Google Security Alert With Node Mailer - node.js

I am having an issue with my portfolio site, which is currently coded using Node and Express. I am using Nodemailer with Google's SMTP for my contact form. My code is all working, my problem is actually with Google.
Sometimes the emails from my contact form will go through no problem. Other times, people will get an error because Google will send me a "Critical Security Alert" for my connected account (thus not allowing the SMTP to log in). I have already enabled less secure apps. I have searched for hours for an answer and cannot find one anywhere.
This is what my createTransport() function looks like (I have changed the email and password):
const smtpTrans = nodemailer.createTransport({
host: 'smtp.gmail.com',
port: 465,
secure: true,
auth: {
user: "example#gmail.com",
pass: "example"
}
})
Anyone know how I can fix this?

You need to log in your Google account and then go to https://myaccount.google.com/lesssecureapps. In that web you should set the switch to ON (should be OFF the first time you enter) so that it allows other applications to access your account

Related

Nodemailer: My frontend website can't send emails through node mailer from a different IP address

My frontend portfolio has an emailing option which sends a post req to nodemailer in the backend.
My portfolio is already deployed in firebase and I'm currently running the backend on the localhost server.
I face no issues when I send emails on my laptop, same IP address, while I receive an error whenever I try sending emails on a different device.
I have searched around for a day now and I can't find an available solution. Any idea on how I can solve this issue?
My nodemailer configuration:
const transporter = nodemailer.createTransport(smtpTransport({
name: 'domainname',
host: 'domainname.com',
port: 443,
secure: true,
service: 'gmail',
auth: {
user: '*****#gmail.com',
pass: '******' //Google's less secure apps option enabled.
},
tls: {
// do not fail on invalid certs
rejectUnauthorized: false,
}
}))
The following error is logged into the console when sending email fails:
POST http://localhost:4000/api/email/ net::ERR_CONNECTION_REFUSED
TypeError: Failed to fetch
at main.1ec56b92.js:2:347746
at c (main.1ec56b92.js:2:168378)
at Generator._invoke (main.1ec56b92.js:2:168166)
at Generator.next (main.1ec56b92.js:2:168807)
at Ft (main.1ec56b92.js:2:332714)
at i (main.1ec56b92.js:2:347506)
at main.1ec56b92.js:2:347567
at new Promise (<anonymous>)
at main.1ec56b92.js:2:347446
at main.1ec56b92.js:2:348157
Thank you
As Derpirscher pointed out, the host of the backend was hardcoded as localhost:4000 hence why it worked on my laptop and failed on my phone.
The solution for me was to deploy the code to a server -like Heroku- and use its address to connect to the nodemailer API, eg: https://project.herokuapp.com/api/email instead of https://localhost:4000/api/email

error 550 Domain not allowed in header from

I am trying to get namecheap c-panel email hooked up with my nodemailer server instance but I am unable to find how to do that.
here is my nodemailer code
let transporter = nodemailer.createTransport({
host: "premium174.web-hosting.com",
port: 465,
secure: true,
auth: {
user: username,
pass: password
},
connectionTimeout: 30000
});
from part in the sendMail method contains the email I am logging in to
I am able to establish a connection the server using these details but I can't send any email, AT ALL. anytime I try to send it the error I get is
code: 'EENVELOPE',
response: '550-"Your IP: my-ip-here : Your domain domain-here is not allowed in header\n' +
'550 From"',
responseCode: 550,
command: 'RCPT TO'
the send mail part is all correct and it works with the other emails I have but this one just would not work
You can visit Email Routing from cPanel and choose "Local Mail Exchanger" under Configure Email Routing.
Ok so what I had to do was to change namecheap email routing to local and it worked :D

SMTP server using hmailserver. Host cannot be resolved to a type

I am trying to create a local SMTP server. I configured everything according to this: Link to set-up hmailserver
After that, I ran my diagnostics thing and it said host(in my case, noreply#bufferoverflow.com) cannot be resolved. I googled and read the documentation and question section of hmailserver Docs and found that I am missing a DNS configuration on my machine.
I followed this article to set-up the DNS ip to name: How to add ip domain mapping in windows
127.0.0.1 bufferoverflow.com
on my
C:\Windows\System32\drivers\etc>notepad hosts.ics
It still said host cannot be resolved to a type. I tried to see if the port was actually open and listening. So I did this command in CMD:
netstat -a
It's listening. I doubled checked everything but coudn't found where I was going wrong. I created a simple nodejs server and hosted it on port 80 at localhost and typed "bufferoverflow.com" in my browser it opened 127.0.0.1 aka localhost which is because it has an ip domain mapping I have given.
Now I am lost as why the hostname can't be resolved. My DNS is cool. Everthing is configured as docs says and the port is also open and listening. Please help me.
So based on what you said you created your own SMTP server which is nice and all to learn, but I would recommend using SendinBlue 3rd party service FREE and gives you 300 mails/day
Getting Started with sendinblue:
Link: https://www.sendinblue.com/
Go make and an account free of charge till you decide to pay you'll read there
Once your account is all set, and activated often SMTP service for ones account is not automatically activate so you'd have to email them and they literally respond within 24hr I LOVE THE SERVICE(I am not promoting nor sponsored to hype them or anything just saying the truth of what I have experienced).
So now at this point your account and SMTP service is activated, now question is how do you use sendinBlue?
In your dashboard on your Top right you will see your username
Click on that and a dropdown menu should appear
Then you want to go to SMTP & API
Once you then you will see a menu with API Keys on the left and SMTP on the right
You want to click on the SMTP.
Once you the you will see Login that would be the email you registered with and you will see Master password now that is what you use to authenticate yourself.
Implementation: Now you have everything sorted you know where you keys are and login
In .env file
sendinBlue__login=<Your email that your saw in that smtp tab>
sendinBlue__key= <Key you saw in that smtp tab>
In your file where you want to send email
const nodemailer = require('nodemailer');
router.post('/api/email', (request, response)=>{
const transporter = nodemailer.createTransport({
service:'SendinBlue',
auth:{
user:process.env.sendinBlue__login,
pass:process.env.sendinBlue__key
}
})
const mailOptions = {
from:process.env.sendinBlue__login
to:'example#gmail.com',
subject:'Order confirmation',
html:`
<h1>Confirmation of your received order</h1>
`
}
transporter.sendMail(mailOptions, (error, info)=>{
if (error){
console.log(error);
return response.status(500).json({msg:"Email failed to send probably network problems or SMTP not activated"});
}
return reponse.status(200).json({msg:'Email sent'});
})
})
Now this is how easy sendinBlue works just simple signup and account activation also SMTP activation if not activated from get go by email customer support
If that guide above did not make sense to you: Shameless plug
You can go checkout my video that I did and I was using sendinBlue with nodemailer for emailing it's a bit at the end
Link: https://youtu.be/5vWXbGIdDQw
Now If you want to send an email using noreply#domain.com with sendinBlue you do not even have to have the email activated but still can send
How you go about this is the way you craft your mailOptions
router.get("/api/test", (request, response) => {
const transpoter = nodemailer.createTransport({
service: "SendinBlue",
auth: {
user: process.env.sendinBlue__email,
pass: process.env.sendinBlue__key,
},
});
const mailOptions = {
from: "noreply#Test.com",
to: "juniorWebProjects#gmail.com",
subject: "Confirmation Order",
html: `
<h1>Order Received</h1>
`,
};
transpoter.sendMail(mailOptions, (err, info) => {
if (err) {
return console.log(err);
}
return console.log("Message sent");
});
});
See on my mailOptions I explicitly wrote myself the email that I want and when sendinBlue sends that email the receiver will see that is coming from noreply#Test.com

Unlock a nodejs program through email answer

I'm working with dialog flow on Google home, and I have a program which sends an email (via Nodemailer), I would like to lock a function, and unlock it depending on the email's answer.
Maybe I could put a link inside the email as "if you agree with this, click on this link, otherwise don't".
Can I get the answer with my program? If yes, how?
Here is the function I use to send my email:
var transporter = nodemailer.createTransport({
service: 'gmail',
auth: {
user: '**********',
pass: '**********'
}
});
var mailOptions = {
from: '*********#gmail.com',
to: '********.********#gmail.com',
subject: 'Sending Email using Node.js',
text: 'That was easy!'
};
transporter.sendMail(mailOptions, function(error, info){
if (error) {
console.log(error);
} else {
console.log('Email sent: ' + info.response);
}
Thanks.
You have a lot of things you need to think about when designing this - nevermind actually coding it.
Somehow you need to get the user's address in the first place. Google Home (and the Actions on Google platform) don't have a way to give this to you, and asking the user for their info is a bad UX.
One way you can get their address is through Account Linking, which lets you link their Assistant account to an account in your system. This won't give you the address directly, but since they have to log in through your website first, you can either use Google Login (and thus get their profile info) or ask them for it as part of your account process.
Once you have their address - you want to verify it. There are a ton of suggestions on the web about how to correctly do double-opt-in. Make sure you follow them. There are node modules that will help you do this as well - you don't need to write your own.
Coding this securely is not something to be taken lightly. Doing it wrong lets you become a spam relay. Doing it not-quite-right may just have you considered as spam by the email providers.
All you have to do is Define System so that from that E-mail box e-mail will be sent. Example, you can add your Gmail account and password. Add this code just in Server.js just below the var app=express() line.
var smtpTransport = nodemailer.createTransport({
service: "gmail",
host: "smtp.gmail.com",
auth: {
user: "",
pass: ""
}
});

Accessing SMTP server with AUTH NTLM from Node.js

I'm trying to access a SMTP server with AUTH type of NTLM.
I'm using nodemailer and nodemailer-smtp-transport as such:
var config = require('./config.json');
var nodemailer = require('nodemailer');
var smtpTransport = require('nodemailer-smtp-transport');
var transporter = nodemailer.createTransport(smtpTransport({
host : config.mailer.host,
port: config.mailer.port,
auth: {
user: config.mailer.username,
pass: config.mailer.password
},
authMethod: 'PLAIN'
}));
But it doesn't work. The error I get is:
{ [Error: Invalid login: 504 5.7.4 Unrecognized authentication type]
code: 'EAUTH',
response: '504 5.7.4 Unrecognized authentication type',
responseCode: 504 }
Which makes sense, because if I telnet into the SMTP server
ehlo server.domain.net
250-server.domin.net Hello [10.100.10.100]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250 XRDST
And enter
AUTH PLAIN
I get
504 5.7.4 Unrecognized authentication type
But inside Node, if I change the authMethod to 'NTLM', I get an error that says
{ [Error: Unknown authentication method "NTLM"] code: 'EAUTH' }
I'm suspecting that nodemailer just doesn't support NTLM. If that's the case, how do I connect to a SMTP server that requires NTLM authentication type?
Thanks
My company ran into the same problem a few days ago. The options we considered were:
Ask the exchange server admins to enable PLAIN auth under STARTTLS (it is secure and appears to only involve ticking a couple of checkboxes)
Set up a local relay (e.g. postfix) that relays to Exchange, and use the postfix relay from nodemailer
Fork nodemailer and add NTLM support
Unfortunately we hit political issues on the easy options (1) and (2), so had to fork nodemailer.
I didn't send a pull request yet, but the fork is here. For the time being the easiest way to use it is via npm by referring directly to the github project in your package json, e.g.:
"dependences": {
"nodemailer": "steveliles/nodemailer"
}
If you're interested, most of the change was actually in a sub-sub-project (smtp-connection), and the forks of nodemailer, nodemailer-smtp-pool, and nodemailer-smtp-transport are only necessary to get my smtp-connection fork to be picked up.
We didn't need to implement the NTLM protocol, as SamDecrock's httpntlm already did the hard work.
It has only been tested against Exchange 2007 over TLS (with STARTTLS) and no domain or workstation.
If you do need domain + workstation in the credentials, just add them to nodemailer's options.auth and they will be passed through, e.g.
var smtpConfig = {
host: 'ntlm.boo.hoo',
port: 25,
auth: {
domain: 'windows-domain',
workstation: 'windows-workstation',
user: 'user#somedomain.com',
pass: 'pass'
}
};
We were even more unlucky in that the exchange server we're connecting to doesn't have a valid SSL certificate, but luckily nodemailer can handle that by setting tls: {rejectUnauthorized: false} in the options.
From version 6.x.x, you can use custom auth:
https://github.com/nodemailer/nodemailer-ntlm-auth
Refs: https://nodemailer.com/smtp/#authentication
If this is an internal/service type application and your server admin doesn't mind, you can ask them to create a host without authorization and just get rid of
auth: {
user: '-----------',
pass: '-----------'
}
Since I'm just creating a service type app just to send emails on a schedule, my server admin allowed this for me.
Worked for me but I'm sure this solution is not for everyone!

Resources