.disable_tls() 
 end

@windware-ono
Copy link
Author

Yep, that fixed it.

@willpower232
Copy link
Collaborator

excellent news, would you like to make a PR?

@stevebrainng
Copy link

Facing this, this helped fix the issue. Can I make a PR, would like to see the update ASAP

@willpower232
Copy link
Collaborator

I guess it doesn't matter who makes the PR but ideally it would be one of you who can easily reproduce the problem and also try out any alternative fixes suggested by the reviewer

@github-actions github-actions bot mentioned this issue Feb 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(main): release 2.3.0 postalserver/postal
3 participants
@willpower232 @windware-ono @stevebrainng