Defect #37753
closedCannot send mail through smtp due to TLS errors
0%
Description
Hello,
I've updated redmine to 5.0.2 from v3.2.0.
I've kept SMTP settings the same and noticed that I cannot send mails anymore.
The error that keeps appearing is:
Oct 05 13:23:36 acred2p redmine214934: E, [2022-10-05T13:23:36.935478 #215008] ERROR -- : [ActiveJob] [ActionMailer::MailDeliveryJob] [4f9f26ee-e713-460d-97d9-49f5f69d3cba] Email delivery error: SSL_connect returned=1 errno=0 peeraddr=10.x.y.z:25 state=error: unexpected eof while reading
From the logs on the SMTP server it seems that the problem is TLS - mail server admin advised to turn it off.
I've tried the following settings in various configurations and nothing seemed to work:
production:
email_delivery:
delivery_method: :smtp
smtp_settings:
address: 10.x.y.z
port: 25
domain: xxxxxxx
enable_starttls_auto: false
openssl_verify_mode: 'none'
tls: false
ssl: false
The bottom 3 lines were added - otherwise the config worked in redmine v3.
SMTP server is working as expected - I can send a mail manually from the redmine server through the terminal.
Any help is appreciated, thanks.
Related issues
Updated by Pavel Rosický about 2 years ago
it's a bug, but since the mail gem maintainer is inactive for a long time, I don't expect any fixes soon.
you have 2 options:
1/ use SSL
2/ apply an unofficial patch, see https://github.com/mikel/mail/pull/1435
Updated by Dmitry Makurin about 2 years ago
Try this:
production: email_delivery: delivery_method: :smtp smtp_settings: address: xxxxxxx port: 25 disable_start_tls: true openssl_verify_mode: "none"
After upgrade to redmine 5.0 i have encountered the same issue. Config above managed to fix it without modifying mail gem.
Updated by Gasper C about 2 years ago
Thanks pavel ochman & Dmitry K - I think I'll have to try to modify the gem. I tried pasting Dmitry's config but the result is the same - there must be a difference in our SMTP servers.
Updated by Gasper C about 2 years ago
I've forked a branch from mail 2.8.0-stable and added jeremy's patch in there, with one fix.
In case it ever helps anyone, just clone this and build the gem.
https://github.com/GChuf/mail/tree/2-8-stable
git clone https://github.com/GChuf/mail/
git checkout 2-8-stable
cd mail
gem build mail.gemspec
gem install mail -v2.8.0.patch
After that, change the mail version in redmine's Gemfile.
Updated by Pavel Rosický about 2 years ago
FYI there's a breaking change in 2.8 https://github.com/redmine/redmine/blob/master/app/models/mail_handler.rb#L528
Mail::RubyVer.pick_encoding(p.charset).to_s
has to be changed to
Mail::Utilities.pick_encoding(p.charset).to_s
but it may not affect you unless you're a helpdesk user
Updated by Gasper C about 2 years ago
Thanks Pavel,
helpdesk as in redmine helpdesk plugin?
In any case - it makes sense to patch the 2.7. branch and use that, then.
Updated by Pavel Rosický about 2 years ago
Updated by Gasper C about 2 years ago
Thanks for all the help.
I created a patched branch of 2-7-stable as well (2.7.2).
Updated by Jochen W. almost 2 years ago
Pavel Rosický wrote:
you have 2 options:
1/ use SSL
2/ apply an unofficial patch, see https://github.com/mikel/mail/pull/1435
Hi,
I just stumbled over the same problem after upgrading to redmine-5.0.4, and after some hours, I just wanted to share my (pretty simple) solution:
Follow Pavels suggestion #1 and just switch SSL ON (if you are able to relay to one of your servers via port 25, you as well are able to relay via port 465 (smtps).
So I did the opposite I initially planned and switched all ON
email_delivery:
delivery_method: :smtp
smtp_settings:
address: "<server-ip-address>"
port: 465
ssl: true <-no idea wether this does anything
tls: true <-no idea wether this does anything
disable_start_tls: false <-no idea wether this does anything
enable_starttls_auto: true
openssl_verify_mode: "none"
Works like a charm
Updated by Pavel Rosický almost 2 years ago
Hi Donald,
the issue was, you can't disable starttls even with an explicit enable_starttls_auto: false due to incompatibility between the mail gem and the new net/smtp that enables starttls by default.
as a workaround, you can use SSL as you did, but the original author was trying to avoid it for some reason...
note that, this issue is fixed by #37993 (redmine 5.1+ only)
Updated by Jochen W. almost 2 years ago
Hi Pavel,
first, thanks for your answwer and for the fix in 5.1!
I totally understood the issue, I just tried to point out the simpest way to get along with the problem if you install redmine 5.0.4 on your servers.
If you just enable ssl in the settings (and your server accepts 465 (all smtp-servers do)), you dont have anything more to do in 5.0.4.
No patches to be installed, no rb files to be changed, no certifidates to be installed - it just worked out of the box with just ssl on on my side.
Thats why I posted this workaround for desperate and (considering ruby and rails) totally clueless system admins :)
Updated by Marius BĂLTEANU 11 months ago
- Status changed from New to Closed
- Assignee set to Marius BĂLTEANU
- Resolution set to Fixed
I think it's safe to close this one considering that was fixed in Redmine 5.1+.
Updated by Marius BĂLTEANU 11 months ago
- Has duplicate Defect #37251: openssl_verify_mode not honored/not working anymore added