Bug #5604
closedSSL/TLS SMTP notfications not working
100%
Description
On the latest snapshot SMTP notifications are not working. System log shows:
/system_advanced_notifications.php: Could not send the message to name@domain.com -- Error: could not connect to the host "smtp.domain.com": ??
Updated by Chris Buechler about 9 years ago
It has bidirectional with gmail on 465 when trying to send a notification, but fails to send anything.
Updated by Jim Pingle about 9 years ago
Works for me on 25 with no auth.
SSL verification failing perhaps?
Updated by Ivor Kreso about 9 years ago
I don't think so, settings were not changed prior the update. I got "Firmware upgrade in progress..." email on 2.2.5, but upon reboot I did not get any email.
Updated by Ivor Kreso about 9 years ago
I've just verified the settings with another 2.2.5 box using the same settings, no issues there. It's definitely something with 2.3 that's preventing SMTP notifications.
Updated by Jim Pingle about 9 years ago
No, not user/pass auth - just SSL certificate verification.
It works for me on mail severs I can access if I use:- No auth via port 25 (from an IP I can relay through)
- Plain auth on port 587 (no encryption)
If it fails for you with either "SMTP over SSL/TLS" or "STARTTLS" checked in the GUI that would suggest a problem in the SSL certificate negotiation or verification. We've enabled a lot more of those things on 2.3, the mail library that's in use might need a nudge toward /etc/ssl/cert.pem or some other similar adjustment, and perhaps a checkbox to disable verification in the GUI.
Updated by Kill Bill about 9 years ago
Jim P wrote:
and perhaps a checkbox to disable verification in the GUI.
I'd say any verification should be just disabled by default. Vast majority of mailservers has either self-signed, crappy, non-matching or even expired certificates.
Updated by Doug Dimick almost 9 years ago
It fails using gmail's smtp server, I tried both SSL and STARTTLS. My guess is that it isn't due to a bad server cert.
Updated by Chris Buechler almost 9 years ago
- Subject changed from SMTP notfications not working to SSL/TLS SMTP notfications not working
- Status changed from New to Confirmed
It is because of certificate validation failures. PHP 5.6 openssl enabled verification by default, it was disabled for notifications previously. Looks like gmail's cert should validate though, seems it's somehow missing ca_root_nss.
Updated by Chris Buechler almost 9 years ago
still missing something after setting openssl.cafile in php.ini
Updated by Renato Botelho almost 9 years ago
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
Applied in changeset b97c7ee5f88658195fc29ce02ea0e9b8e72d4ca6.
Updated by Jim Pingle almost 9 years ago
- Status changed from Feedback to Assigned
It appears to work fine now when the SSL certificate validates. When it doesn't, however, a PHP error occurs:
Starting TLS cryptograpic protocol Warning: stream_socket_enable_crypto(): Peer certificate CN=`www.example.com' did not match expected CN=`192.0.2.22' in /etc/inc/smtp.inc on line 1269 Call Stack: 0.0001 238824 1. {main}() /usr/local/www/system_advanced_notifications.php:0 0.2545 2086080 2. notify_via_smtp() /usr/local/www/system_advanced_notifications.php:212 0.2661 2086544 3. send_smtp_message() /etc/inc/notices.inc:333 0.2665 2117048 4. smtp_class->SendMessage() /etc/inc/notices.inc:392 0.2665 2117688 5. smtp_class->Connect() /etc/inc/smtp.inc:1845 0.4152 2130512 6. stream_socket_enable_crypto() /etc/inc/smtp.inc:1269
Cert CN/server IP changed but the rest of the error is verbatim.
Updated by Renato Botelho almost 9 years ago
- Status changed from Assigned to Feedback
Applied in changeset 2cb37fa6c1a5746a55e09186c557ea298865da87.
Updated by Renato Botelho almost 9 years ago
- Status changed from Feedback to Resolved