I'm currently trying to set up a website using Bolt CMS. For a simple contact form, I'm trying to use the "SimpleForms" extension. For this, it seems I have to set up a "mailoptions" field in "config.yml".
Now, for the mail host I use Zoho Mail. I have successfully made an account, verified my domain and so on. My current mailoptions values in the config look like this:
mailoptions:
transport: smtp
host: smtp.zoho.com
port: 465
username: ****
password: ****
auth_mode: null
encyption: null
senderMail: null
senderName: null
Notice, I've obviously just inserted some stars where the username and password is supposed to go :-)
Now, I'm not exactly sure what values are allowed for the last 4 fields. I have not for the life of me been able to find any documentation on this. However, if I simply try to send an email through a SimpleForms contact form with these settings, I get the following error:
Swift_TransportException:
Connection to smtp.zoho.com:465 Timed Out
Again, haven't been able to find much info on this problem. My initial guess is that it might have to do with me not properly setting the last 4 fields, however I just do not know what they are supposed to be :( All I know, from following a DigitalOcean tutorial (I use DigitalOcean as server host), is that the settings are supposed to be as follow:
SMTP Host: smtp.zoho.com
SMTP Port: 465
Use SSL Encryption: Yes, use SSL encryption
SMTP Authentication: Yes, use SMTP authentication
Email Address or Username: The email address that you set up in the previous step. In our example, the email address is "application#example.com"
Email Name: The name associated with the email address. In our example, the name of the email is "Application Mail"
Email Password: The password that you set when you created the application mail account
I have tried different values for auth_mode and encryption, such as:
auth_mode: smtp
encryption: ssl
However, this still gives me the same timeout error.
[EDIT]
So, I was able to find the actual documentation for the values (which is Swiftmailer related). My current settings looks like this:
mailoptions:
transport: smtp
host: smtp.zoho.com
port: 465
username: ****
password: ****
auth_mode: login
encyption: ssl
senderMail: **** (The same as the username email)
senderName: **** (The name of the email account holder)
I've also double checked the mail settings from Zoho's own website, HERE.
This all seems to be correct settings, however I am still getting the original timeout message :(
EDIT
Check the comment of the answer for my stupid mistake :)
Bolt just uses Swiftmailer via the Silex service provider. The Silex documentation page probably has the answers you're looking for… namely:
The following options can be set:
host: SMTP hostname, defaults to 'localhost'.
port: SMTP port, defaults to 25. username: SMTP username, defaults to an empty string.
password: SMTP password, defaults to an empty string.
encryption: SMTP encryption, defaults to null. Valid values are 'tls', 'ssl', or null (indicating no encryption).
auth_mode: SMTP authentication mode, defaults to null. Valid values are 'plain', 'login', 'cram-md5', or null.
For anyone having this problem, do check with your host if there is a security setting that disallows outgoing SMTP.
Related
Im having a problem with sending emails using Amazon SES. I have an Amazon EC2 instance.
It worked for the first couple of days but I just noticed last week all emails now fail. I have tried sending using Node and the Amazon SES sdk and from within AWS where you can send a test email. I have the following code in Node:
var aws = require('aws-sdk');
// load aws config
aws.config.loadFromPath('email_config.json');
// load AWS SES
var ses = new aws.SES({
apiVersion: '2010-12-01'
});
ses.sendEmail({
Source: from,
Destination: {
ToAddresses: to
},
Message: {
Subject: {
Data: 'Somebody registered'
},
Body: {
Html: {
Data: body,
}
}
}
}, function(err, data) {
console.log('email err is ', err, ' and data is ', data);
});
The result of the log is:
email err is null and data is { ResponseMetadata: { RequestId: 'ad28f526-0b15-11e6-ad87-1108d652684a' },
MessageId: '010101544ebc41b3-f7bd43dd-0505-4eb2-a056-219ce6180fc5-000000' }
But the email doesnt deliever and I then receive an email from Amazon saying:
An error occurred while trying to deliver the mail to the following recipients: < my email address >
This contains an attachment with the following text:
From: < my email address >
To: < my email address >
Subject: Somebody registered
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Message-ID: <010101544ebc41b3-f7bd43dd-0505-4eb2-a056-219ce6180fc5-000000#us-west-2.amazonses.com>
Date: Mon, 25 Apr 2016 18:44:01 +0000
X-SES-Outgoing: 2016.04.25-54.240.27.56
Feedback-ID: 1.us-west-2.GkIUmTTEDEIC5VBoooumwcKSnMDcLT8S4Zd3/deS/BU=:AmazonSES
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx; d=amazonses.com; t=1461609841;
h=From:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID:Date:Feedback-ID;
bh=fHqQiK/2DJ+B7zddmElFttCiWFnADDSNj5umLJQCPJs=;
b=ZI/358zmcRHVBKTdA6qbQky5nj5z/YWw215KvkZ+oD73N0booHbl+jx+O05FdcKR
irDjmyEDppGkp7rToZSTt/NHDeRrbERixT/ZCjGo/KOxvShovD7Z5mnDViRmkS5sTz5
qo0oO0NuRz1lGVPkT5ONHNhKhWs7ncC9id0ycm34=
When I actually log into AWS and send a test email through the console, I get the same failure.
I have verified the senders email address and I have an approved sending limit for the region.
Any ideas what this could be?
EDIT
I just noticed in my AWS control panel > SES Home > Domains it says my domain is 'pending verification'. Could this be it? It says I need to add a TXT DNS record with a name of xxx and value of yyy. I already did this on Register365. Maybe I did it wrong? Register365 doesnt provide name and value fields for a TXT record, only a 'result' field. So I added a TXT record with the 'result' field of: xxx=yyy. Is this the correct approach? This was weeks ago though and its still pending verification....
EDIT
I've since added a TXT record to my Register 365 control panel, and still my domain cannot be verified. The record looks like:
Amazon provided me with the following TXT record to verify my domain:
TXT Name*: _amazonses.mydomain.com
TXT Value: u1qHYT6/2KV9Kl1VLKsApXjwcPqVXKJ8KeXj50k=
So in the Register 365 control panel "result" field I've added the record in the form name=value i.e "_amazonses.mydomain.com=u1qHYT6/2KV9Kl1VLKsApXjwcPqVXKJ8KeXj50k="
I then ran nslookup to find the record but got the message:
server can't find _amazonses.mydomain.com: NXDOMAIN
What am I doing wrong?
EDIT
I have now changed the TXT record to:
But after 3 days I have gotten another email from Amazon saying they have failed to verify the domain. Im utterly baffled now, I've been trying to verify it for 6 weeks!
My SES account is not in sandbox mode - i've already been approved to send email via SES. I've also verified my sender email address.
Are there any other options open to me? The Amazon SES service seems absolutely dire.
Also when I run:
nslookup -type=TXT _amazonses.redmatterapp.com ns-478.awsdns-59.com
I'm still seeing:
server can't find _amazonses.redmatterapp.com: NXDOMAIN
When I run:
nslookup -type=TXT redmatterapp.com ns-478.awsdns-59.com
I get:
Can't find redmatterapp.com: No answer
Why is this happening? My DNS is with Register 365
EDIT
Seems like the nameservers I was using with nslookup were wrong. When I run nslookup, i know get:
_amazonses.redmatterapp.com text = "u1qN5cbTEDb/2EV9Bhd67YHT5jjqVXKJ8KeXj50k="
Which looks right. Yet still verification for my domain fails...
As Michael, the SQL Bot pointed out, you need a hostname (_amazonses) on the left, and the value on the right. That will help to validate the domain.
However, there are a number of other possible reasons for failure. Is SES still in sandbox mode? If that's the case, you'll need to verify the TO and the FROM email addresses.
It might be easier to verify individual email addresses if you can't get the domain verification working. So create them in SES, and go through the validation process. Once you create those (or, if you manage to get the domain verified) create an SNS topic that sends you email, and then configure the Bounce, Complaint, and Delivery notifications to that SNS topic - you should end up with an email for every delivery attempt, regardless of whether it succeeds or not.
The last thing to consider is the possibility that your email address has been added to the supression list. If you generate a lot of errors, SES will add you to a "do not email" list. There is an ability to request removal from this list in the SES console.
The hostname part is _amazonses (left column, next to the number 2)
The value is "u1qHY..."
I think you're on the right track in that last image, only I believe the host name is _amazonses, and u1qHYT6/2KV9Kl1VLKsApXjwcPqVXKJ8KeXj50k= is the result, instead of putting everything in the result field in the form "_amazonses.yourdomain.com=u1qHYT6/2KV9Kl1VLKsApXjwcPqVXKJ8KeXj50k=". Iiuc, the idea is that AWS will curl _amazonses.yourdomain.com, expecting your key to be served as a TXT file, but currently you're serving a TXT file with the contents _amazonses.yourdomain.com=u1qHYT6/2KV9Kl1VLKsApXjwcPqVXKJ8KeXj50k= (I can't quite read, as its cut off; pardon my guess) on yourdomain.com instead.
The reason I believe this is that you're getting the error NXDOMAIN, which means the domain _amazonses.yourdomain.com doesn't exist, which makes sense if you hadn't set up a TXT record for _amazonses.yourdomain.com, but instead set up a txt record for http://yourdomain.com instead with the value _amazonses.yourdomain.com=u1qHYT6/2KV9Kl1VLKsApXjwcPqVXKJ8KeXj50k=. Its also what the other two answers seem to suggest, which makes me feel more confident.
I recently verified a domain for the company I work for successfully, it is set as follows in my domain DNS (as a TXT record):
It may be worth you reading Amazon's troubleshooting page if you're still having issues.
Adding to my answer:
I've just checked in my AWS console, if you open up SES > Domains and click on your domain name. Scroll down then click DKIM, I had to verify some more there:
And add them as CNAME records as follows:
One thing people forget with this process is the fact that, Amazon requires you to leave the TXT record in place even after the verification. Otherwise they will revoke the domain.
Hope this helps!
Yet another edit (sorry)
When I run nslookup -type=TXT _amazonses.redmatterapp.com ns-1471.awsdns-55.org to try and find your TXT record, it comes back:
Server: ns-1471.awsdns-55.org
Address: 205.251.197.191#53
** server can't find _amazonses.redmatterapp.com: NXDOMAIN
This shows that the TXT record is not setup correctly.
I've tried all the possible solutions available here in stackoverflow, however nothing... I think the problem is related to the firewall, I can send mail using SMTP gmail on my local machine, but not in my server, I get the following message:
Connection could not be established with host smtp.gmail.com [Connection timed out #110]
I've tried the following commands:
ufw allow 587/tcp
iptables -I OUTPUT -p tcp --dport 587 -j DROP
iptables -I OUTPUT -d smtp.gmail.com -p tcp -m tcp --dport 587 -j ACCEPT
iptables -L OUTPUT -n
However not worked...
This is my .env email settings:
MAIL_DRIVER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=*****#gmail.com
MAIL_PASSWORD=*****
MAIL_ENCRYPTION=tls
My controller for sending emails:
public function postEmail(PostEmailRequest $request)
{
if ($request){
Mail::send('app.pages.contato.email', $request->all(), function($message) use ($request)
{
$message->from($request->email , config('settings.website_title'));
$message->to(config('settings.admin_email'))->subject($request->assunto);
});
return redirect('contato');
}else{
return redirect('contato')->withErrors($request);
}
}
I sent a ticket to Digital ocean and that is the obtained answer:
Hello!
To curb a recent increase in abuse and SPAM, we have an initial SMTP block on new accounts created in certain contexts.
To remove that block we'd like to do some manual account verification.
Please let us know the following:
Your Name
Location
Phone Number
The reason you are requesting the removal of the SMTP block
Also, please provide as many of the following as you can to help us verify your identity:
Your public Twitter handle
Your blog
Your company or personal website
Your public Facebook profile
We take SPAM very seriously as we comply fully with the CAN-SPAM Act. If you're not familiar, this says that you may not send bulk email unless you maintain a double-authorized list of subscribed members including IP addresses and relevant contact information. Also, you must follow guidelines for including removal links with all sent emails according to the CAN-SPAM Act.
If you have any questions we're happy to help answer them for you.
Regards,
DigitalOcean Support
Edit
I replied with the information that was requested and now everything works perfectly =)
Have you tried the following:
.env:
MAIL_DRIVER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=465
MAIL_USERNAME=username#example.com
MAIL_PASSWORD=pass
and mail.php:
'encryption' => 'ssl',
You need to enable access for less secure applications google
https://www.google.com/settings/security/lesssecureapps
First of all check in gmail account if it allow to send email less secure apps.
https://support.google.com/accounts/answer/6010255?hl=en
Try to activate your account app password
https://accounts.google.com/b/0/DisplayUnlockCaptcha
To learn more: https://accounts.google.com/UnlockCaptcha
I had similar issue with my laravel 5.3 app. My error was with self signed certificate on server. Solution here - https://stackoverflow.com/a/41267848
add to your config/mail.php this code somewhere
'stream' => [
'ssl' => [
'allow_self_signed' => true,
'verify_peer' => false,
'verify_peer_name' => false,
],
],
I have been wrestling with this for days. I am exasperated in extremis.
I have a hosted Ghost blog at umquhile.org/kelpie. It has been working fine. Somehow I locked myself out of my account. 75,000 posts say I need to set up email so I can click on "Forgotten Password". I have gone by 12,000 posts (okay, a SLIGHT exaggeration) that show how to do it. First, Ghost's tutorial flat does not work. I have tried vanilla sendmail (which is expected not to work), Mailgun, Sendgrid, and Gmail. I have gone over my configuration repeatedly.
I get different error messages depending on how I set it up. Sometimes I have gotten a 535 - invalid login credentials, sometimes all recipients rejected; right now I am getting "Cannot read property 'count' of undefined", whatever that one is. Can someone tell me if there is a problem with this configuration. Or how-the-deuce to get email to work in Ghost.
I should note that I have restarted node.js each time I made a change.
config = {
// ### Production
// When running Ghost in the wild, use the production environment
// Configure your URL and mail settings here
production: {
url: 'http://umquhile.org/kelpie',
mail: {
service: 'Gmail',
fromaddress: ‘xxxx#gmail.com',
transport: 'SMTP',
options: {
host: 'smtp.gmail.com',
secureConnection: true,
port: 465,
auth: {
user: ‘xxxx#gmail.com',
pass: ‘xxxxxxxxxxxxxx’
}
}
},
For what is's worth, I read that Ghost uses Bcrypt hash for passwords. I have used an online Bcrypt generator to hash a password I provided. I copied the string and pasted it into the password field of my admin user in Mysql. That did not work because my account just flat remains locked.
And as soon as I post to stackoverflow, it hits me!!
I went into the database, via phpmyadmin, and found the field status
It was set to locked
I cleared the field, saved the change, and tadaaa! I am now able to access my blog once again. Sorry for the nuisance post! The answer JUST occurred to me.
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: 'ServerLdap'
port: 389
uid: 'sAMAccountName'
method: 'plain' # "tls" or "ssl" or "plain"
bind_dn: 'uid=***,ou=JeniePortal,ou=applications,***'
password: 'passw#rd'
active_directory: false
allow_username_or_email_login: false
base: '0=sample'
user_filter: ''
EOS
I tried uid also instead of sAMAccountName.
Still users are unable to authenticate.
Any help please.
I'm not sure what your actual issue is, but the thing I notice first is that your bind_dn is missing the uid value-part. The bind_dn defines the user that is used to do lookups for the user that wants to log in. When you connect to an ActiveDirectory that should be something like sAMAccountName=xyz,ou=JeniePortal,ou=applications and the password should ve that users password. When the ActiveDirectory allows anonymous access you can leave those two parameters blank (bind_dn='')
I'm having a weird problem with a JSF application I'm currently working on. It seems like there are two parts of my programm which are colliding.
There are two parts:
the "banking" functionality
the mail functionality
The relevant part of the banking functionality (It's a fake bank just for this exercise):
String path = FacesContext.getCurrentInstance().getExternalContext() .getRealPath("/") + "/WEB-INF/sec/certs.jks";
ErrorHandler.trace(path);
System.setProperty("javax.net.ssl.trustStore", path);
Here it's setting the Trust Store with the certificate for the bank server.
The mail part looks like this:
Properties props = new Properties();
props.put("mail.smtp.auth", this.smtpServer.isAuthenticated());
props.put("mail.smtp.starttls.enable", this.smtpServer.isTls());
props.put("mail.smtp.host", this.smtpServer.getHostaddr());
props.put("mail.smtp.port", this.smtpServer.getPort());
props.put("mail.smtps.auth", "true");
props.put("mail.smtp.debug", "true");
final String username = this.smtpServer.getUsername();
final String password = this.smtpServer.getPassword();
Session session = Session.getDefaultInstance(props,
new javax.mail.Authenticator() {
#Override
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(username, password);
}
});
session.setDebug(true);
One way to reproduce the problem:
The problem I'm facing is that if I start the application and, for example, use the "change mail" functionality I'll get my notification mail immediately. No problem there. Then I'll try to buy a product thus triggering the bank functionality.
That's where the problem shows up:
Communication Error: javax.ws.rs.WebApplicationException: javax.xml.bind.MarshalException
- with linked exception:
[javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
Another way to reproduce the problem:
Now let's say I restart my application and try to order something, this time it'll work but the mail functionality is broken with this error message:
DEBUG: setDebug: JavaMail version 1.4.7
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtps,com.sun.mail.smtp.SMTPSSLTransport,Oracle]
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: trying to connect to host "smtp.gmail.com", port 465, isSSL true
TRACE Error Could not connect to SMTP host: smtp.gmail.com, port: 465
Bottom line:
If I trigger bank and then mail -> mail not working
If I trigger mail and then bank -> bank not working
Anyone who could find a problem there?
Thank you!
Your "banking functionality" is changing the trust store. That new trust store needs to have the certificates necessary to validate the SSL connection with your mail server. You can initialize your trust store with all the CA certificates from the JDK default trust store, or you can add just the specific certificate for your mail server - see the InstallCert program. Finally, you can configure JavaMail to use a separate trust store, or change your banking functionality to use a trust store explicitly rather than overriding the default trust store; those are probably more complicated.
The problem was, that the mail functionality was working if there's no trustStore set (because it's using the system's default trustStore which is located in:
/Library/Java/JavaVirtualMachines/jdk1.7.0_25.jdk/Contents/Home/jre/lib/security/cacerts
on a Mac.
The banking functionality is using it's own certificate which was located in:
MyProject/.../WEB-INF/sec/certs.jks
Every time the JavaMail tried to authenticate to Google's SMTP server it tried to use the certs.jks trustStore even though I unset the trustStore property the banking functionality set in the mail method.
Fix:
At the beginning of the mail method:
String path = FacesContext.getCurrentInstance().getExternalContext()
.getRealPath("/")
+ "WEB-INF/sec/certs.jks";
System.setProperty("javax.net.ssl.trustStore", path);
Import the default cacerts keyStore into our own custom keyStore:
keytool -importkeystore -srckeystore certs.jks -destkeystore cacerts