Error 500 on sending emails

pietro95 commented 3 months ago

🐛 Bug Report

Trying to send an email, give Error 500

🔬 How To Reproduce

Steps to reproduce the behavior:

Register a new account or try to send the confimation instruction

Environment

Where are you running/using Password Pusher?

[ ] pwpush.com
[x] Docker Image
- [x] pwpush
- [ ] custom image
[ ] Heroku
[ ] Digital Ocean
[ ] Microsoft Azure
[ ] Google Cloud
[ ] AWS
[ ] Source Code
[ ] Other (please specify)

If applicable, what version of Password Pusher? v1.40.12

📈 Expected behavior

User should receive email

📎 Additional context

SMTP server is a Postfix Server on local network, no auth required and no TLS, simple plain SMTP on port 25.

Configuration:

mail:
  # Email delivery errors will be shown in the application
  # Environment Variable Override: PWP__MAIL__RAISE_DELIVERY_ERRORS='false'
  raise_delivery_errors: true

  # Allows you to use a remote mail server. Just change it from its default "localhost" setting.
  # Environment Variable Override: PWP__MAIL__SMTP_ADDRESS='smtp.example.com'
  smtp_address: '10.0.0.150'

  # If you need to specify a HELO domain, you can do it here.
  # Environment Variable Override: PWP__MAIL__SMTP_DOMAIN='xyz.dev'
  # smtp_domain: ''

  # Port of the SMTP server
  # Environment Variable Override: PWP__MAIL__SMTP_PORT='587'
  smtp_port: 25

  # If your mail server requires authentication, you need to specify the
  # authentication type here. This is a string and one of :plain (will send
  # the password in the clear), :login (will send password Base64 encoded)
  # or :cram_md5 (combines a Challenge/Response mechanism to exchange
  # information and a cryptographic Message Digest 5 algorithm to hash
  # important information)
  #
  # Important: Comment this out if your server doesn't require authentication.
  #
  # Environment Variable Override: PWP__MAIL__SMTP_AUTHENTICATION='plain'
  # smtp_authentication: 'plain'

  # If your mail server requires authentication, set the username in this setting.
  # Environment Variable Override: PWP__MAIL__SMTP_USER_NAME='apikey'
  # smtp_user_name: 'apikey'

  # If your mail server requires authentication, set the password in this setting.
  # Environment Variable Override: PWP__MAIL__SMTP_PASSWORD='something@&#$'
  # smtp_password: ''

  # Use STARTTLS when connecting to your SMTP server and fail if unsupported.
  # Environment Variable Override: PWP__MAIL__SMTP_STARTTLS='true'
  smtp_starttls: false

  # Detects if STARTTLS is enabled in your SMTP server and starts to use it. Defaults to true.
  # Environment Variable Override: PWP__MAIL__SMTP_ENABLE_STARTTLS_AUTO='false'
  smtp_enable_starttls_auto: true
  # Number of seconds to wait while attempting to open a connection.
  # Environment Variable Override: PWP__MAIL__SMTP_OPEN_TIMEOUT='10'
  smtp_open_timeout: 10

  # Number of seconds to wait until timing-out a read(2) call.
  # Environment Variable Override: PWP__MAIL__SMTP_READ_TIMEOUT='10'
  smtp_read_timeout: 10

  # When using TLS, you can set how OpenSSL checks the certificate. This is
  # useful if you need to validate a self-signed and/or a wildcard certificate.
  # This can be one of the OpenSSL verify constants, :none or :peer
  # Environment Variable Override: PWP__MAIL__SMTP_OPENSSL_VERIFY_MODE='none'
  smtp_openssl_verify_mode: 'none'

  # Configure the e-mail address which will be shown as 'From' in emails
  # See config/initializers/devise.rb where this is used
  # Environment Variable Override: PWP__MAIL__MAILER_SENDER='"Password Pusher" <pglombardo@pwpush.com>'
  mailer_sender: '"Safe Share" <safeshare@mydomain.com>'

Testing from inside the container give this error, which is very strange since auth should be disabled (as per config file):

--> Configured FROM: address: '"Safe Share" <safeshare@mydomain.com>'
D, [2024-05-22T07:49:34.944798 #59] DEBUG -- : TestMailer#send_test_email: processed outbound mail in 0.7ms
app/mailers/test_mailer.rb:7:in `send_test_email': No SMTP username provided: smtp_user_name (StandardError)
        from (irb):2:in `<main>'
irb(main):003> TestMailer.send_test_email("myemail@mydomain.com").deliver_now

github-actions[bot] commented 3 months ago

Hello @pietro95, thanks for contributing to the Password Pusher community! We will respond as soon as possible.

pglombardo commented 3 months ago

Thanks @pietro95 - try settings smtp_authentication: null in your settings.yml file. I suspect the default is "plain" which might be causing this.

pietro95 commented 3 months ago

Same error, also if I look at the production log I can see this line:

I, [2024-05-22T09:10:02.791245 #22]  INFO -- : [8ddc3ba6-c313-4a5d-a899-c054884bbc80] Failed delivery of mail 664db66ab9671_16598f873e@60e1360e5136.mail error_class=TypeError error_message="no implicit conversion of Symbol into Integer"

riahc3 commented 3 months ago

It might be a bug in the latest version:

https://github.com/pglombardo/PasswordPusher/issues/2158#issuecomment-2124130165

pietro95 commented 3 months ago

Hello,

I'm trying using on PasswordPusher the same Google Workspace account used on the postfix relay (so sending directly to Google), and this is the output of the TestMailer:

6095304426b5:/opt/PasswordPusher$ ./bin/pwpush console
Password Pusher Version: 1.40.12
Loading production environment (Rails 7.1.3.2)
irb(main):001> TestMailer.send_test_email("myemail@mydomain.com").deliver_now

--> Configured FROM: address: '"Safe Share" <safeshare@mydomain.com>'
--> raise_delivery_errors is set to true in the configuration.  This will raise an error if the email fails to send.
--> Attempting to send a test email to myemail@mydomain.com...
--> It seems that the Email sent successfully!  Check destination inbox for the test email.

--> If you see an error, please paste this output into a GitHub issue for help.
  --> Make sure that no sensitive data is included.
  --> https://github.com/pglombardo/PasswordPusher/issues/new/choose

D, [2024-05-23T10:12:17.095316 #23] DEBUG -- : TestMailer#send_test_email: processed outbound mail in 2.3ms
I, [2024-05-23T10:12:17.493770 #23]  INFO -- : Failed delivery of mail 664f1681177e2_1713ec78788@6095304426b5.mail error_class=TypeError error_message="no implicit conversion of Symbol into Integer"
D, [2024-05-23T10:12:17.494035 #23] DEBUG -- : Date: Thu, 23 May 2024 10:12:17 +0000
From: Safe Share <safeshare@mydomain.com>
To: myemail@mydomain.com
Message-ID: <664f1681177e2_1713ec78788@6095304426b5.mail>
Subject: Test Email from Password Pusher
Mime-Version: 1.0
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

=E2=AD=90 If you are reading this, sending email works! =E2=AD=90=

(irb):1:in `<main>': no implicit conversion of Symbol into Integer (TypeError)

      OpenSSL::SSL::SSLSocket.new socket, context

Config:

mail:
  raise_delivery_errors: true
  smtp_address: 'smtp-relay.gmail.com'
  smtp_port: 587
  smtp_authentication: 'plain'
  smtp_user_name: 'relay@mydomain.com'
  smtp_password: 'myapppassword'
  smtp_starttls: true
  smtp_enable_starttls_auto: true
  smtp_open_timeout: 10
  smtp_read_timeout: 10
  smtp_openssl_verify_mode: 'peer'
  mailer_sender: '"Safe Share" <safeshare@mydomain.com>'

pglombardo commented 3 months ago

Hi @pietro95 - I'm watching for the result of #2158 before suggesting anything here so not to waste your time.

Docker containers for v1.40.14 are building now which should fix a bug with smtp_enable_starttls_auto. It seems like you should set this to false for your local postfix with v1.40.14.

I'll post back soon once I have something more.

pglombardo commented 3 months ago

Hi @pietro95 - @riahc3 fixed his setup with v1.40.14. Could you try that version and let me know?

pietro95 commented 3 months ago

Hi @pglombardo, I will try on Monday and let you know!

pietro95 commented 3 months ago

Hi @pglombardo, I did a test with the latest version and now I get another error:

[a1f4d174-a128-44dd-a22c-2898e30d97b4] Net::SMTPAuthenticationError (503 5.5.1 Error: authentication not enabled

As if it is trying to autheticate with the SMTP. I set smtp_authentication to null but same result

riahc3 commented 3 months ago

@pietro95

Hi @pglombardo, I did a test with the latest version and now I get another error:
[a1f4d174-a128-44dd-a22c-2898e30d97b4] Net::SMTPAuthenticationError (503 5.5.1 Error: authentication not enabled
As if it is trying to autheticate with the SMTP. I set smtp_authentication to null but same result

Two things Ive quickly searched:

https://stackoverflow.com/a/707892/1070958:

2021 Update By default you will also need to enable access for "less secure apps" in your gmail settings page: google.com/settings/security/lesssecureapps. This is necessary if you are getting the exception "`The server response was: 5.5.1 Authentication Required. – thanks to @Ravendarksky

Also: https://stackoverflow.com/a/4931560/1070958

Also: https://support.google.com/accounts/answer/6010255?hl=en

Starting on September 30, 2024, less secure apps, third-party apps, or devices that have you sign in with only your username and password will no longer be supported for Google Workspace accounts. For exact dates, visit Google Workspace Updates. To continue to use a specific app with your Google Account, you’ll need to use a more secure type of access that doesn’t share password data. Learn how to use Sign in with Google.

Also: https://support.google.com/mail/answer/185833?hl=en#zippy=

To sum it up:

1: Make sure "Less Secure Apps" is enabled and use apps passwords 2: Change from Google Workspace, It isn't supported come Sept 2024, which means less than a year, which means you need to change it, period. 3: Make sure you have a secure password: 14 characters at least, uppercase, lowercase, numbers, symbols and no common ones

If you change your Google Workspace password, ALL app passwords are invalid and must be regenerated.
If all else fails, setup a local Postfix relay on your password pusher box, point that to Gmail and test. The Postfix relay SHOULD give you a bit more logs.

pietro95 commented 3 months ago

Hi @riahc3, I am already using a Local Postfix server - which I am pointing to with my PWP installation ;) I did a small test before the latest fix with the gmail account (obiusly with the app password) but I revert back to the postfix configuration which is the one I want to use. My postfix does NOT require authentication and I think thats it is where the problem lies (seeing the logs): password pussher try to authenticate (without credentials) and my postfix refuse the connection. I think there is some bug in the smtp_authentication variable, like is always set to a default "plain" and is not setting to none

riahc3 commented 3 months ago

Hi @riahc3, I am already using a Local Postfix server - which I am pointing to with my PWP installation ;) I did a small test before the latest fix with the gmail account (obiusly with the app password) but I revert back to the postfix configuration which is the one I want to use. My postfix does NOT require authentication and I think thats it is where the problem lies (seeing the logs): password pussher try to authenticate (without credentials) and my postfix refuse the connection. I think there is some bug in the smtp_authentication variable, like is always set to a default "plain" and is not setting to none

So your postfix logs are showing that something is starting to authenticate against it instead of anonymous?

Did you run a tcpdump? That also showed me things related to the bug

pietro95 commented 3 months ago

Hi @pglombardo, do you have any update on my issue?

pglombardo commented 3 months ago

Hi @pietro95 - I loop back soon. Apologies - just juggling with my day job.

pglombardo commented 2 months ago

Hi @pglombardo, I did a test with the latest version and now I get another error:
[a1f4d174-a128-44dd-a22c-2898e30d97b4] Net::SMTPAuthenticationError (503 5.5.1 Error: authentication not enabled
As if it is trying to autheticate with the SMTP. I set smtp_authentication to null but same result

Hey @pietro95 - this is the latest container version? Can you get a shell into the container and dump the raw mail config?

docker exec -it <containerId> /bin/bash
./bin/pwpush console
Rails.application.config.action_mailer.smtp_settings

pglombardo commented 2 months ago

When I copy your settings.yml config and boot a container, I get this config:

No authentication setting so we might have missed something in the details... let me know.

pietro95 commented 2 months ago

Hi @pglombardo

Turns out that in one of the many test that I did I left uncommented the variable smtp_username and smtp_password; I commented again both of them and the mail started to arrive without any error! Thanks for your support

pglombardo commented 2 months ago

Excellent - Glad it's working now!

pglombardo / PasswordPusher