Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't send an email via my own SSL/TLS server #811

Open
naddika opened this issue Sep 15, 2023 · 4 comments
Open

Can't send an email via my own SSL/TLS server #811

naddika opened this issue Sep 15, 2023 · 4 comments
Labels
bug

Comments

@naddika
Copy link

naddika commented Sep 15, 2023

Describe the bug

I have my own SMTP server. It's behind SSL/TLS - port 465

In my phoenix I use Swoosh to send emails. Since recently I've been facing this error:

delivery error:
{:retries_exceeded, {:network_failure, ~c"mail.my_mail_server.com", {:error, {:options, :incompatible, [verify: :verify_peer, cacerts: :undefined]}}}}

Steps to Reproduce the Bug or Issue

My config:

adapter: Swoosh.Adapters.SMTP,
    relay: host,
    username: user,
    password: password,
    port: port,

    ssl: true,
    tls: :always,

    # allowed_tls_versions: [:tlsv1, :"tlsv1.1", :"tlsv1.2", :"tlsv1.3"],
    auth: :always,
    retries: 5,
    no_mx_lookups: true,


    ssl: [
    # ssl_opts: [
    # ssl_options: [

        verify: :verify_none,
      # verify: :verify_peer,

      # cacerts: :public_key.cacerts_get(),
      # versions: [:"tlsv1.2"],
      # versions: [:"tlsv1.3"],
      #   customize_hostname_check: [
      #     match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
      #   ]
    ],

    tls_options: [
        # verify: :verify_peer,
        verify: :verify_none,

        # cacerts: :certifi.cacerts(),
        # cacerts: :public_key.cacerts_get(),
        #   server_name_indication: ~c"#{host}",
    ]

An interesting thing is that all the options that have to do with tls and ssl will be ignored.

Meaning, the error will always contain

<...> { verify: :verify_peer, cacerts: :undefined}...

There's never been an error with verify: :verify_none and cacerts: <something_else>, even though I've set it up.

Why? I've set different values in the config. Why will they remain verify: :verify_peer, cacerts: :undefined ?

And it's unclear wether I should used ssl_opts, ssl or ssl_options -- I've tried dozens of combinations. The same goes for the tls_options.

What's the matter?

The emails I'll send from an email-client from my local computer via the same email server get sent with no issue, and under the same settings: port 465, SSL/TLS, same relay.

P.S.

I'm aware of this - https://www.erlang.org/blog/otp-26-highlights/#ssl-safer-defaults

But, as I've mentioned, it'll ignore my verify: <...> variables in the first place.

Expected behavior

No response

Your reproducible example

No response

Screenshots or Videos

No response

Platform

  • OTP: 26
  • Elixir: 1.15.0

Additional context

No response
@naddika naddika added the bug label Sep 15, 2023
@naddika
Copy link
Author

naddika commented Sep 15, 2023

I'd checked out #785 before creating this issue

@princemaple
Copy link
Member

Try this. If it doesn't work, I will have to see your whole repo.

...,
auth: :always,
ssl: false, # <- has to be false
tls: :always,
tls_options: [verify: :verify_none],
no_mx_lookups: false # <- false

@verymilan
Copy link

Thank you @princemaple, for me on Mobilizon it helped. I was already trying solutions from #785 with no luck but at least i am now certain that this is where the problem lays.

@nesimtunc
Copy link

Where the problem was laying? I'm also having this issue, tried the solution here and there, no luck.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nesimtunc @princemaple @verymilan @naddika