search

salesagility / SuiteCRM

SuiteCRM - Open source CRM for the world
https://www.suitecrm.com
GNU Affero General Public License v3.0
4.56k stars 2.11k forks source link

I can't send emails with TLS #2807

Open Jonatanestam opened 7 years ago

Jonatanestam commented 7 years ago

Issue

Hello. SuiteCRM can't send emails when TLS is on. I use my own SMTP server. Perhaps that the problem isn't my server config, because I able to send mails with Outlook, Android (default mail app) and iOs (default mail app). When TLS is off all works fine.

Expected Behavior

Send mails when TLS is on.

Actual Behavior

SuiteCRM error. Error:SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting

Mail log using SSL

  1. setting up TLS connection from localhost.localdomain[127.0.0.1]
  2. TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
  3. SSL_accept:before/accept initialization
  4. SSL_accept:SSLv3 read client hello A
  5. SSL_accept:SSLv3 write server hello A
  6. SSL_accept:SSLv3 write certificate A
  7. SSL_accept:SSLv3 write key exchange A
  8. SSL_accept:SSLv3 write server done A
  9. SSL_accept:SSLv3 flush data
  10. SSL_accept:SSLv3 read client key exchange A
  11. SSL_accept:SSLv3 read finished A
  12. SSL_accept:SSLv3 write session ticket A
  13. SSL_accept:SSLv3 write change cipher spec A
  14. SSL_accept:SSLv3 write finished A
  15. SSL_accept:SSLv3 flush data
  16. Anonymous TLS connection established from localhost.localdomain
  17. TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
  18. lost connection after STARTTLS from localhost.localdomain
  19. disconnect from localhost.localdomain[127.0.0.1]
  20. TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH"

Mail log using TLS

  1. setting up TLS connection from localhost.localdomain[127.0.0.1]
  2. AAC localhost.localdomain[127.0.0.1]: TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
  3. AAC SSL_accept:before/accept initialization
  4. AAC SSL_accept:SSLv3 read client hello A
  5. AAC SSL_accept:SSLv3 write server hello A
  6. AAC write to 7F970B9B9050 [7F970B9D9C50] (4096 bytes => 4096 (0x1000))
  7. AAC SSL_accept:SSLv3 write certificate A
  8. AAC SSL_accept:SSLv3 write key exchange A
  9. AAC SSL_accept:SSLv3 write server done A
  10. AAC write to 7F970B9B9050 [7F970B9D9C50] (1734 bytes => 1734 (0x6C6))
  11. AAC SSL_accept:SSLv3 flush data
  12. AAC Anonymous TLS connection established from localhost.localdomain[127.0.0.1]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
  13. AAC lost connection after STARTTLS from localhost.localdomain[127.0.0.1]
  14. AAC disconnect from localhost.localdomain[127.0.0.1]

Mail log using Plain

  1. connect from localhost.localdomain[127.0.0.1]
  2. disconnect from localhost.localdomain[127.0.0.1]

Possible Fix

If I comment out these lines of code on /etc/postfix/main.cf
smtpd_use_tls = yes ssmtpd_tls_auth_only = yes ssmtpd_tls_security_level = encrypt ssmtpd_tls_cert_file = /xx/xxxx/MySuiteCRMDomain_com.crt ssmtpd_tls_key_file = /xxx/xx/server.key ssmtpd_tls_CAfile = /xxx/xxx/cacert.pem All works fine

Context

I can´t send emails.

Your Environment

Mausino commented 5 years ago

Hi, @ApatheticCosmos

should you please look if https://github.com/salesagility/SuiteCRM/issues/2807#issuecomment-333846943 is working and fix the issue? sorry but i have very less experiences with protocols like TLS or others and you see as guy which is expert on email module 👍

b0br2019 commented 4 years ago

Hello all. Was this issue got to the bottom of at some point?

I have trouble thinking its a phpmailer/tls issue as sending from other area of crm works with tls.

Sending a test from >> Admin >> Email settings = Works. Sending a test from >> Admin >> Outbound = Not Works.

I dont get it, the emails that worked still sent with TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256.

I'd lean over to the possiblity that the two sending mechanisms are coded differently?

If anyone can explain what the issue was I'd love to find out.

Thank you.

pgorod commented 4 years ago

@b0br2019 which version are you running?

If you are really stumped, maybe you can try uncommenting these lines here:

https://github.com/salesagility/SuiteCRM/blob/master/include/SugarPHPMailer.php#L457

https://github.com/salesagility/SuiteCRM/blob/master/include/SugarPHPMailer.php#L497-L502

This will put some more information in your logs to help you troubleshoot, and compare the two different tests.

You need to raise your log level to debug to see that (or, a cleaner solution I prefer myself, change those debug in the code to fatal to ensure they show in the logs, without too much other stuff in there).

b0br2019 commented 4 years ago

My issue was nothing to do with TLS, although I was thrown off as I use TLS and was likley a bug in older version 7.6.x where smtp port field in outbound email profile was being validated/verified/adjusted to include a comma for 4 digit ports when saved. This issue went away in 7.8.x and I'm now using 7.10.22 LTS with no such issue.