search

pentacent / keila

Open Source Newsletter Tool.
https://keila.io
GNU Affero General Public License v3.0
1.25k stars 61 forks source link

Add "connection security" options to System mailer #246

Closed RichardHausgartner closed 8 months ago

RichardHausgartner commented 8 months ago

I configured these environment variables:

 environment:
      MAILER_TYPE: smtp
      MAILER_SMTP_HOST: smtp.mymailserver.com
      MAILER_SMTP_USER: "user" 
      MAILER_SMTP_PASSWORD: "pass"  
      MAILER_SMTP_FROM_EMAIL: "noreply@mymailserver.com"
      MAILER_SMTP_PORT: 587

When creating a new user or resetting the password, these settings are used, as in the documentation mentioned. But when triggering these events, this error occurs:

(Swoosh.DeliveryError) delivery error: {:send, {:network_failure}

The interesting thing is, that I use the same mailserver settings for the sending of the actual newsletter. I configured the security option "STARTTLS" and it works great.

So, please add the security options to the System Mailer. Thanks!

wmnnd commented 8 months ago

Can you try adding MAILER_ENABLE_SSL=TRUE?

RichardHausgartner commented 8 months ago

Can you try adding MAILER_ENABLE_SSL=TRUE?

Thanks for the hint, this is my setup now:

 environment:
      MAILER_TYPE: smtp
      MAILER_SMTP_HOST: smtp.mymailserver.com
      MAILER_SMTP_USER: "user" 
      MAILER_SMTP_PASSWORD: "pass"  
      MAILER_SMTP_FROM_EMAIL: "noreply@mymailserver.com"
      MAILER_SMTP_PORT: 587
      MAILER_ENABLE_SSL: true

I receive this error message in logs:

** (exit) an exception was raised: ** (Swoosh.DeliveryError) delivery error: {:retries_exceeded, {:network_failure, '(here the ip of smtp.mymailserver.com)', {:error, {:tls_alert, {:unexpected_message, 'TLS client: In state hello at tls_record.erl:561 generated CLIENT ALERT: Fatal - Unexpected Message\n {unsupported_record_type,50}'}}}}}

(I use the latest source at https://github.com/pentacent/keila/commit/842688731e06f544b9c272d7f341aff8991543cd)

wmnnd commented 8 months ago

Have you tried using port 465 on your mail server?

RichardHausgartner commented 8 months ago

Have you tried using port 465 on your mail server?

This is the setup:

 environment:
      MAILER_TYPE: smtp
      MAILER_SMTP_HOST: smtp.mymailserver.com
      MAILER_SMTP_USER: "user" 
      MAILER_SMTP_PASSWORD: "pass"  
      MAILER_SMTP_FROM_EMAIL: "noreply@mymailserver.com"
      MAILER_SMTP_PORT: 465
      MAILER_ENABLE_SSL: true

This results in:

** (exit) an exception was raised:
** (Swoosh.DeliveryError) delivery error: {:retries_exceeded, {:network_failure, '(IP of here the ip of smtp.mymailserver.com)', {:error, :timeout}}}
        (keila 0.12.6) lib/keila/mailer.ex:2: Keila.Mailer.deliver!/2
         (keila 0.12.6) lib/keila/auth/auth.ex:630: Keila.Auth.send_password_reset_link/2

(But I'm sure, that SSL/465 works, because I use it in email clients.)

wmnnd commented 8 months ago

Actually, looking at your error message more closely, it seems like you were not running the most recent version from main. (The two commits I just made don’t really change how system emails are sent, it’s just a refactoring of what was already there).

RichardHausgartner commented 8 months ago

Actually, looking at your error message more closely, it seems like you were not running the most recent version from main.

I used this commit for my issue:

commit 842688731e06f544b9c272d7f341aff8991543cd (HEAD -> main, origin/main, origin/HEAD)
Author: Philipp <(removed to avoid spamming)>
Date:   Mon Oct 30 13:26:16 2023 +0100

    Allow adding links to images in Markdown campaigns

M       CHANGELOG.md
M       lib/keila/templates/html.ex

I just tried the commit https://github.com/pentacent/keila/commit/201a3f3e72688f40ba770c56c4a67debf8623009:

commit 201a3f3e72688f40ba770c56c4a67debf8623009 (HEAD -> main, origin/main, origin/HEAD)
Author: Philipp <(removed to avoid spamming)>
Date:   Thu Nov 2 22:19:58 2023 +0100

    Use Application.ensure_all_started for tls_certificate_check

But it is the same as in https://github.com/pentacent/keila/issues/246#issuecomment-1791508654 .

** (exit) an exception was raised:
    ** (Swoosh.DeliveryError) delivery error: {:retries_exceeded, {:network_failure, '(IP of here the ip of smtp.mymailserver.com)', {:error, :timeout}}}
        (keila 0.12.6) lib/keila/mailer.ex:2: Keila.Mailer.deliver!/2
        (keila 0.12.6) lib/keila/auth/auth.ex:630: Keila.Auth.send_password_reset_link/2
        (keila 0.12.6) lib/keila_web/controllers/auth_controller.ex:111: KeilaWeb.AuthController.post_reset/2
        (keila 0.12.6) lib/keila_web/controllers/auth_controller.ex:1: KeilaWeb.AuthController.action/2
        (keila 0.12.6) lib/keila_web/controllers/auth_controller.ex:1: KeilaWeb.AuthController.phoenix_controller_pipeline/2

Thank you for your fast response and your recent commits! 👏

wmnnd commented 8 months ago

So you’re running Keila from source, not from the Docker image? Is it possible that your OS is missing CA certificates?

If you’re running from source, could you share the output of Application.get_env(:keila, Keila.Mailer) from IEx? (start with iex -S mix).

wmnnd commented 8 months ago

Oh, and if you are using the Docker image, try the new one I’ve just published (0.12.7).

RichardHausgartner commented 8 months ago

I'm on arm64 with Ubuntu 22.04.3 LTS. So I use your docker-compose.yml file and do a docker compose build from the main github tree.

Everything works fine with this setup, even the main functionality to send newsletters (through SMTP with "STARTTLS" over 587). 🤔

How can I support you with output from the docker container?

wmnnd commented 8 months ago

Aaah … that’s the issue maybe. The system Mailer doesn’t currently support STARTTLS. Does your server not have proper TLS/SSL?

wmnnd commented 8 months ago

Could you try this branch? https://github.com/pentacent/keila/tree/feature/system-mailer-starttls And enable MAILER_ENABLE_STARTTLS. MAILER_ENABLE_SSL should not be set.

RichardHausgartner commented 8 months ago

And enable MAILER_ENABLE_STARTTLS. MAILER_ENABLE_SSL should not be set.

I use this branch:

commit 61fae4a80964360d365f2debea958490bd9dac30 (HEAD -> feature/system-mailer-starttls, origin/feature/system-mailer-starttls)
Author: Philipp <(removed to avoid spamming)>
Date:   Thu Nov 2 23:46:53 2023 +0100

    Add Starttls support for system mailer

M       config/runtime.exs

And this is my docker compose file:

 environment:
      MAILER_TYPE: smtp
      MAILER_SMTP_HOST: smtp.mymailserver.com
      MAILER_SMTP_USER: "user" 
      MAILER_SMTP_PASSWORD: "pass"  
      MAILER_SMTP_FROM_EMAIL: "noreply@mymailserver.com"
      MAILER_SMTP_PORT: 587
      MAILER_ENABLE_STARTTLS: true

_(MAILER_ENABLE_SSL is not defined!)_

With this setup, it works! 👏 (I tried "reset password" and "create new user")

-- I have to investigate separately why smtp.mymailserver.com does not accept SSL/465 in keila 🤔. But the reason of this issue is solved. Thank you very much! 🙏

wmnnd commented 8 months ago

Awesome! I’ll merge it into main and publish a new release then :smile: