Project

General

Profile

Actions

Defect #37753

closed

Cannot send mail through smtp due to TLS errors

Added by Gasper C over 1 year ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Category:
Email notifications
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

Hello,

I've updated redmine to 5.0.2 from v3.2.0.

I've kept SMTP settings the same and noticed that I cannot send mails anymore.

The error that keeps appearing is:
Oct 05 13:23:36 acred2p redmine214934: E, [2022-10-05T13:23:36.935478 #215008] ERROR -- : [ActiveJob] [ActionMailer::MailDeliveryJob] [4f9f26ee-e713-460d-97d9-49f5f69d3cba] Email delivery error: SSL_connect returned=1 errno=0 peeraddr=10.x.y.z:25 state=error: unexpected eof while reading

From the logs on the SMTP server it seems that the problem is TLS - mail server admin advised to turn it off.

I've tried the following settings in various configurations and nothing seemed to work:

production:
email_delivery:
delivery_method: :smtp
smtp_settings:
address: 10.x.y.z
port: 25
domain: xxxxxxx
enable_starttls_auto: false
openssl_verify_mode: 'none'
tls: false
ssl: false

The bottom 3 lines were added - otherwise the config worked in redmine v3.

SMTP server is working as expected - I can send a mail manually from the redmine server through the terminal.

Any help is appreciated, thanks.


Related issues

Has duplicate Redmine - Defect #37251: openssl_verify_mode not honored/not working anymoreClosed

Actions
Actions #1

Updated by Pavel Rosický over 1 year ago

it's a bug, but since the mail gem maintainer is inactive for a long time, I don't expect any fixes soon.

you have 2 options:
1/ use SSL
2/ apply an unofficial patch, see https://github.com/mikel/mail/pull/1435

Actions #2

Updated by Dmitry Makurin over 1 year ago

Try this:

production:
  email_delivery:
    delivery_method: :smtp
    smtp_settings:
      address: xxxxxxx
      port: 25
      disable_start_tls: true
      openssl_verify_mode: "none" 

After upgrade to redmine 5.0 i have encountered the same issue. Config above managed to fix it without modifying mail gem.

Actions #3

Updated by Gasper C over 1 year ago

Thanks pavel ochman & Dmitry K - I think I'll have to try to modify the gem. I tried pasting Dmitry's config but the result is the same - there must be a difference in our SMTP servers.

Actions #4

Updated by Gasper C over 1 year ago

I've forked a branch from mail 2.8.0-stable and added jeremy's patch in there, with one fix.

In case it ever helps anyone, just clone this and build the gem.
https://github.com/GChuf/mail/tree/2-8-stable

git clone https://github.com/GChuf/mail/
git checkout 2-8-stable
cd mail
gem build mail.gemspec
gem install mail -v2.8.0.patch

After that, change the mail version in redmine's Gemfile.

Actions #5

Updated by Pavel Rosický over 1 year ago

FYI there's a breaking change in 2.8 https://github.com/redmine/redmine/blob/master/app/models/mail_handler.rb#L528

Mail::RubyVer.pick_encoding(p.charset).to_s

has to be changed to
Mail::Utilities.pick_encoding(p.charset).to_s

but it may not affect you unless you're a helpdesk user

Actions #6

Updated by Gasper C over 1 year ago

Thanks Pavel,

helpdesk as in redmine helpdesk plugin?

In any case - it makes sense to patch the 2.7. branch and use that, then.

Actions #8

Updated by Gasper C over 1 year ago

Thanks for all the help.
I created a patched branch of 2-7-stable as well (2.7.2).

https://github.com/GChuf/mail/tree/2-7-stable

Actions #9

Updated by Jochen W. about 1 year ago

Pavel Rosický wrote:

you have 2 options:
1/ use SSL
2/ apply an unofficial patch, see https://github.com/mikel/mail/pull/1435

Hi,
I just stumbled over the same problem after upgrading to redmine-5.0.4, and after some hours, I just wanted to share my (pretty simple) solution:

Follow Pavels suggestion #1 and just switch SSL ON (if you are able to relay to one of your servers via port 25, you as well are able to relay via port 465 (smtps).

So I did the opposite I initially planned and switched all ON

email_delivery:
delivery_method: :smtp
smtp_settings:
address: "<server-ip-address>"
port: 465
ssl: true <-no idea wether this does anything
tls: true <-no idea wether this does anything
disable_start_tls: false <-no idea wether this does anything
enable_starttls_auto: true
openssl_verify_mode: "none"

Works like a charm

Actions #10

Updated by Pavel Rosický about 1 year ago

Hi Donald,
the issue was, you can't disable starttls even with an explicit enable_starttls_auto: false due to incompatibility between the mail gem and the new net/smtp that enables starttls by default.

as a workaround, you can use SSL as you did, but the original author was trying to avoid it for some reason...

note that, this issue is fixed by #37993 (redmine 5.1+ only)

Actions #11

Updated by Jochen W. 12 months ago

Hi Pavel,
first, thanks for your answwer and for the fix in 5.1!

I totally understood the issue, I just tried to point out the simpest way to get along with the problem if you install redmine 5.0.4 on your servers.

If you just enable ssl in the settings (and your server accepts 465 (all smtp-servers do)), you dont have anything more to do in 5.0.4.
No patches to be installed, no rb files to be changed, no certifidates to be installed - it just worked out of the box with just ssl on on my side.

Thats why I posted this workaround for desperate and (considering ruby and rails) totally clueless system admins :)

Actions #12

Updated by Marius BĂLTEANU about 1 month ago

  • Status changed from New to Closed
  • Assignee set to Marius BĂLTEANU
  • Resolution set to Fixed

I think it's safe to close this one considering that was fixed in Redmine 5.1+.

Actions #13

Updated by Marius BĂLTEANU about 1 month ago

  • Has duplicate Defect #37251: openssl_verify_mode not honored/not working anymore added
Actions

Also available in: Atom PDF