STARTTLS Error with mailtrap

dehrhard commented 1 year ago

Describe the bug

Mailtrap is an Email Provider for development purposes. It claims to support STARTTLS on all ports. This is how their credentials settings look:

To Reproduce

This is my setup:

When I try to run this code I get the following error:

If i run the same with debug options it works:

{
    allowUnsecure: true,
    noStartTLS: true,
  }

In accordance with your "TLS Issues " Readme section I have checked the cipher here: This corresponds to this cipher, which is recommended. I didn't find any references to "forward secrecy" though.

Expected behavior

I expect denomailer to work with STARTTLS on mailtrap

Logs

Provide the output of deno --version

deno 1.29.3 (release, x86_64-unknown-linux-gnu)
v8 10.9.194.5
typescript 4.9.4

Provide the output of your code snippet (with debug.log set to true see hhttps://github.com/EC-Nordbund/denomailer#options )

Put log here
220 smtp.mailtrap.io ESMTP ready
┌───────┬────────────────────┐
│ (idx) │ Values             │
├───────┼────────────────────┤
│     0 │ "EHLO"             │
│     1 │ "smtp.mailtrap.io" │
└───────┴────────────────────┘
250-smtp.mailtrap.io
250-SIZE 5242880
250-PIPELINING
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-AUTH PLAIN LOGIN CRAM-MD5
250 STARTTLS
┌───────┬─────────┐
│ (idx) │ Values  │
├───────┼─────────┤
│     0 │ "AUTH"  │
│     1 │ "LOGIN" │
└───────┴─────────┘
334 VXNlcm5hbWU6
┌───────┬────────────────────────┐
│ (idx) │ Values                 │
├───────┼────────────────────────┤
│     0 │ "NGZhOGNjNjU4YjEwNDU=" │
└───────┴────────────────────────┘
334 UGFzc3dvcmQ6
┌───────┬────────────────────────┐
│ (idx) │ Values                 │
├───────┼────────────────────────┤
│     0 │ "MzNkZWIyZjc4ODQ0OTI=" │
└───────┴────────────────────────┘
235 2.0.0 OK
┌───────┬────────┐
│ (idx) │ Values │
├───────┼────────┤
│     0 │ "NOOP" │
└───────┴────────┘
250 2.0.0 OK

If and only if you have problems with TLS or STARTTLS please provide the output of the following commands:

# STARTTLS
openssl s_client -debug -starttls smtp -crlf -connect smtp.mailtrap.io:25

250 STARTTLS
read from 0x5627f8ef2440 [0x5627f8ef9ae3] (5 bytes => 5 (0x5))
0000 - 17 03 03 00 4a                                    ....J
read from 0x5627f8ef2440 [0x5627f8ef9ae8] (74 bytes => 74 (0x4A))
0000 - a5 d6 0f 04 96 d3 cd ac-2b 63 2d f0 24 56 51 7f   ........+c-.$VQ.
0010 - 0f c1 e7 01 09 fb bc 8c-6b 17 32 83 4d 63 07 bc   ........k.2.Mc..
0020 - 18 9b 7e 48 ce de e7 ad-cc 2f bb d0 31 3e a2 6a   ..~H...../..1>.j
0030 - 9b 71 58 4c 40 76 80 77-31 70 01 3b 88 af d3 1b   .qXL@v.w1p.;....
0040 - dd 61 06 00 7b 5e 9e cd-64 42                     .a..{^..dB
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 6C4B407AACA9EDDACDC466345291E03649393897185D1F59E8464D609A5DA629
    Session-ID-ctx: 
    Resumption PSK: B6BB15C0470151A0B7C839D9BADD74EB199522CF76D1D3AB16420A978FE0D7F9EFD0CDCE217796E619E66772DE8C4BAF
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - ca 88 30 ec b5 44 01 d2-15 4e f7 99 b4 40 99 8d   ..0..D...N...@..
    0010 - 7d 97 a0 55 b8 a7 f7 3e-bd 34 c1 fa 7d 31 0e 89   }..U...>.4..}1..

    Start Time: 1673944424
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0

# TLS
openssl s_client -debug -crlf -connect smtp.mailtrap.io:25

CONNECTED(00000003)
write to 0x5636184aa440 [0x5636184bad00] (318 bytes => 318 (0x13E))
0000 - 16 03 01 01 39 01 00 01-35 03 03 6c 19 bc 5c 68   ....9...5..l..\h
0010 - 4f db c6 71 b9 4e 59 d6-7e 4e b3 97 91 f8 59 fd   O..q.NY.~N....Y.
0020 - 4c 2d e6 57 9a 13 5b a4-80 22 b6 20 6d be be a9   L-.W..[..". m...
0030 - 98 70 ba 68 56 48 64 4c-5c c9 f3 4b 8d 5b 61 f6   .p.hVHdL\..K.[a.
0040 - 0d 50 69 7d 46 1e 16 e8-48 2f e3 32 00 3e 13 02   .Pi}F...H/.2.>..
0050 - 13 03 13 01 c0 2c c0 30-00 9f cc a9 cc a8 cc aa   .....,.0........
0060 - c0 2b c0 2f 00 9e c0 24-c0 28 00 6b c0 23 c0 27   .+./...$.(.k.#.'
0070 - 00 67 c0 0a c0 14 00 39-c0 09 c0 13 00 33 00 9d   .g.....9.....3..
0080 - 00 9c 00 3d 00 3c 00 35-00 2f 00 ff 01 00 00 ae   ...=.<.5./......
0090 - 00 00 00 15 00 13 00 00-10 73 6d 74 70 2e 6d 61   .........smtp.ma
00a0 - 69 6c 74 72 61 70 2e 69-6f 00 0b 00 04 03 00 01   iltrap.io.......
00b0 - 02 00 0a 00 16 00 14 00-1d 00 17 00 1e 00 19 00   ................
00c0 - 18 01 00 01 01 01 02 01-03 01 04 00 23 00 00 00   ............#...
00d0 - 16 00 00 00 17 00 00 00-0d 00 2a 00 28 04 03 05   ..........*.(...
00e0 - 03 06 03 08 07 08 08 08-09 08 0a 08 0b 08 04 08   ................
00f0 - 05 08 06 04 01 05 01 06-01 03 03 03 01 03 02 04   ................
0100 - 02 05 02 06 02 00 2b 00-05 04 03 04 03 03 00 2d   ......+........-
0110 - 00 02 01 01 00 33 00 26-00 24 00 1d 00 20 96 ff   .....3.&.$... ..
0120 - 7f 4c c2 43 0a 60 2e 6e-3b 4f 32 01 15 e0 d0 5f   .L.C.`.n;O2...._
0130 - 69 c2 c2 79 eb 7b f6 6d-f9 86 8c b1 40 59         i..y.{.m....@Y
read from 0x5636184aa440 [0x5636184b1ae3] (5 bytes => 5 (0x5))
0000 - 32 32 30 20 73                                    220 s
40771FAE727F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:354:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 318 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read from 0x5636184aa440 [0x563618401650] (8192 bytes => 29 (0x1D))
0000 - 6d 74 70 2e 6d 61 69 6c-74 72 61 70 2e 69 6f 20   mtp.mailtrap.io 
0010 - 45 53 4d 54 50 20 72 65-61 64 79 0d 0a            ESMTP ready..
read from 0x5636184aa440 [0x563618401650] (8192 bytes => 135 (0x87))
0000 - 35 30 30 20 35 2e 35 2e-31 20 49 6e 76 61 6c 69   500 5.5.1 Invali
0010 - 64 20 63 6f 6d 6d 61 6e-64 0d 0a 35 30 30 20 35   d command..500 5
0020 - 2e 35 2e 31 20 49 6e 76-61 6c 69 64 20 63 6f 6d   .5.1 Invalid com
0030 - 6d 61 6e 64 0d 0a 35 30-30 20 35 2e 35 2e 31 20   mand..500 5.5.1 
0040 - 49 6e 76 61 6c 69 64 20-63 6f 6d 6d 61 6e 64 0d   Invalid command.
0050 - 0a 35 30 30 20 35 2e 35-2e 31 20 49 6e 76 61 6c   .500 5.5.1 Inval
0060 - 69 64 20 63 6f 6d 6d 61-6e 64 0d 0a 35 30 30 20   id command..500 
0070 - 35 2e 35 2e 31 20 49 6e-76 61 6c 69 64 20 63 6f   5.5.1 Invalid co
0080 - 6d 6d 61 6e 64 0d 0a                              mmand..
read from 0x5636184aa440 [0x563618401650] (8192 bytes => 0)

Additional context

Add any other context about the problem here. Is there a older version you know where this was working?

Thanks for looking into this

mathe42 commented 1 year ago

I could reproduce it. Will work on it...

dehrhard commented 1 year ago

Any update on this?

mathe42 commented 1 year ago

I found some time today to have a deep look and I see now the bug but it is not a quick fix. Please downgrade to version 1.4.0 for now (I need to read some stuff and create a minimal reproduction as I have no idea how to fix it...)

mathe42 commented 1 year ago

Sorry 🙈 Bad testing by me... Creating a new issue for that.

dehrhard commented 1 year ago

Thanks for working in this :heart:

EC-Nordbund / denomailer