search

wneessen / go-mail

📧 Easy to use, yet comprehensive library for sending mails with Go
https://go-mail.dev
MIT License
571 stars 44 forks source link

Stucking at [220 Ready to start TLS] #156

Closed chekun closed 10 months ago

chekun commented 10 months ago

Description

2023/11/20 18:23:32 DEBUG: C --> S: EHLO chekunMacBook-Pro.local
2023/11/20 18:23:33 DEBUG: C <-- S: 250 smtp.qq.com
PIPELINING
SIZE 73400320
STARTTLS
AUTH LOGIN PLAIN
AUTH=LOGIN
MAILCOMPRESS
8BITMIME
2023/11/20 18:23:33 DEBUG: C --> S: STARTTLS
2023/11/20 18:23:33 DEBUG: C <-- S: 220 Ready to start TLS
2023/11/20 18:23:33 DEBUG: C --> S: EHLO chekunMacBook-Pro.local

To Reproduce

use dummy account and password to connect to smtp.exmail.qq.com:587 and send email

Expected behaviour

using dummy account ,we expect to see auth failed

but we see stucked at start to send TLS

Screenshots

No response

Attempted Fixes

No response

Additional context

No response

wneessen commented 10 months ago

Hi @chekun

I am not able to reproduce this issue. I just set up a quick test program with smtp.qq.com as mail server and dummy auth data and I am receiving the expected "auth failed" message.

Here is the code:

package main

import (
        "context"
        "fmt"
        "os"

        "github.com/wneessen/go-mail"
)

func main() {
        c, err := mail.NewClient("smtp.qq.com", mail.WithTLSPolicy(mail.TLSMandatory),
                mail.WithSMTPAuth(mail.SMTPAuthLogin), mail.WithUsername("dummy@dummy.com"),
                mail.WithPassword("Test123"), mail.WithPort(25),
                mail.WithDebugLog())
        if err != nil {
                fmt.Printf("failed to create new client: %s\n", err)
                os.Exit(1)
        }
        if err := c.DialWithContext(context.Background()); err != nil {
                fmt.Printf("failed to dial: %s\n", err)
                os.Exit(1)
        }
        _ = c.Close()
}

And here is the output:

2023/11/20 11:34:32 DEBUG: C --> S: EHLO arch-vm.redacted.local
2023/11/20 11:34:33 DEBUG: C <-- S: 250 newxmesmtplogicsvrsza10-0.qq.com                                                                                                
PIPELINING                                                                                                                                                              
SIZE 73400320                                                                                                                                                           
STARTTLS                                                                                                                                                                
AUTH LOGIN PLAIN XOAUTH XOAUTH2                                                                                                                                         
AUTH=LOGIN
MAILCOMPRESS
8BITMIME
2023/11/20 11:34:33 DEBUG: C --> S: STARTTLS
2023/11/20 11:34:33 DEBUG: C <-- S: 220 Ready to start TLS from 37.82.52.123 to newxmesmtplogicsvrsza10-0.qq.com.
2023/11/20 11:34:33 DEBUG: C --> S: EHLO arch-vm.redacted.local
2023/11/20 11:34:34 DEBUG: C <-- S: 250 newxmesmtplogicsvrsza10-0.qq.com
PIPELINING
SIZE 73400320
AUTH LOGIN PLAIN XOAUTH XOAUTH2
AUTH=LOGIN
MAILCOMPRESS
8BITMIME
2023/11/20 11:34:34 DEBUG: C --> S: NOOP
2023/11/20 11:34:34 DEBUG: C <-- S: 250 OK from 37.82.52.123 to newxmesmtplogicsvrsza10-0.qq.com.
2023/11/20 11:34:34 DEBUG: C --> S: AUTH LOGIN
2023/11/20 11:34:34 DEBUG: C <-- S: 334 VXNlcm5hbWU6
2023/11/20 11:34:34 DEBUG: C --> S: ZHVtbXlAZHVtbXkuY29t
2023/11/20 11:34:35 DEBUG: C <-- S: 334 UGFzc3dvcmQ6
2023/11/20 11:34:35 DEBUG: C --> S: VGVzdDEyMw==
2023/11/20 11:34:35 DEBUG: C <-- S: 535 Login Fail. Please enter your authorization code to login. More information in http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=28&&no=1001256
2023/11/20 11:34:35 DEBUG: C --> S: *
2023/11/20 11:34:35 DEBUG: C <-- S: 0 
2023/11/20 11:34:35 DEBUG: C --> S: QUIT
2023/11/20 11:34:35 DEBUG: C <-- S: 0 
failed to dial: SMTP AUTH failed: 535 Login Fail. Please enter your authorization code to login. More information in http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=28&&no=1001256

Can you maybe provide more context on what you are trying to accomplish? Also I can see that you connect gets stuck after the STARTTLS. SMTP-STARTTLS works in the way, that it will open an unencrpyted connection with the SMTP server, say "hello" and if the server offers the "STARTTLS" capabilities, the client will send a request that it would like to encrypt from now on by replying with "STARTTLS". Then a new connecctivity is established following the "hello" again and then the auth process would start. For you it seems like you are stuck after the 2nd "hello". Maybe some kind of firewall or security meassure in your network is denying the encrpyted connection?

Edit to avoid confusion: I just noticed that you were referring to port 587 instead of 25. I've tested this as well with exactly the same result.

chekun commented 10 months ago

Hi @wneessen , it's not mail.qq.com:25 it's smtp.exmail.qq.com:587

you can test with code below

package main

import (
        "context"
        "fmt"
        "os"

        "github.com/wneessen/go-mail"
)

func main() {
        m := mail.NewMsg()
    m.From("Demo <demo@dummy.com>")
    m.To("demo@dummy2.com")
    m.Subject("Just a demo")
    m.SetBodyString(mail.TypeTextPlain, `Hello, this is a test that will never be sent.`)
    c, err := mail.NewClient("smtp.exmail.qq.com", mail.WithPort(587), mail.WithSMTPAuth(mail.SMTPAuthPlain), mail.WithDebugLog(),
        mail.WithUsername("demo@dummy.com"), mail.WithPassword("password"))
    if err != nil {
        log.Fatalf("failed to create mail client: %s", err)
    }
    if err := c.DialAndSend(m); err != nil {
        log.Fatalf("failed to send mail: %s", err)
    }

}

here is the video

wneessen commented 10 months ago

Same result on my end

2023/11/20 12:10:51 DEBUG: C --> S: EHLO arch-vm.redacted.local
2023/11/20 12:10:52 DEBUG: C <-- S: 250 smtp.qq.com
PIPELINING
SIZE 73400320
STARTTLS
AUTH LOGIN PLAIN
AUTH=LOGIN
MAILCOMPRESS
8BITMIME
2023/11/20 12:10:52 DEBUG: C --> S: STARTTLS
2023/11/20 12:10:52 DEBUG: C <-- S: 220 Ready to start TLS
2023/11/20 12:10:52 DEBUG: C --> S: EHLO arch-vm.redacted.local
2023/11/20 12:10:53 DEBUG: C <-- S: 250 smtp.qq.com
PIPELINING
SIZE 73400320
AUTH LOGIN PLAIN
AUTH=LOGIN
MAILCOMPRESS
8BITMIME
2023/11/20 12:10:53 DEBUG: C --> S: NOOP
2023/11/20 12:10:53 DEBUG: C <-- S: 250 Ok
2023/11/20 12:10:53 DEBUG: C --> S: AUTH PLAIN AGRlbW9AZHVtbXkuY29tAHBhc3N3b3Jk
2023/11/20 12:10:53 DEBUG: C <-- S: 535 Error: authentication failed, system busy
2023/11/20 12:10:53 DEBUG: C --> S: *
2023/11/20 12:10:54 DEBUG: C <-- S: 502 Error: command not implemented
2023/11/20 12:10:54 DEBUG: C --> S: QUIT
2023/11/20 12:10:54 DEBUG: C <-- S: 221 Bye
2023/11/20 12:10:54 failed to send mail: dial failed: SMTP AUTH failed: 535 Error: authentication failed, system busy
exit status 1
chekun commented 10 months ago

Can you try several times? see it will stuck or not.

wneessen commented 10 months ago

Yes, I can confirm that after the first failed authentication try, I am experiencing the same behaviour. It's likely some anti-brute-force security measure by qq.com. I then tried dialing up in a VPN and I could connect again for two times after getting blocked again.

chekun commented 10 months ago

Thank you very much. @wneessen Close it for this is a server security measure, not a bug.

chekun commented 10 months ago

After trying, I got it worked.

using port 465 and WithSSL() option, all worked fine.

Again, thank you for your time, and for providing this great package.