Unknown mailsmtp error 27 (SSL Error) when adding IMAP/SMTP account

[stefvonb]

Are there any related issues?

Similar, but not the same

What operating system are you using?

Ubuntu 16.04 LTS

What version of Mailspring are you using?

1.0.8

Bug?

Do you have any third-party plugins installed? If so, which ones?

No

Is the issue related to a specific email provider (Gmail, Exchange, etc.)?

No

Is the issue reproducible with a particular attachment, message, signature, etc?

I'm running into trouble setting up a simple IMAP/SMTP account. I managed to do this on Nylas with no issues (and on countless other mail programs). Note that this is on the same computer Nylas was installed on, but I have since removed it.

The IMAP seems to connect easily, but SMTP crashes with a pretty bland error message. This is from the suggested log file:

----------IMAP---------- * OK The Microsoft Exchange IMAP4 service is ready. 1 CAPABILITY * CAPABILITY IMAP4 IMAP4rev1 AUTH=NTLM AUTH=GSSAPI AUTH=PLAIN UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+ 1 OK CAPABILITY completed. 2 LOGIN svonbudd ********* 2 OK LOGIN completed. 3 CAPABILITY * CAPABILITY IMAP4 IMAP4rev1 AUTH=NTLM AUTH=GSSAPI AUTH=PLAIN UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+ 3 OK CAPABILITY completed. 4 NAMESPACE * NAMESPACE (("" "/")) NIL NIL 4 OK NAMESPACE completed. 5 LIST "" "*" * LIST (\HasNoChildren) "/" Archive * LIST (\HasNoChildren) "/" Calendar * LIST (\HasNoChildren) "/" Contacts * LIST (\HasNoChildren) "/" "Deleted Items" * LIST (\HasNoChildren) "/" "Deleted Messages" * LIST (\HasNoChildren) "/" Drafts * LIST (\Marked \HasNoChildren) "/" INBOX * LIST (\HasNoChildren) "/" Journal * LIST (\HasNoChildren) "/" Junk * LIST (\HasNoChildren) "/" "Junk E-Mail" * LIST (\HasNoChildren) "/" N1-Snoozed * LIST (\HasNoChildren) "/" Notes * LIST (\HasNoChildren) "/" Outbox * LIST (\HasNoChildren) "/" Sent * LIST (\HasNoChildren) "/" "Sent Items" * LIST (\HasNoChildren) "/" "Sent Messages" * LIST (\HasNoChildren) "/" Tasks * LIST (\HasNoChildren) "/" Trash 5 OK LIST completed.

----------SMTP----------

mailsmtp Last Error Code: 27

mailsmtp Last Error Location: 5

I could probably provide more info if I know what the SMTP errors are.

[RicardoEPRodrigues]

I have the same issue!

It's still active on 1.0.9.

[earandap]

I got it too on 1.0.10

[lourencoj]

Same problem here.

[bengotow]

Hey folks! Those errors are a bit cryptic, but map to a look up table here: https://github.com/dinhviethoa/libetpan/blob/master/src/low-level/smtp/mailsmtp_types.h#L75. It looks like 27 is the last one (SSL Error).

We have really strict SSL and security checking on by default in Mailspring and it doesn't turn it off unless you choose "Allow Insecure SSL" during IMAP/SMTP auth. It could be that your SMTP server has an invalid / self-signed SSL certificate, or the certificate expired or it's signed with a root cert that your machine doesn't trust. We also had some early problems with Mailspring not being able to find your computer's certificate trust chain on some distributions of Linux, so it may be that as well - let me know if you're running Linux!

[xulongwu4]

I am running linux and having this problem with 1.0.9.

[stefvonb]

Hi @bengotow

Thanks for the link! I am running Linux, using Ubuntu 16.04 LTS

[RicardoEPRodrigues]

I also tested this on Windows and it is still happening for me, even with Allow Insecure SSL.

[earandap]

Hi @bengotow

I am running Linux, using Ubuntu 17.10. I checked Allow Insecure SSL and the error changed.

EHLO ed-precision
250-******************************
250-SIZE 52428800
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH GSSAPI NTLM LOGIN
250-8BITMIME
250-BINARYMIME
250 CHUNKING
STARTTLS
ecision
220 2.0.0 SMTP server ready
4SEHLO ed-precision
250-*******************
250-SIZE 52428800
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-AUTH GSSAPI NTLM LOGIN
250-8BITMIME
250-BINARYMIME
250 CHUNKING

SMTP Last Response Code: 250

SMTP Last Response: *********
SIZE 52428800
PIPELINING
DSN
ENHANCEDSTATUSCODES
AUTH GSSAPI NTLM LOGIN
8BITMIME
BINARYMIME
CHUNKING

mailsmtp Last Error Code: 17

mailsmtp Last Error Location: 10

[pablodecm]

Same problem both for Mac (High Sierra) and Linux (Ubuntu 16.04 LTS) client with 1.0.10, tested with and without Allow Insecure SSL.

[tobgaer]

Same problem, but only on Linux (Debian). On Windows 10 everything works fine. SMTP-Server is smtp.strato.de

[en4ble]

I have the same problem on Arch Linux, using client with 1.0.12, tested with and without Allow insecure SSL

[joshjabs]

Same here on Windows 10. Mail server has a self-signed cert and Mailspring won't let me connect regardless of whether 'Allow Insecure SSL' is checked or not.

[bburt33-zz]

Same problem here. macOS 10.13.2. Mailiwise 1.0.12. Tried all ports with and without Allow insecure SSL. Same settings are fine in other clients.

[stefvonb]

Just to bump this thread a little: I'm getting a bit further on 1.1.0. Now when I use STARTTLS, the connection is made, but it says I am using an incorrect username/password configuration (which I have checked countless times).

The errors are now mailsmtp 10 and 17.

[en4ble]

Can confirm, also on 1.1.0.7563b09b. I still have the same errors, incorrect username/password. :(

[Mildpaul]

Hi,

First off, awesome email client, love it! I used the old Nylas client until it became so slow it was unbearable. Been using Mailspring now for a while, on Ubuntu-Gnome, and I get the same error 27 when trying to add my work accounts. IMAP works fine, but not SMTP, regardless if I use SSL or not.

Did some testing via Telnet and realized that the SMTP only accepts logins if username and password are sent separately, and not in a single string as I see in the error log that Mailspring does.

Not sure if this is the reason for everybody getting the error, but at least it seems to be for my case. Hope this helps in resolving the issue!

[jantobola]

Same here in Mailspring 1.1.2, Ubuntu 17.10

[brunoaraujocosta]

HI

Same here. Ubuntu 16.04 Mailsprong 1.1.2. Now that provider uses SSL on port 587.

Does not work

mailsmtp Last Error Code: 25 or mailsmtp Last Error Code: 27

[westr029]

Same here on mailspring 1.1.2 and 1.1.3 on Ubuntu 16.04. Provider uses SSL on port 25.

Works just fine on Evolution.

It's a pity that this is still not resolved. Encountered this problem already since a long time (October/November last year - #241 )

[brunoaraujocosta]

@westr029.Do you like evolution for IMAP use ?

Regards

[lSindra]

Same here, mailspring 1.1.2 and 1.1.4, Ubuntu 16.04. Evolution works

[Killouis]

Hello, in Debian 9, Mailspring 1.1.2 I had the same problem.

Changing "Security" from "SSL / TLS" to "STARTTLS" and activating the "Allow SSL not secure" flag, the problem has been solved!

I hope it works for you too!

Greetings

[en4ble]

Hey, just tried it again. I cannot confirm @killouis statement, I still have the same error with STARTTLS. Trying to connect with SSL/TLS to IMAP and STARTTLS to SMTP. cheers

[xulongwu4]

Didn't work for me either.

[johnnydubrovnik]

Same problem here, OSX 10.13.3 (17D47), Mailspring v 1.1.4 (1.1.4).

STARTTLS on SMTP just made it time out.

EDIT: using regular SSL/TLS on both IMAP and SMTP, but only enabling allow insecure SSL on IMAP, not on SMTP, seems to work for me.

[piyushnet]

Great email client! StarTLS not found! Actually my last error code is: 24. Last Error Location is 3.

[burmanh]

Same issues with v. 1.1.5 on Debian 9 with slightly different error codes but an completely empty log for the Imap alternative, sadly an install of Nylas Mail worked perfectly...

[npfoss]

I'm having the same problem (IMAP incoming works, SMTP outgoing doesn't) connecting to an exchange server from Ubuntu 16.04. This seems to be the same issue just older: https://github.com/Foundry376/Mailspring/issues/130

As for the solutions proposed above, neither STARTTLS nor any combination of "Allow insecure SSL" worked for me.

Error c/p below:

SMTP Last Response Code: 250

SMTP Last Response: ** ENHANCEDSTATUSCODES PIPELINING 8BITMIME SIZE 41943040 ETRN AUTH GSSAPI LOGIN DELIVERBY HELP

mailsmtp Last Error Code: 17

mailsmtp Last Error Location: 10

[tikondrus]

I have the same problem (IMAP incoming works, SMTP outgoing doesn't) connecting to an exchange server from Fedora 27+ mailspring 1.1.5. As for the solutions proposed above, noone combination of options work for me. ----------SMTP----------

mailsmtp Last Error Code: 27

mailsmtp Last Error Location: 5

[Mildpaul]

Been using Mailspring now for a while, on Ubuntu-Gnome, and I get the same error 27 when trying to add my work accounts. IMAP works fine, but not SMTP, regardless if I use SSL with or without "Allow insecure SSL".

Did some testing via Telnet and realized that the SMTP only accepts logins if username and password are sent separately, and not in a single string as I see in the error log that Mailspring does.

Not sure if this is the reason for everybody getting the error, but at least it seems to be for my case.

[stanleykylee]

@Mildpaul were you able to get it working after your discovery? Or does this basically mean it won't work until it's fixed?

[davernos]

Same problem here.

- STARTTLS, Checked Allow Insecure SSL.

Authentication Error - Check your username and password. (SMTP)

mailsmtp Last Error Code: 17
mailsmtp Last Error Location: 10

- STARTTLS, Unchecked Allow Insecure SSL.

Certificate Error (SMTP)

SMTP Last Response Code: 220
SMTP Last Response: 2.0.0 SMTP server ready

Ubuntu 18.04. Snap Mailspring 1.2.1

[krisgermann]

Same here, any update from the MailSpring team?

Google works of course, as do my (4) cPanel mail accounts; however, Zentyal (Postfix + Dovecot) does not.

IMAP: 143, STARTLS (Allow insecure SSL) - works SMTP: 465, SSL / TLS (Allow insecure SSL) - ERROR:

----------SMTP----------
220 my.mailserver.address ESMTP
EHLO Kriss-iMac.local
250-my.mailserver.address
250-PIPELINING
250-SIZE
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
STARTTLS
220 2.0.0 Ready to start TLS
EHLO Kriss-iMac.local
250-my.mailserver.address
250-PIPELINING
250-SIZE
250-ETRN
250-AUTH GSSAPI PLAIN
250-AUTH=GSSAPI PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8

SMTP Last Response Code: 250

SMTP Last Response: my.mailserver.address
PIPELINING
SIZE
ETRN
AUTH GSSAPI PLAIN
AUTH=GSSAPI PLAIN
ENHANCEDSTATUSCODES
8BITMIME
DSN
SMTPUTF8

mailsmtp Last Error Code: 17
mailsmtp Last Error Location: 10

I have also tried port 25, 465, and 587 with a combination of SSL/TLS, None, and STARTLS - Using SSL / TLS, port 587 with Allow insecure SSL doesn't work, but, it provides a different error code and takes the longest to fail:

----------SMTP----------
mailsmtp Last Error Code: 27
mailsmtp Last Error Location: 5

[RicardoEPRodrigues]

@bengotow can you guys at least talk about this issue?

[philippeller]

same issue here - this is preventing me from switching to Mailspring, as I need all my emails in one place

[hyviquel]

Any news about this?? I got the same problem here...

[RicardoEPRodrigues]

No developer/owner comment since December 11th...

[hyviquel]

anyone knows if this is a bug inherited from mailcore that should be reported there? or is it specific to mailsync?

[hyviquel]

FYI, I was able to add my account using the SMTP server of my Gmail account. You can even send email from the other email by adding the SMTP of your other account in Gmail setting and using alias in mailspring. It still a workaround but will work for me until this bug get fixed.

[oz123]

I can confirm this behaviour too.

[tonypartridge]

Anyone?? I've almost moved over completely but also have this issue :-(. Going to have to cancel my subscription and go back to SparkMailApp if it can't be fixed.

[Mildpaul]

@tonypartridge I feel you, I actually cancelled my subscription a while back and went back to Thunderbird over this issue. But now that the company that I work for has migrated to Google Suite I've started using Mailspring again. Thunderbird is just too slow and, dare I say, ugly. But no subscription this time.

And as @RicardoEPRodrigues pointed out a while back, there hasn't been any developer comment in this thread since December. But there has been several new releases since then, so I think it is safe to say that this issue won't be fixed. It's just not a priority, to few that are affected I guess.

[RicardoEPRodrigues]

@Mildpaul I have started moving away from Mailspring. I had a subscription for Nylas N1 and got fooled, thank god I didn't subscribe to Mailspring.

I just hope they fix this for other users, but apparently it's not going to happen. :cry:

[oxmynx]

Same happened to me some months back. I was hoping that Mailspring will fix it over time and now I gave it another try. Same behavior. My iCloud and several other IMAP accounts work but one based on Exchange server doesn't. I need to be able to connect my company account otherwise, not worth subscribing. Please fix ASAP.

[Orjanp]

Was going to test Mailspring, but having the same problem with the Exchange server. To bad they don't fix this issue.

[tonypartridge]

Same :-( I'm currently using sparkmailapp and mailspring. But will probably be canceling my mailspring subscription soon given lack of support/development.

Sent from Mailspring (https://link.getmailspring.com/link/1533115362.local-a8da4446-891d-v1.3.0-fd741eb7@getmailspring.com/0?redirect=https%3A%2F%2Fgetmailspring.com%2F&recipient=cmVwbHkrMDAxNTYwOTY2ZmE3ODFhNmRlOTNkODdiYjM4Yjc5MzdiYTM1OTk4NDU5OGYxMmFjOTJjZjAwMDAwMDAxMTc3OTI4MWI5MmExNjljZTEwNTYxYzRhQHJlcGx5LmdpdGh1Yi5jb20%3D), the best free email app for work On Aug 1 2018, at 8:49 am, Oerjan Pettersen notifications@github.com wrote:

Was going to test Mailspring, but having the same problem with the Exchange server. To bad they don't fix this issue. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub (https://link.getmailspring.com/link/1533115362.local-a8da4446-891d-v1.3.0-fd741eb7@getmailspring.com/1?redirect=https%3A%2F%2Fgithub.com%2FFoundry376%2FMailspring%2Fissues%2F341%23issuecomment-409483446&recipient=cmVwbHkrMDAxNTYwOTY2ZmE3ODFhNmRlOTNkODdiYjM4Yjc5MzdiYTM1OTk4NDU5OGYxMmFjOTJjZjAwMDAwMDAxMTc3OTI4MWI5MmExNjljZTEwNTYxYzRhQHJlcGx5LmdpdGh1Yi5jb20%3D), or mute the thread (https://link.getmailspring.com/link/1533115362.local-a8da4446-891d-v1.3.0-fd741eb7@getmailspring.com/2?redirect=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FABVglu0eurlIV6WN3Tb0nMJHvxP7goXVks5uMV2bgaJpZM4Qelwa&recipient=cmVwbHkrMDAxNTYwOTY2ZmE3ODFhNmRlOTNkODdiYjM4Yjc5MzdiYTM1OTk4NDU5OGYxMmFjOTJjZjAwMDAwMDAxMTc3OTI4MWI5MmExNjljZTEwNTYxYzRhQHJlcGx5LmdpdGh1Yi5jb20%3D).

[bengotow]

Hey folks—thanks for all the detailed comments and follow-up here. I spent some time this weekend tracking this down and was able to reproduce it. I configured a "Mail-in-a-box" (http://mailinabox.email) server (which is Dovecot + Postfix) and didn't have any trouble signing in and sending mail from Mailspring. Then I downloaded and configured a virtual machine running Zentyal (http://www.zentyal.org/), another out of the box solution that uses Dovecot and Postfix.

It turns out Zentyal was the perfect test case - it supports a small set of SMTP AUTH methods out of the box, just GSSAPI and PLAIN. Mailspring uses libmailcore2's auto configuration of SMTP authentication (https://github.com/MailCore/mailcore2/blob/master/src/core/smtp/MCSMTPSession.cpp#L487) and the app always prefers GSSAPI to PLAIN when it's present. (The thinking is it's more secure, though with STARTTLS / SSL it doesn't really matter.) However, GSSAPI / Kerberos rely on system configuration, take a domain/realm, etc. Mailspring doesn't yet support GSSAPI (#103) and it seems like libmailcore2's implementation may be entirely broken. (There's even a comment in the GSSAPI case that says needs to be tested https://github.com/MailCore/mailcore2/blob/master/src/core/smtp/MCSMTPSession.cpp#L556).

Disabling the GSSAPI / Kerberos authentication methods and allowing this code to fall through to the PLAIN option fixes the problem and I'm able to connect / send mail through Zentyal. I think that this took a long time to find because most large mail providers support CRAM_MD5 and/or DIGEST_MD5 and often don't support GSSAPI (since it's primarily for schools, enterprises, etc. with SSO).

I've also extended the logging in this code so that it prints the auth method it chose to use, which I think should make finding this sort of problem trivial in the future. And hopefully at some point soon I can build / fix support for GSSAPI as well.

I'm wrapping up testing a new release (with Touch Bar support!) and will ship the patch fo this in the next few days. Stay tuned! Thanks again to everyone who provided context and details.

[tonypartridge]

Awesome!! Look forward to trying this out.

On Aug 6, 2018 at 5:12 am, <Ben Gotow (mailto:notifications@github.com)> wrote:

Hey folks—thanks for all the detailed comments and follow-up here. I spent some time this weekend tracking this down and was able to reproduce it. I configured a "Mail-in-a-box" (http://mailinabox.email) server (which is Dovecot + Postfix) and didn't have any trouble signing in and sending mail from Mailspring. Then I downloaded and configured a virtual machine running Zentyal (http://www.zentyal.org/), another out of the box solution that uses Dovecot and Postfix.

It turns out Zentyal was the perfect test case - it supports a small set of SMTP AUTH methods out of the box, just GSSAPI and PLAIN. Mailspring uses libmailcore2's auto configuration of SMTP authentication (https://github.com/MailCore/mailcore2/blob/master/src/core/smtp/MCSMTPSession.cpp#L487) and the app always prefers GSSAPI to PLAIN when it's present. (The thinking is it's more secure, though with STARTTLS / SSL it doesn't really matter.) However, GSSAPI / Kerberos rely on system configuration, take a domain/realm, etc. Mailspring doesn't yet support GSSAPI (#103 (https://github.com/Foundry376/Mailspring/issues/103)) and it seems like libmailcore2's implementation may be entirely broken. (There's even a comment in the GSSAPI case that says needs to be tested https://github.com/MailCore/mailcore2/blob/master/src/core/smtp/MCSMTPSession.cpp#L556).

Disabling the GSSAPI / Kerberos authentication methods and allowing this code to fall through to the PLAIN option fixes the problem and I'm able to connect / send mail through Zentyal. I think that this took a long time to find because most large mail providers support CRAM_MD5 and/or DIGEST_MD5 and often don't support GSSAPI (since it's primarily for schools, enterprises, etc. with SSO).

I've also extended the logging in this code so that it prints the auth method it chose to use, which I think should make finding this sort of problem trivial in the future. And hopefully at some point soon I can build / fix support for GSSAPI as well.

I'm wrapping up testing a new release (with Touch Bar support!) and will ship the patch fo this in the next few days. Stay tuned! Thanks again to everyone who provided context and details.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub (https://github.com/Foundry376/Mailspring/issues/341#issuecomment-410583823), or mute the thread (https://github.com/notifications/unsubscribe-auth/ABVglhFzt2kmSAuLXylysNG-yZmlwM2wks5uN8JKgaJpZM4Qelwa).

[tonypartridge]

Well done @bengotow works wonders, just installed the update and added my account in seconds. Would be nice to have an exchange connection rather than smtp/imap ;-)

[hyviquel]

Solved my problem too... Thanks =)