search

larrabee / freeipa-password-reset

Self-service password reset app for FreeIPA
GNU General Public License v3.0
92 stars 31 forks source link

Cannot send Email #15

Closed abdalians closed 5 years ago

abdalians commented 5 years ago

Hi Trying to use email for password reset. Seemed to have installed fine as per the instructions but when I try to do a reset .. it says cannot send email. using the email provider to password reset

httpd error_log: [Sat May 18 22:11:16.349822 2019] [:warn] [pid 9909] [client 10.1.1.88:60980] failed to set perms (3140) on file (/var/run/ipa/ccaches/ldap-passwd-reset@domain.com)!, referer: https://master6dev.domain.com/ipa/xml [Sat May 18 22:11:16.373918 2019] [:error] [pid 9620] ipa: INFO: [jsonserver_session] ldap-passwd-reset@DOMAIN.COM: user_show/1(u'user5', version=u'2.230'): SUCCESS

mailllog:

master6dev postfix/smtpd[13518]: lost connection after EHLO from hostname.fqdn

brotaxt commented 5 years ago

Hi, I'm running into the exact same problems. :(

RHEL 7.4 ipa-server-4.6.4-10.el7_6.6.x86_64

@abdalians Did you get it running?

agit05 commented 5 years ago

Hi, I'm running into the exact same problems. :(

RHEL 7.4 ipa-server-4.6.4-10.el7_6.6.x86_64

@abdalians Did you get it running?

I have the same situation on RHEL 7.6. Are you using postfix as well? I see something in the providers.py file on line 100: s.sendmail(msg['From'], recipients, msg.as_string())

I was wondering if this does not mean it is using sendmail instead? although I do not get any specific error in the logs, except: Wed Aug 07 16:15:50.446336 2019] [:error] [pid 26570] ipa: INFO: [jsonserver_session] ldap-passwd-reset@DOMAIN.INT: ping(): SUCCESS [Wed Aug 07 16:15:50.469251 2019] [:error] [pid 26571] ipa: INFO: [jsonserver_session] ldap-passwd-reset@DOMAIN.INT: schema(known_fingerprints=(u'5131ac65',), version=u'2.170'): SchemaUpToDate [Wed Aug 07 16:15:51.944881 2019] [:error] [pid 26570] ipa: INFO: [jsonserver_session] ldap-passwd-reset@DOMAIN.INT: ping(): SUCCESS [Wed Aug 07 16:15:51.977399 2019] [:error] [pid 26571] ipa: INFO: [jsonserver_session] ldap-passwd-reset@DOMAIN.INT: user_show/1(u'admin', version=u'2.230'): SUCCESS python[6562]: [07/Aug/2019 14:15:52] "POST /reset/gettoken/ HTTP/1.1" 500 7238

So the 500, internal server error, I am not sure where it cames from. @larrabee your advice is highly appreciated in this one.

brotaxt commented 5 years ago

Hi, I'm running into the exact same problems. :( RHEL 7.4 ipa-server-4.6.4-10.el7_6.6.x86_64 @abdalians Did you get it running?

I have the same situation on RHEL 7.6. Are you using postfix as well?

Yes, Iam also using the default postfix as mta. Sending mail via telnet works as expected.

@larrabee your advice is highly appreciated in this one.

Yes, please! :)

larrabee commented 5 years ago

Hello.
This is valid configuration for default configuration of postfix:

options = {
"msg_template": "Your reset password token: {0} \nDo not tell anyone this code.",
"msg_subject": "Your LDAP password reset code",
"smtp_from": "test@example.com",
"smtp_user": None,
"smtp_pass": None,
"smtp_server_addr": "localhost",
"smtp_server_port": 25,
"smtp_server_tls": False,
}
agit05 commented 5 years ago

Hello. This is valid configuration for default configuration of postfix:

options = {
"msg_template": "Your reset password token: {0} \nDo not tell anyone this code.",
"msg_subject": "Your LDAP password reset code",
"smtp_from": "test@example.com",
"smtp_user": None,
"smtp_pass": None,
"smtp_server_addr": "localhost",
"smtp_server_port": 25,
"smtp_server_tls": False,
}

It means there is something else because the error 500 is permanent: Aug 14 10:51:18 IPAHOST.domain.int python[8424]: ipa: INFO: trying https://ipahost.domain.int/ipa/session/json Aug 14 10:51:19 IPAHOST.domain.int python[8424]: ipa: INFO: [try 1]: Forwarding 'user_show/1' to json server 'https://ipahost.domain.int/ipa/session/json' Aug 14 10:51:19 IPAHOST.domain.int python[8424]: [14/Aug/2019 08:51:19] "POST /reset/gettoken/ HTTP/1.1" 500 7238

HTTP error is: [Wed Aug 14 10:51:18.992570 2019] [:warn] [pid 28737] [client 170.255.66.34:42164] failed to set perms (3140) on file (/var/run/ipa/ccaches/ldap-passwd-reset@IPAHOST.DOMAIN.INT)!, referer: https://ipahost.domain.int/ipa/xml [Wed Aug 14 10:51:19.008703 2019] [:error] [pid 28735] ipa: INFO: [jsonserver_session] ldap-passwd-reset@IPAHOST.DOMAIN.INT: ping(): SUCCESS [Wed Aug 14 10:51:19.012657 2019] [:warn] [pid 28737] [client 170.255.66.34:42164] failed to set perms (3140) on file (/var/run/ipa/ccaches/ldap-passwd-reset@IPAHOST.DOMAIN.INT)!, referer: https://ipahost.domain.int/ipa/xml [Wed Aug 14 10:51:19.039640 2019] [:error] [pid 28734] ipa: INFO: [jsonserver_session] ldap-passwd-reset@IPAHOST.DOMAIN.INT: user_show/1(u'username', version=u'2.230'): SUCCESS

The error on the page is: "Cannot send Email"

I've tried to add ldap-passwd-reset to group ipaapi and give group permissions, but the file keeps changing when the service (re)starts: -rw-------. 1 ipaapi ipaapi 4322 Aug 14 10:51 /var/run/ipa/ccaches/ldap-passwd-reset@IPAHOST.DOMAIN.INT

larrabee commented 5 years ago

Can you try to send email with this test script?

#!/bin/python

import smtplib
from email.mime.text import MIMEText

class Email():
    def __init__(self, options):
        self.msg_template = options['msg_template']
        self.msg_subject = options['msg_subject']
        self.smtp_user = options['smtp_user']
        self.smtp_pass = options['smtp_pass']
        self.smtp_server_addr = options['smtp_server_addr']
        self.smtp_server_port = options['smtp_server_port']
        self.smtp_server_tls = options['smtp_server_tls']
        if ('smtp_from' in options) and (options['smtp_from'] is not None):
            self.smtp_from = options['smtp_from']
        else:
            self.smtp_from = self.smtp_user

    def send_token(self, user, token):
        recipients = user['result']['mail']

        msg = MIMEText(self.msg_template.format(token))
        msg['Subject'] = self.msg_subject
        msg['From'] = self.smtp_from
        msg['To'] = ", ".join(recipients)
        s = smtplib.SMTP("{0}:{1}".format(self.smtp_server_addr, self.smtp_server_port))
        if self.smtp_server_tls:
            s.ehlo()
            s.starttls(tuple())
            s.ehlo()
        if (self.smtp_user is not None) and (self.smtp_pass is not None):
            s.login(self.smtp_user, self.smtp_pass)
        s.sendmail(msg['From'], recipients, msg.as_string())
        s.quit()

options = {
            # In template {0} will replaced with token
            "msg_template": "Your reset password token: {0} \nDo not tell anyone this code.",
            "msg_subject": "Your LDAP password reset code",
            "smtp_from": "test@example.com", #With None its copy value from smtp_user
            "smtp_user": None,
            "smtp_pass": None,
            "smtp_server_addr": "localhost",
            "smtp_server_port": 25,
            "smtp_server_tls": False,
        }
user = {'result': {'mail':['your_email@gmail.com',]}}

em = Email(options)

em.send_token(user, "test")

Save it to file and run it with python.

agit05 commented 5 years ago

Good example, made me found the issue in the settings.py. You need to have no brackets at the smtp user/pass fields (if you do not use auth), like: "smtp_user": None, "smtp_pass": None,

Thanks Vladimir.

brotaxt commented 5 years ago

Many thanks @agit05 - works like a charm now!