glenndehaan / unifi-voucher-site

UniFi Voucher Site is a web-based platform for generating and managing UniFi network guest vouchers
MIT License
47 stars 9 forks source link

SMTP Issue #44

Closed ginlik1996 closed 3 weeks ago

ginlik1996 commented 3 weeks ago

The problem

Even when specifying the "SMTP_SECURE: false" parameter in the configuration file, the connection to the local mail server using the private IP gives the error "[Mail] Hostname/IP does not match certificate's altnames: IP: 10.xxx.xxx.xxx is not in the cert's list:".

It would be nice to add a skip certificate check parameter. I found the following parameter online for the nodemailer connection:

tls: {
            // do not fail on invalid certs
            rejectUnauthorized: false
        },

What version of UniFi Voucher Site has the issue?

4.1.3

What was the last working version of UniFi Voucher Site?

No response

What type of installation are you running?

Docker

Anything in the logs that might be useful for us?

2024-10-08 07:40:11.056 ERROR [Mail] Error when sending mail
2024-10-08 07:40:11.056 ERROR Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 10.xxx.xxx.xxx is not in the cert's list: 
    at Object.checkServerIdentity (node:tls:337:12)
    at TLSSocket.onConnectSecure (node:_tls_wrap:1684:27)
    at TLSSocket.emit (node:events:519:28)
    at TLSSocket._finishInit (node:_tls_wrap:1085:8)
    at ssl.onhandshakedone (node:_tls_wrap:871:12) {
  code: 'ESOCKET',
  reason: "IP: 10.xxx.xxx.xxx is not in the cert's list: ",
  host: '10.xxx.xxx.xxx',

Additional information

Another strange behaviour. To work around this issue, I created in docker a "hosts file entry", so that I was using the correct hostname and not the local IP. But this also doesn't work. I get a "Connection Timeout error". The unifi network app on the same docker host with this configuration works perfectly.

2024-10-08 07:50:44.039 ERROR Error: Connection timeout
    at SMTPConnection._formatError (/app/node_modules/nodemailer/lib/smtp-connection/index.js:807:19)
    at SMTPConnection._onError (/app/node_modules/nodemailer/lib/smtp-connection/index.js:793:20)
    at Timeout.<anonymous> (/app/node_modules/nodemailer/lib/smtp-connection/index.js:237:22)
    at listOnTimeout (node:internal/timers:573:17)
    at process.processTimers (node:internal/timers:514:7) {
  code: 'ETIMEDOUT',
  command: 'CONN'
}
glenndehaan commented 3 weeks ago

Hi @ginlik1996,

I have just released version 4.1.4. This should fix 2 issues.

  1. There was an instance where the 'SMTP_SECURE' variables was not read correctly and therefore could potentially set it to true even if it was set to false.
  2. I have now disabled the TLS certificate checks as you also described since this could potentially affect other people in the future.

The other issue you describe with the hosts file is indeed another strange one. The problem here is that this is not an easy one for me to reproduce. Therefore I hope that these 2 patches will fix the issue without you requiring to hotfix the hosts file.

ginlik1996 commented 3 weeks ago

Thank you for the fast response! I'll try it ASAP.

The strange thing with the host entry, is that if i open the console i can ping it and it gets resolved correctly. But if the fix that you implemented works as expected i won't bother to use the host entry.

Thanks!

ginlik1996 commented 3 weeks ago

Tested the new release and now is working correctly using the "SMTP_SECURE" variable. Thanks for the amazing work!