Open andrewfraley opened 2 years ago
Just the error/ stack trace are not the trace logs
https://wiki.servarr.com/radarr/troubleshooting#logging-and-log-files
2022-04-02 10:01:18.8|Debug|Email|Sending email Subject: Radarr - Test Notification
2022-04-02 10:01:18.8|Debug|Email|Connecting to mail server
2022-04-02 10:01:23.9|Trace|ConfigService|Using default config value for 'certificatevalidation' defaultValue:'Enabled'
2022-04-02 10:01:23.9|Error|X509CertificateValidationService|Certificate validation for 10.0.0.25 failed. RemoteCertificateNameMismatch, RemoteCertificateChainErrors
2022-04-02 10:01:23.9|Error|Email|Error sending email. Subject: Radarr - Test Notification
2022-04-02 10:01:23.9|Debug|Email|An error occurred while attempting to establish an SSL or TLS connection.
This usually means that the SSL certificate presented by the server is not trusted by the system for one or more of
the following reasons:
1. The server is using a self-signed certificate which cannot be verified.
2. The local system is missing a Root or Intermediate certificate needed to verify the server's certificate.
3. A Certificate Authority CRL server for one or more of the certificates in the chain is temporarily unavailable.
4. The certificate presented by the server is expired or invalid.
5. The set of SSL/TLS protocols supported by the client and server do not match.
See https://github.com/jstedfast/MailKit/blob/master/FAQ.md#SslHandshakeException for possible solutions.
[v4.1.0.6095] MailKit.Security.SslHandshakeException: An error occurred while attempting to establish an SSL or TLS connection.
This usually means that the SSL certificate presented by the server is not trusted by the system for one or more of
the following reasons:
1. The server is using a self-signed certificate which cannot be verified.
2. The local system is missing a Root or Intermediate certificate needed to verify the server's certificate.
3. A Certificate Authority CRL server for one or more of the certificates in the chain is temporarily unavailable.
4. The certificate presented by the server is expired or invalid.
5. The set of SSL/TLS protocols supported by the client and server do not match.
See https://github.com/jstedfast/MailKit/blob/master/FAQ.md#SslHandshakeException for possible solutions.
---> System.Security.Authentication.AuthenticationException: The remote certificate was rejected by the provided RemoteCertificateValidationCallback.
at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at System.Net.Security.SslStream.AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions)
at MailKit.Net.Smtp.SmtpClient.ConnectAsync(String host, Int32 port, SecureSocketOptions options, Boolean doAsync, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at MailKit.Net.Smtp.SmtpClient.ConnectAsync(String host, Int32 port, SecureSocketOptions options, Boolean doAsync, CancellationToken cancellationToken)
at MailKit.Net.Smtp.SmtpClient.Connect(String host, Int32 port, SecureSocketOptions options, CancellationToken cancellationToken)
at NzbDrone.Core.Notifications.Email.Email.Send(MimeMessage email, EmailSettings settings) in D:\a\1\s\src\NzbDrone.Core\Notifications\Email\Email.cs:line 152
at NzbDrone.Core.Notifications.Email.Email.SendEmail(EmailSettings settings, String subject, String body, Boolean htmlBody) in D:\a\1\s\src\NzbDrone.Core\Notifications\Email\Email.cs:line 115
2022-04-02 10:01:23.9|Error|Email|Unable to send test email
[v4.1.0.6095] MailKit.Security.SslHandshakeException: An error occurred while attempting to establish an SSL or TLS connection.
This usually means that the SSL certificate presented by the server is not trusted by the system for one or more of
the following reasons:
1. The server is using a self-signed certificate which cannot be verified.
2. The local system is missing a Root or Intermediate certificate needed to verify the server's certificate.
3. A Certificate Authority CRL server for one or more of the certificates in the chain is temporarily unavailable.
4. The certificate presented by the server is expired or invalid.
5. The set of SSL/TLS protocols supported by the client and server do not match.
See https://github.com/jstedfast/MailKit/blob/master/FAQ.md#SslHandshakeException for possible solutions.
---> System.Security.Authentication.AuthenticationException: The remote certificate was rejected by the provided RemoteCertificateValidationCallback.
at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at System.Net.Security.SslStream.AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions)
at MailKit.Net.Smtp.SmtpClient.ConnectAsync(String host, Int32 port, SecureSocketOptions options, Boolean doAsync, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at MailKit.Net.Smtp.SmtpClient.ConnectAsync(String host, Int32 port, SecureSocketOptions options, Boolean doAsync, CancellationToken cancellationToken)
at MailKit.Net.Smtp.SmtpClient.Connect(String host, Int32 port, SecureSocketOptions options, CancellationToken cancellationToken)
at NzbDrone.Core.Notifications.Email.Email.Send(MimeMessage email, EmailSettings settings) in D:\a\1\s\src\NzbDrone.Core\Notifications\Email\Email.cs:line 152
at NzbDrone.Core.Notifications.Email.Email.SendEmail(EmailSettings settings, String subject, String body, Boolean htmlBody) in D:\a\1\s\src\NzbDrone.Core\Notifications\Email\Email.cs:line 115
at NzbDrone.Core.Notifications.Email.Email.Test(EmailSettings settings) in D:\a\1\s\src\NzbDrone.Core\Notifications\Email\Email.cs:line 85
2022-04-02 10:01:23.9|Error|Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware|An unhandled exception has occurred while executing the request.
[v4.1.0.6095] FluentValidation.ValidationException: Validation failed:
-- Server: Unable to send test email
at Radarr.Api.V3.ProviderControllerBase`3.VerifyValidationResult(ValidationResult validationResult, Boolean includeWarnings) in D:\a\1\s\src\Radarr.Api.V3\ProviderControllerBase.cs:line 200
at Radarr.Api.V3.ProviderControllerBase`3.Test(TProviderDefinition definition, Boolean includeWarnings) in D:\a\1\s\src\Radarr.Api.V3\ProviderControllerBase.cs:line 191
at Radarr.Api.V3.ProviderControllerBase`3.Test(TProviderResource providerResource) in D:\a\1\s\src\Radarr.Api.V3\ProviderControllerBase.cs:line 140
at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.SyncObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeActionMethodAsync()
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeNextActionFilterAsync()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
at Radarr.Http.Middleware.BufferingMiddleware.InvokeAsync(HttpContext context) in D:\a\1\s\src\Radarr.Http\Middleware\BufferingMiddleware.cs:line 28
at Radarr.Http.Middleware.IfModifiedMiddleware.InvokeAsync(HttpContext context) in D:\a\1\s\src\Radarr.Http\Middleware\IfModifiedMiddleware.cs:line 41
at Radarr.Http.Middleware.CacheHeaderMiddleware.InvokeAsync(HttpContext context) in D:\a\1\s\src\Radarr.Http\Middleware\CacheHeaderMiddleware.cs:line 33
at Radarr.Http.Middleware.UrlBaseMiddleware.InvokeAsync(HttpContext context) in D:\a\1\s\src\Radarr.Http\Middleware\UrlBaseMiddleware.cs:line 27
at Radarr.Http.Middleware.VersionMiddleware.InvokeAsync(HttpContext context) in D:\a\1\s\src\Radarr.Http\Middleware\VersionMiddleware.cs:line 28
at Microsoft.AspNetCore.ResponseCompression.ResponseCompressionMiddleware.InvokeCore(HttpContext context)
at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
2022-04-02 10:01:23.9|Trace|RadarrErrorPipeline|Handling Exception
2022-04-02 10:01:23.9|Warn|RadarrErrorPipeline|Invalid request Validation failed:
-- Server: Unable to send test email
The most relevant bit is 2022-04-02 10:01:23.9|Trace|ConfigService|Using default config value for 'certificatevalidation' defaultValue:'Enabled
, I do not have have the require encryption box checked and I'm not using any certificates.
I just found a workaround by disabling certificate verification in Settings->General. I still feel like this is a bug that should be addressed, though, since there is no certificate involved here at all. Thanks!
I just found a workaround by disabling certificate verification in Settings->General. I still feel like this is a bug that should be addressed, though, since there is no certificate involved here at all. Thanks!
The more proper workaround would be to disable it for local network connections. Only not for everything as it opens you up for a MITM attack.
The most relevant bit is
2022-04-02 10:01:23.9|Trace|ConfigService|Using default config value for 'certificatevalidation' defaultValue:'Enabled
, I do not have have the require encryption box checked and I'm not using any certificates.
That's for the System / App Wide SSL validation - all that says/does is to validate SSL certs.
Seems we set mailkit's SecureSocketOptions
to auto
Allow the IMailService to decide which SSL or TLS options to use (default). If the server does not support SSL or TLS, then the connection will continue
http://www.mimekit.net/docs/html/T_MailKit_Security_SecureSocketOptions.htm
Perhaps we just need to explicitly set it to 0 or otherwise tweak the option for settings
I have the same issue and have verified that the work around of disabling certificate verification indeed works.
For me, setting it to "only local addresses" will not work because I'm running Radarr under docker and my SMTP server is accessible on another network from the docker's network. While both networks aren't using publicly-routable addresses, I think that it isn't correct for Radarr to put limitations on when it is ok for the user to disable encryption on the software they install and manage themselves. For example - if I don't care about MITM listening in on my Radarr notifications (why should I care about that?), and I setup my publicly accessible SMTP server to accept un-authenticated connections from Radarr's public IP (and only that) so there's no password in the cleartext - I may decide that is a fine setup and not worry.
@andrewfraley and @guss77 do you have a certificate setup on that SMTP relay host? I am trying to replicate it here so I can check exactly what it is doing to make sure the fix is correct but with no certificate setup in postgres it never tries to do SSL/TLS so am clearly missing a setting in postfix
I have no certificate on the SMTP relay host. With "Certificate Validation" set to "Enabled", it tries to use TLS. The only other thing I can think of that could be different is that my relay host is running on port 2525 and not 25.
I am using cleartext SMTP on the standard port 25. No TLS at all on my SMTP smart host setup.
commenting here to follow this thread as i have the same issue
Also have the same issue
It's still open so it's still an issue. Simply +1 the OP, or follow the GitHub issue.
"Me too", "same here", etc. aren't particularly helpful
The workaround for this no longer seems to work either (on 4.1.0.6175).
I got around this by just running a postfix relay on localhost. For some reason this issue doesn't occur when using localhost:25.
Following this issue as it affects me too. Unlike the commenter above me, the workaround continues to work for me (linuxserver.io docker, radarr v4.2.4.6635, smtp relay via synology mail server on port 25).
Following this issue as it affects me too.
Unlike the commenter above me, the workaround continues to work for me (linuxserver.io docker, radarr v4.2.4.6635, smtp relay via synology mail server on port 25).
What version of DSM are you on? Wondering if I can use mine to replicate!
Current DSM or close to, DSM 7.1.1-42962 Update 2
to be exact. Been an issue for a while, across multiple DSM updates though.
The package is the standard Synology Mail Server, version 1.7.4-10659
with no SSL/TLS configuration, listening only on port 25.
Is there an existing issue for this?
Current Behavior
I'm running a local smtp server that doesn't require authentication or encryption. When I setup the email connector I leave the Require Encryption box unchecked. When I test the connection it fails. In the logs I see starttls errors, and in my mail server logs I see the same. Note this worked fine in previous versions of Radarr and continues to work fine with Sonarr.
Expected Behavior
Emails should be sent in plain text without encryption or authentication.
Steps To Reproduce
Environment
What branch are you running?
Develop
Trace Logs?
Unable to send test email: An error occurred while attempting to establish an SSL or TLS connection.
This usually means that the SSL certificate presented by the server is not trusted by the system for one or more of the following reasons:
See https://github.com/jstedfast/MailKit/blob/master/FAQ.md#SslHandshakeException for possible solutions.
MailKit.Security.SslHandshakeException: An error occurred while attempting to establish an SSL or TLS connection.
This usually means that the SSL certificate presented by the server is not trusted by the system for one or more of the following reasons:
See https://github.com/jstedfast/MailKit/blob/master/FAQ.md#SslHandshakeException for possible solutions.
---> System.Security.Authentication.AuthenticationException: The remote certificate was rejected by the provided RemoteCertificateValidationCallback. at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Security.SslStream.AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions) at MailKit.Net.Smtp.SmtpClient.ConnectAsync(String host, Int32 port, SecureSocketOptions options, Boolean doAsync, CancellationToken cancellationToken) --- End of inner exception stack trace --- at MailKit.Net.Smtp.SmtpClient.ConnectAsync(String host, Int32 port, SecureSocketOptions options, Boolean doAsync, CancellationToken cancellationToken) at MailKit.Net.Smtp.SmtpClient.Connect(String host, Int32 port, SecureSocketOptions options, CancellationToken cancellationToken) at NzbDrone.Core.Notifications.Email.Email.Send(MimeMessage email, EmailSettings settings) in D:\a\1\s\src\NzbDrone.Core\Notifications\Email\Email.cs:line 152 at NzbDrone.Core.Notifications.Email.Email.SendEmail(EmailSettings settings, String subject, String body, Boolean htmlBody) in D:\a\1\s\src\NzbDrone.Core\Notifications\Email\Email.cs:line 115 at NzbDrone.Core.Notifications.Email.Email.Test(EmailSettings settings) in D:\a\1\s\src\NzbDrone.Core\Notifications\Email\Email.cs:line 85
AB#2892