search

gitpod-io / gitpod

The developer platform for on-demand cloud development environments to create software faster and more securely.
https://www.gitpod.io
GNU Affero General Public License v3.0
12.98k stars 1.24k forks source link

ECONNREFUSED firewall error nodemailer #8976

Closed mteam88 closed 2 years ago

mteam88 commented 2 years ago

Bug description

I am using nodemailer to send emails but there seems to be a firewall error. Is this known?

I have an error when trying to use the example from nodemailer.

I modified it a little bit but it has all of the same core. When I try to run it I get this error:

Error: connect ECONNREFUSED 13.49.22.0:587
    at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1161:16) {
  errno: -111,
  code: 'ESOCKET',
  syscall: 'connect',
  address: '13.49.22.0',
  port: 587,
  command: 'CONN'
}

I have searched and I can't find any answers about this. I am using gmail smtp now. It seems that it is a firewall issue because running nc smtp.gmail.com 587 hangs with no output, and corresponding telnet and openssl commands have the same response. Gitpod may need to modify the firewall or alert when the firewall catches something if this is actually a firewall problem.

The function that is actually run is this:

async function nodeMailerMain() {
  // Generate test SMTP service account from ethereal.email
  // Only needed if you don't have a real mail account for testing
  let testAccount = await nodemailer.createTestAccount().catch((err) => console.log(err))

  // create reusable transporter object using the default SMTP transport
  let transporter = await nodemailer.createTransport({
    host: testAccount.smtp.host,
    port: testAccount.smtp.port,
    secure: testAccount.smtp.secure, // true for 465, false for other ports
    auth: {
      user: testAccount.user, // generated ethereal user
      pass: testAccount.pass, // generated ethereal password
    },
  })//.catch((err) => console.log(err))

  console.log(testAccount.smtp.host);

  console.log("successfully created transporter");

  let message = {
    from: 'Sender Name <sender@example.com>',
    to: 'Recipient <recipient@example.com>',
    subject: 'Nodemailer is unicode friendly ✔',
    text: 'Hello to myself!',
    html: '<p><b>Hello</b> to myself!</p>'
  };

  // send mail with defined transport object
  transporter.sendMail(message, (error, info) => {
    if (error) {
      return console.log(error);
    }
    console.log('Email sent: ' + info.response);
    console.log("Message sent: %s", info.messageId);
    // Message sent: <b658f8ca-6296-ccf4-8306-87d57a0b4321@example.com>

    // Preview only available when sending through an Ethereal account
    console.log("Preview URL: %s", nodemailer.getTestMessageUrl(info));
    // Preview URL: https://ethereal.email/message/WaQKMgKddxQDoou...
  });
}

Steps to reproduce

I am not sure about this... You may try the code I used.

kylos101 commented 2 years ago

Hi @mteam88 , this is intentional, we block known outbound SMTP ports as a security precaution.

You may want to consider using something like this when developing an app that uses SMTP within Gitpod: https://github.com/ReachFive/fake-smtp-server https://hub.docker.com/r/reachfive/fake-smtp-server

Another option would be for you to route SMTP traffic through a Tailscale network, and either host a SMTP server of your own (also on the Tailscale), or exit the traffic to another SMTP server (not on the Tailscale). Although I think either approach will be harder than using a mock/fake SMTP server.

mteam88 commented 2 years ago

Thanks! I really appreciate the work. I do have a further problem though: ANY ping command is failing. No connections are working.

mteam88 commented 2 years ago

Please re-open.

axonasif commented 2 years ago

You may want to consider using something like this when developing an app that uses SMTP within Gitpod: https://github.com/ReachFive/fake-smtp-server https://hub.docker.com/r/reachfive/fake-smtp-server

Another option would be for you to route SMTP traffic through a Tailscale network, and either host a SMTP server of your own (also on the Tailscale), or exit the traffic to another SMTP server (not on the Tailscale). Although I think either approach will be harder than using a mock/fake SMTP server.

Hey @kylos101, should we get these documented on gitpod.io/docs ?

kylos101 commented 2 years ago

Hi @mteam88 ,

I left #8979 open to track the issue you identified with ping (ICMP).

If you are trying to test connectivity to other TCP ports (like 80 or 443 for a web server), you can use netcat or even telnet. To recap, ping (ICMP) will not work, but I've left that issue open so we can determine why it is not functional.

Testing a UDP port will be trickier.