Closed robsonware closed 6 months ago
could you please check the tls version of your mailserver and report back the output with:
openssl s_client -starttls smtp -crlf -connect mailserver.domain.tld:25
Hey @robsonware, happy that you like using An Otter Wiki.
The problem you are observing, is the mail client trying to send the email. It is reporting a problem with the server. The client here is An Otter Wiki using Flask-Mail, which is using the python smtplib.
Since your other systems are working with your mailserver, please double check that you have picked the correct Mail Server Port
and Mail Security
, e.g. port 465
with SSL
or port 25
with TLS
, or port 587
with TLS
and report it back here.
If it is the case, that your mail server is the problem, you could path the /etc/ssl/openssl.cnf
in the otterwiki image, but I would recommend to update the mailserver, soon.
Hey guys.
Thanks for the quick response.
@shangri26199 I don't have access to the email server, it is a department from another institution that provides the email sending service for the company where I work.
@redimp I checked and tested other port configurations but the error persists. If I try other configurations other than port 587 + TLS it returns the same error or "Error: [Errno 113] No route to host"
The strange thing is that in other applications written in PHP, GO, JAVA or Node, all emails are sent normally. However, another application written in Ruby (Zammad) had the same error, but the Zammad implementation project was abandoned and this problem remained in limbo.
But you can close this issue, apparently the problem is with the mailserver, I will check if they can update it.
Thank you very much.
Hey @robsonware,
you can check this from any machine with the openssl package installed. If running the containers on a linux host (or WSL as your log suggests) you can check the emailserver from this host too.
@shangri26199 ok, the output for openssl s_client -starttls smtp -crlf -connect smtp.xxx.xxx:587 is:
CONNECTED(00000003)
depth=3 OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
verify return:1
depth=2 C = BE, O = GlobalSign nv-sa, CN = Trusted Root TLS CA SHA256 G3
verify return:1
depth=1 C = BR, O = XXXXXXXXXXXXXXXXXXXX - RNP, CN = RNP ICPEdu OV SSL CA 2019
verify return:1
depth=0 C = BR, ST = Rio de Janeiro, L = Rio de Janeiro, O = XXXXXXXXXXXXXXXXXXXX, CN = *.XXXXXXXXXXXXXXXXXXXX.br
verify return:1
40D7AD2CAA7F0000:error:0A00018A:SSL routines:tls_process_ske_dhe:dh key too small:../ssl/statem/statem_clnt.c:2086:
---
Certificate chain
0 s:C = BR, ST = Rio de Janeiro, L = Rio de Janeiro, O = XXXXXXXXXXXXXXXXXXXX, CN = *.XXXXXXXXXXXXXXXXXXXX.br
i:C = BR, O = Rede Nacional de Ensino e Pesquisa - RNP, CN = RNP ICPEdu OV SSL CA 2019
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jul 4 13:37:06 2023 GMT; NotAfter: Aug 4 12:51:12 2024 GMT
1 s:C = BR, O = Rede Nacional de Ensino e Pesquisa - RNP, CN = RNP ICPEdu OV SSL CA 2019
i:C = BE, O = GlobalSign nv-sa, CN = Trusted Root TLS CA SHA256 G3
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jul 5 00:00:00 2020 GMT; NotAfter: May 15 00:00:00 2026 GMT
2 s:C = BE, O = GlobalSign nv-sa, CN = Trusted Root TLS CA SHA256 G3
i:OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jul 5 00:00:00 2020 GMT; NotAfter: Apr 25 11:00:00 2027 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGyTCCBbGgAwIBAgIMcHs8Wv1rOyE7gtr2MA0GCSqGSIb3DQEBCwUAMGQxCzAJ
BgNVBAYTAkJSMTEwLwYDVQQKEyhSZWRlIE5hY2lvbmFsIGRlIEVuc2lubyBlIFBl
c3F1aXNhIC0gUk5QMSIwIAYDVQQDExlSTlAgSUNQRWR1IE9WIFNTTCBDQSAyMDE5
MB4XDTIzMDcwNDEzMzcwNloXDTI0MDgwNDEyNTExMlowgYYxCzAJBgNVBAYTAkJS
MRcwFQYDVQQIEw5SaW8gZGUgSmFuZWlybzEXMBUGA1UEBxMOUmlvIGRlIEphbmVp
cm8xMTAvBgNVBAoTKFVuaXZlcnNpZGFkZSB...==
-----END CERTIFICATE-----
subject=C = BR, ST = Rio de Janeiro, L = Rio de Janeiro, O = XXXXXXXXXXXXXXXXXXXX, CN = *.XXXXXXXXXXXXXXXXXXXX.br
issuer=C = BR, O = Rede Nacional de Ensino e Pesquisa - RNP, CN = RNP ICPEdu OV SSL CA 2019
---
No client certificate CA names sent
---
SSL handshake has read 5016 bytes and written 354 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1704300938
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
Some informations was masked with XXXXXXXXXXXXXXXXXXXX. Certificate is truncated.
Looks like the issuee is comming from the mailserver, see
40D7AD2CAA7F0000:error:0A00018A:SSL routines:tls_process_ske_dhe:dh key too small:../ssl/statem/statem_clnt.c:2086:
you should report this to whoever is running the server and give additional information like https://weakdh.org/ . as this could surely be fixed on changing the way how mails are written, i don't think that's the proper way.
Good luck with poking the mailservers department! A useful tool is https://testssl.sh/, perhaps this will give your request more emphasis.
Since this is not a otterwiki issue, I close this issue.
Hello, first at all, thanks for this amazing tool!
Guys, I'm having problems with DH_KEY_TOO_SMALL. I'm try to generate another one key inside container.
then
But e-mail sender still not working.
I'm using for now in localhost, but I'll deploy to production after resolve this e-mail issue.
The docker logs from otterwiki container:
All e-mail setup is correct, others systems and containers works properly.
My docker-compose.yml file: