search

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
45.1k stars 5.49k forks source link

SMTP authentication is still failing #28335

Open rrose-github opened 11 months ago

rrose-github commented 11 months ago

Description

I'm running Gitea on Ubuntu 22.04 LTS. Gitea was able to send test messages in version 1.14. In versions 1.18 through 1.21, when I have attempted to send a test email, it has always failed.

image

Under version 1.14, this configuration worked:

[mailer]
ENABLED = true
HOST       = mail.dummydomain.com:587
FROM      = gitea@dummydomain.com
USER        = me@dummydomain.com
PASSWD   = XXXXXXX
PROTOCOL = smtps
SMTP_ADDR = mail.dummydomain.com
SMTP_PORT  = 587

Under versions 1.18 through 1.21, I've tried this configuration:

[mailer]
ENABLED = true
FROM      = gitea@dummydomain.com
SMTP_ADDR = mail.dummydomain.com
SMTP_PORT = 587
USER            = me@dummydomain.com
PASSWD      = XXXXXX

I've also tried specifying PROTOCOL using smtp, smtps and starttls. Nothing has worked.

Per this posting, https://github.com/go-gitea/gitea/issues/24899, in versions 1.18 through 1.20 (it was deprecated in 1.21), I tried including the HOST = mail.dummydomain.com:587 statement, but that didn't help either.

I have also, using the openssl -client option, manually sent test emails from the server's terminal line. So, the server is able to communicate with the mail server.

Gitea Version

1.18 through 1.21

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

Ubuntu 22.04

How are you running Gitea?

Download the various versions of Gitea from dl.gitea.io. Followed these basic instructions for installing Gitea: https://www.rosehosting.com/blog/how-to-install-gitea-with-nginx-and-free-lets-encrypt-ssl-on-ubuntu-20-04/

Database

MySQL/MariaDB

lunny commented 11 months ago

Have you tried PROTOCOL=smtp+starttls?

rrose-github commented 11 months ago

lunny,

I didn't explicitly tried it, but I did notice that the admin web page showed the PROTOCOL as being smtp+starttls when I didn't explicitly specified the PROTOCOL parameter.

Per your suggestion/question, I went ahead and explicitly added that line to app.ini file and restarted Gitea. Still get the same error message when I attempt to send a test email.

image

From app.ini:

[mailer]
ENABLED = true
FROM = gitea@dummydomain.com
PROTOCOL = smtp+starttls
SMTP_ADDR = mail.dummydomain.com
SMTP_PORT = 587
USER = me@dummydomain.com
PASSWD = XXXXXX
jrjake commented 11 months ago

535 5.7.8

This mean Gitea is connecting to SMTP server fine, performing TLS fine, but Gitea send credential to server and SMTP server rejects credential for being incorrect. You need to consult with SMTP provider to find what is issue.

535 is a non-standard error code and 5.7.8 extended error code make it look like Google SMTP server. See this page for proper configuration https://support.google.com/a/answer/176600?hl=en

Edit: I did more research on Google SMTP. They no longer offer "Less Secure Apps". You need to enable 2FA on Gmail account and create app password (not normal password), and supply Gitea with app password https://support.google.com/mail/answer/185833?hl=en

rrose-github commented 11 months ago

Thanks for replying.

It's my own mail server (running Ubuntu 22.04 LTS with Postfix and Dovecot). The user name/password is correct -- I've double and tripled checked it. I've also tried it with the password without quotes, and with single quotes (I've seen examples both way), and both with and without spaces around the equal sign (in case of maybe perhaps there's a parsing error). And as I mentioned in my orginal post, Gitea version 1,14 was able to authenticate and send test emails.

Below is a test session I just did using openssl s_client, connecting from the gitea server to the mail server using port 587 and the starttls protocol. As you can see, the server is quite willing to accept such a connection from the gitea server.

(domain name changed in screen capture to dummydomain for security purposes)

ubuntu@gitea1:/etc$ openssl s_client -starttls smtp -connect mail.dummydomain.com:587
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = mail.dummydomain.com
verify return:1
---
... lines deleted ...
---
read R BLOCK
EHLO gitea.dummydomain.com
250-mail.dummydomain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
AUTH PLAIN *************************************************************==
235 2.7.0 Authentication successful
j123b567 commented 8 months ago

I'm experiencing the exact same behavior with AWS SES. The given credentials are real but no longer valid. Email addresses are redacted. I'm using gitea/gitea:1.21.5-rootless docker image.

[mailer]
ENABLED = true
FROM = example <noreplay@example.org>
PROTOCOL = smtps
SMTP_ADDR = email-smtp.eu-central-1.amazonaws.com
SMTP_PORT = 465
USER = AKIATNPWHAQOUCDTQX3M
PASSWORD = `BIJv8zsMFmHAOQPXn9/0lMKitVGCRiFvgQ50zj+70XDK`

I have also tried PASSWORD with ` and without. Different protocols smtp+starttls on port 587. Same result. It connects successfully but credentials are invalid.

Gitea error message

Failed to send a testing email to "recipient@example.org": gomail: could not send email 1: failed to authenticate SMTP: 535 Authentication Credentials Invalid

Explanation of error message is here https://docs.aws.amazon.com/ses/latest/dg/troubleshoot-smtp.html

Example program in Go using gomail.v2. I'm not a Golang programmer so this is AI generated code but fortunately, it works.

package main

import (
    "gopkg.in/gomail.v2"
    "log"
)

func main() {
    sender := "example <noreplay@example.org>"
    username := "AKIATNPWHAQOUCDTQX3M"
    password := "BIJv8zsMFmHAOQPXn9/0lMKitVGCRiFvgQ50zj+70XDK"
    recipient := "recipient@example.org"
    smtpHost := "email-smtp.eu-central-1.amazonaws.com"
    smtpPort := 465

    message := gomail.NewMessage()
    message.SetHeader("From", sender)
    message.SetHeader("To", recipient)
    message.SetHeader("Subject", "Hello from Gomail!")
    message.SetBody("text/plain", "This is a test email sent using Gomail.")

    dialer := gomail.NewDialer(smtpHost, smtpPort, username, password)

    if err := dialer.DialAndSend(message); err != nil {
        log.Fatalf("Could not send email: %v", err)
    } else {
        log.Println("Email sent successfully!")
    }
}

Output Email sent successfully! and really appears in the mailbox.

I have tried to run this program from golang:1.21 docker container - worked from gitea/gitea:1.21.5-rootless docker container - worked

To summarise it

jrjake commented 8 months ago 
[mailer]
ENABLED = true
FROM = example <noreplay@example.org>
PROTOCOL = smtps
SMTP_ADDR = email-smtp.eu-central-1.amazonaws.com
SMTP_PORT = 465
USER = AKIATNPWHAQOUCDTQX3M
PASSWORD = `BIJv8zsMFmHAOQPXn9/0lMKitVGCRiFvgQ50zj+70XDK`

I believe the key is PASSWD not PASSWORD, so config should be:

[mailer]
PASSWD = BIJv8zsMFmHAOQPXn9/0lMKitVGCRiFvgQ50zj+70XDK

See: https://docs.gitea.com/next/administration/config-cheat-sheet