Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Port 465: conflicting configs: implicit TLS + auto StartTLS #372

Open
nolanholden opened this issue Oct 6, 2024 · 4 comments
Open

Port 465: conflicting configs: implicit TLS + auto StartTLS #372

nolanholden opened this issue Oct 6, 2024 · 4 comments

Comments

@nolanholden
Copy link

nolanholden commented Oct 6, 2024
edited
Loading

When using port 465 and security setting TLS, my connection times out. Whereas 587 & Auto works fine, mail server is functioning, and port 465 implicit TLS is functioning as confirmed via script:

import smtplib
with smtplib.SMTP_SSL(host, port) as conn:
    # if enabled, fails with smtplib.SMTPNotSupportedError `STARTTLS extension not supported by server`,
    # because the server had no `starttls` clause in the EHLO response:
    # conn.starttls()
    conn.login(username, password)
    conn.sendmail(from_addr, to_addr, 'test')

I believe StartTLS is generally not permitted for implicit TLS (SMTPS), and will fail sends for some servers.

  def build_smtp_configs_hash(email_configs)
    value = email_configs.value

    {
      user_name: value['username'],
      password: value['password'],
      address: value['host'],
      port: value['port'],
      domain: value['domain'],
      openssl_verify_mode: OpenSSL::SSL::VERIFY_NONE,
      authentication: value.fetch('authentication', 'plain'),
      enable_starttls_auto: true,
      open_timeout: OPEN_TIMEOUT,
      read_timeout: READ_TIMEOUT,
      ssl: value['security'] == 'ssl',
      tls: value['security'] == 'tls' || (value['security'].blank? && value['port'].to_s == '465')
    }.compact_blank
  end
end
@omohokcoj
Copy link
Contributor

omohokcoj commented Oct 7, 2024
edited
Loading

@nolanholden thanks for reporting this. I've tried to disable starttls_auto but it doesn't seem like starttls_auto conflicts with explicit tls config - enable_starttls_auto: false doesn't change anything for me when testing SMTP on 465 port.
Timeout error usually happens when the port is under a firewall - maybe port 465 is locked on your docuseal app server(or your ISP)?

@nolanholden
Copy link
Author

At least in my case, 465 is properly accepting trafffic. As I mentioned in OP, that script (with full TLS) works fine for 465 for my mail host.

@omohokcoj
Copy link
Contributor

@nolanholden can you please try the latest app version - we've disabled starttls_auto if 'tls' option is selected.
unfortunately i was not able to confirm it work differently than starttls_auto: true and tls: true

@nolanholden
Copy link
Author

thx so much. will test soon, within week.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@omohokcoj @nolanholden