I'm trying to use an external smtp server from my springboot-application (scaffolded by JHipster). I have set the folling in my applocation.yml, and it picks up everything except the SSH settings.
host: send.one.com
port: 465
username: user#name
password: password
protocol: smtp
tls: true
auth: true
from: user#name
When i run the app I can see the following in my log
[DEBUG] com.sun.mail.smtp - useEhlo true, useAuth true
[DEBUG] com.sun.mail.smtp - trying to connect to host "send.one.com", port 465, isSSL false
[DEBUG] com.sun.mail.smtp - EOF: [EOF]
[DEBUG] com.sun.mail.smtp - could not connect to host "send.one.com", port: 465, response: -1
it seems the application is trying to connect without ssl, and it won't connect. What am I doing wrong?
You try to send over TLS. In general the standard port used by TLS is 587 and not 465 which is used for SSL. Try whether it works with that port?
Related
I am trying to upload a file using ssh in my nodejs application, while trying, I am getting error as "connection error: timed out while waiting for handshake". gave connection setting as,
....
}).connect({
host: 'hostname without http',
port: 22,
debug: console.log,
readyTimeout: 99999,
username: 'name',
password: 'password'
});
If I upload manually to the server it is working fine with the given hostname, username and password.
I configured an SMTP mail server using Postfix and Dovecot.
OS: Debian 9
Web Server: Apache
certificate from https://www.sslforfree.com/
When I try using an external client to send emails over TLS, I get the following error:
/var/log/syslog:
Oct 31 19:40:49 designtuner postfix/submission/smtpd[30394]: connect from unknown[185.81.141.117]
Oct 31 19:40:49 designtuner postfix/submission/smtpd[30395]: connect from unknown[185.81.141.117]
Oct 31 19:40:49 designtuner postfix/submission/smtpd[30394]: lost connection after CONNECT from unknown[185.81.141.117]
Oct 31 19:40:49 designtuner postfix/submission/smtpd[30394]: disconnect from unknown[185.81.141.117] commands=0/0
Oct 31 19:40:49 designtuner postfix/submission/smtpd[30395]: lost connection after CONNECT from unknown[185.81.141.117]
Oct 31 19:40:49 designtuner postfix/submission/smtpd[30395]: disconnect from unknown[185.81.141.117] commands=0/0
Node JS client:
{ Error: 1XXXXXXXXXX35275584:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:797:
code: 'ECONNECTION', command: 'CONN' }
Node JS file:
let transporter = nodemailer.createTransport({
host: 'mail.designtuner.com',
port: 587,
secure: true, // secure:true for port 465, secure:false for port 587
auth: {
user: 'admin#designtuner.com',
pass: 'XXXXXXX'
},
tls: {
rejectUnauthorized: false
}
});
Am I missing something? Is it because my reverse DNS hasn't propagated yet? I recently updated my reverse DNS, but the website is accessible from a web browser just fine, and the SSL certificate seems to be working fine.
SMTPs and STARTTLS
There are two ways of encrypted SMTP: SMTPs on port 465, which first establishes an TLS handshake and then start the SMTP session, and SMTP with STARTTLS on port 587 which first start an SMTP session and then initializes TLS after the STARTTLS SMTP command (and then starts with authentication and everything to be protected).
SMTPs (TLS first, port 465) is considered deprecated; standard conformant SMTP with STARTTLS (port 587) does not imply any drawbacks with respect to security or privacy. A properly configured SMTP server will not allow any unsecured connection on the SMTP submission port.
Enforcing encryption with Nodemailer
The secure flag of nodemailer is only to indicate TLS before SMTP, which is also indicated by the comment following the line (which also explicitly explains what setting to use).
secure: true, // secure:true for port 465, secure:false for port 587
Looking at the Nodemailer documentation, there is some further information on configuration options:
options.secure if true the connection will only use TLS. If false (the default), TLS may still be upgraded to if available via the STARTTLS command.
[...]
options.requireTLS if this is true and secure is false, it forces Nodemailer to use STARTTLS even if the server does not advertise support for it.
With other words, to enforce an encrypted session following standards and best practices, set requireTLS instead of secure and use SMTP submission on port 587.
The comment in your code already points you to the problem in that secure should be set to false for port 587
port: 587,
secure: true, // secure:true for port 465, secure:false for port 587
Same is true for the documentation which clearly says:
secure – if true the connection will use TLS when connecting to server. If false (the default) then TLS is used if server supports the STARTTLS extension. In most cases set this value to true if you are connecting to port 465. For port 587 or 25 keep it false
The reason for this is that secure expects implicit TLS, i.e. TLS from start. But, port 25 and port 587 usually use explicit TLS, i.e. plain connection and then upgrade to TLS after a successful STARTTLS command.
If you want to use explicit TLS (port 587) but also make sure that TLS is not optional use requireTLS as documented:
requireTLS – if this is true and secure is false then Nodemailer tries to use STARTTLS even if the server does not advertise support for it. If the connection can not be encrypted then message is not sent
I am running a sails.js project using nodemailer locally which is working well.Nodemailer use Smtp and Gmail's service.Problem is when i transfer my project on cloud9 it is blocking mail.
smtpTransport = nodemailer.createTransport('SMTP', {
host: 'smtp.gmail.com',
port: 25,
service: 'Gmail',
auth: {
user: model.sender,
pass: model.password
}
});
here is configurations and error is:
{ [Error: connect ETIMEDOUT]
code: 'ETIMEDOUT',
errno: 'ETIMEDOUT',
syscall: 'connect',
stage: 'init' }
from different searches i got that c9.io isn't supporting smtp.if it is true then how can i use nodemailer with c9 to send mails to gmail account.
on port 465 it gives this error
{ [AuthError: Invalid login - 534-5.7.14 <https://accounts.google.com/ContinueSignIn?sarp=1&scc=1&plt=AKgnsbv2r
534-5.7.14 5eXedgG1jE_vYL7r- o5CxdrMS5XlCbdbloPcENHa08v5fCwuvs7oM9ztAhkUh6RHfRvcBp
534-5.7.14 Qcpg_pdi-2E3Z9m1ipIvu4SZViMJABSDq3XWCMeLzlDfyS3C0JhoY7ldwRxsl3CZ67dvGQ
534-5.7.14
name: 'AuthError',
data: '534-5.7.14 <https://accounts.google.com/ContinueSignIn? sarp=1&scc=1&plt=AKgnsbv2r\r\n534-5.7.14 5eXedgG1jE_vYL7r-o5CxdrMS5XlCbdbloPcENHa08v5fCwuvs7oM9ztAhkUh6RHfRvcBp\r\n534-5.7.14 Qcpg_pdi-2E3Z9m1ipIvu4SZViMJABSDq3XWCMeLzlDfyS3C0JhoY7ldwRxsl3CZ67dvGQ\r\n534-5.7.14 S7PQL4xbl4No8jS_2ZVMnlNO5iYfZ7O9tTe8S1bu3DnkFwjWNNzvLBZ3zK_pzIfMRnH566\r\n534-5.7.14 sEij4Iu9_U6V4g9tCuXH5i87nWYc> Please log in via your web browser and\r\n534-5.7.14 then try again.\r\n534-5.7.14 Learn more at\r\n534 5.7.14 https://support.google.com/mail/bin/answer.py?answer=78754 k6sm6950159wia.6 - gsmtp',
stage: 'auth' }
on port 587 it gives this error
{ [Error: 140581811607424:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:795:
] stage: 'init' }
Google Compute Engine does not allow outbound connections on ports 25, 465, and 587 but you can still set up your instances to send mail through ports 587 and 465 using servers provided through partner services, such as SendGrid.
https://cloud.google.com/compute/docs/tutorials/sending-mail
Since Cloud9 workspaces are hosted on GCE, you'll have to use the supported partner services as detailed in the above document.
I'm attempting to make an SSL connection to my STOMP server and I'm getting the error:
DEBUG: .../IO/Socket/SSL.pm:2554: new ctx 40724256
DEBUG: .../IO/Socket/SSL.pm:539: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:541: socket connected
DEBUG: .../IO/Socket/SSL.pm:563: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:631: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:650: set socket to non-blocking to enforce timeout=5
DEBUG: .../IO/Socket/SSL.pm:663: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:673: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:683: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:703: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:2457: did not get stapled OCSP response
DEBUG: .../IO/Socket/SSL.pm:663: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:673: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:683: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:703: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:2410: ok=1 cert=40749168
DEBUG: .../IO/Socket/SSL.pm:2410: ok=1 cert=42073408
DEBUG: .../IO/Socket/SSL.pm:1558: scheme=default cert=42073408
DEBUG: .../IO/Socket/SSL.pm:663: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:673: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:683: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:703: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:663: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1779: SSL connect attempt failed
SSL error: 20723: 1 - error:1408D010:SSL routines:SSL3_GET_KEY_EXCHANGE:EC lib
DEBUG: .../IO/Socket/SSL.pm:1784: SSL connect attempt failed error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group
DEBUG: .../IO/Socket/SSL.pm:669: fatal SSL error: SSL connect attempt failed error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group
DEBUG: .../IO/Socket/SSL.pm:1768: IO::Socket::IP configuration failed
DEBUG: .../IO/Socket/SSL.pm:2587: free ctx 40724256 open=40724256
DEBUG: .../IO/Socket/SSL.pm:2592: free ctx 40724256 callback
DEBUG: .../IO/Socket/SSL.pm:2599: OK free ctx 40724256
Module Versions:
Net::SSLeay 1.66
IO::Socket::SSL 2.005
IO::Socket::IP 0.32
Net::Stomp 0.49
OpenSSL 1.0.1e-fips (RHEL)
And the server I'm connecting to is running OpenSSL 1.0.1f (Ubuntu 14.04)
Any ideas would be much appreciated.
I keep getting this error when I try to retrieve/update data from cassandra using cassandra-client.
{ [Error: All connections are unhealthy.]
connectionInfo:
{ host: 'localhost',
port: 9160,
keyspace: 'keyspace1',
user: undefined,
pass: undefined,
use_bigints: false,
timeout: 4000,
log_time: false,
staleThreshold: 10000 } }
Haven't got a clue as to what this error means.
The error indicates that your client is not able to connect to the specified server on localhost port 9160.
Since this is localhost you can most likely exclude any firewall problems.
What you can do
1. Check if your server is running after all
This should show you one or more processes ( except the grep process you're just executing
ps aux | grep "cassandra"
2. Verify the port
# telnet localhost 9160
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
Bad.. This would indicate that something with your configuration might be wrong. In my case I simply don't have a cassandra server listening to port 9160 ( running at all )
3. Check your logfile
By default casandra writes into the folder /var/log/cassandra/
If anything is wrong with the server, you'll most likely have some more information available in there, might even show a problem related to your nodejs client
4. Try another client for debugging
http://wiki.apache.org/cassandra/GettingStarted#Step_4:_Using_cassandra-cli