search

lukevella / rallly

Rallly is an open-source scheduling and collaboration tool designed to make organizing events and meetings easier.
https://rallly.co
GNU Affero General Public License v3.0
3.43k stars 318 forks source link

Error sending email Error: self-signed certificate #795

Open facorazza opened 1 year ago

facorazza commented 1 year ago

Describe the bug

Rallly doesn't seem to support SMTP mail servers with a self-signed certificate.

efed770825b0 Error sending email Error: self-signed certificate
efed770825b0     at TLSSocket.onConnectSecure (node:_tls_wrap:1540:34)
efed770825b0     at TLSSocket.emit (node:events:513:28)
efed770825b0     at TLSSocket.emit (node:domain:552:15)
efed770825b0     at TLSSocket._finishInit (node:_tls_wrap:959:8)
efed770825b0     at ssl.onhandshakedone (node:_tls_wrap:743:12)
efed770825b0     at TLSWrap.callbackTrampoline (node:internal/async_hooks:130:17) {
efed770825b0   code: 'ESOCKET',
efed770825b0   command: 'CONN'
efed770825b0 }

I believe the code related to this is here. The behaviour is the same whether SMTP_TLS_ENABLED is set to true or false.

I'm not fluent in TypeScript but perhaps this could help.

To Reproduce Steps to reproduce the behavior:

  1. Set up SMTP with self-signed certificate
  2. Try to send an email

Expected behavior Email sent to the mail server with a self-signed certificate.

Desktop (please complete the following information):

lukevella commented 1 year ago

Hi, setting rejectUnauthorized to false is intended to allow self-signed certificates so in theory it should work as long as you use SMTP_TLS_ENABLED is true.

If that's not working, perhaps the additional ciphers parameter is causing some sort of issue? Or could be an upstream issue nodemailer and we just need to update the package.

lukevella commented 1 year ago

I don't have the time to look into this I'm afraid but if someone wants to test whether sending emails through an SMTP server with TLS and a self-signed certificate actually works or test whether the two possible solutions above fixes the issue that would be a welcome PR.

michnovka commented 5 months ago

Hi, this issue is important for me also, since from recent update user registration seems required. I cannot seem to bypass this even when using SMTP_TLS_ENABLED=false or SMTP_SECURE=false

michnovka commented 5 months ago

Getting also this error when trying to use our self-signed cert on port 587:

rallly-1     | Error sending email [Error: 00780C9CF97F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:
rallly-1     | ] {
rallly-1     |   library: 'SSL routines',
rallly-1     |   reason: 'wrong version number',
rallly-1     |   code: 'ESOCKET',
rallly-1     |   command: 'CONN'
rallly-1     | }

Id like to point out that we use this email server with many other apps without issue, we just always use TLS and disable cert verification.

michnovka commented 6 days ago

With latest rally version sending emails works :)