Comments (9)
Works
Thanks again for all your help testing these TLS use-cases.
No, I thank you for developing this nice piece of tech
from mailrise.
Right, so I just pushed 89305ba, which logs the arguments being passed to aiosmtpd. Here is what I get with your config:
[2022-12-21 18:32:34] DEBUG:mailrise.skeleton:Arguments for aiosmtpd: authenticator=Basic(1), auth_required=True, auth_require_tls=True, tls_context=<ssl.SSLContext object at 0x7f3b82511370>, ssl_context=None, require_starttls=False
The kicker here is auth_require_tls=True
. I assumed that if you're running with TLS, you'll want your credentials encrypted. But this argument also tells aiosmtpd not to send the 250-AUTH message until the client has initiated an encrypted starttls session.
So you need to tell your client to initiate starttls before attempting authentication, or, alternatively, I can add a configuration option to set auth_require_tls to False. Not sure if that makes sense, though? Because then msmtp will probably send the credentials through cleartext...
from mailrise.
I tried it again using curl:
curl -k --ssl -v smtp://localhost:25 --mail-rcpt [email protected] --user 'pushover:xxxxxxxxxxxxx' -T - <<<"Test"
* Trying 127.0.0.1:25...
* Connected to localhost (127.0.0.1) port 25 (#0)
< 220 nxdomain.info Mailrise 0.0.post1.dev1+g8928d73
> EHLO proliant
< 250-nxdomain.info
< 250-SIZE 33554432
< 250-8BITMIME
< 250-SMTPUTF8
< 250-STARTTLS
< 250 HELP
> STARTTLS
< 220 Ready to start TLS
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.0 (OUT), TLS header, Unknown (21):
} [5 bytes data]
* TLSv1.3 (OUT), TLS alert, decode error (562):
} [2 bytes data]
* error:0A000126:SSL routines::unexpected eof while reading
* Closing connection 0
Note that curl is properly trying to upgrade the connection but fails due to an TLS error.
[2022-12-21 18:59:30] ERROR:asyncio:Fatal error: protocol.data_received() call failed.
protocol: <asyncio.sslproto.SSLProtocol object at 0x7f3cdd7e7c50>
transport: <_SelectorSocketTransport fd=10 read=polling write=<idle, bufsize=0>>
Traceback (most recent call last):
File "/usr/local/lib/python3.11/asyncio/selector_events.py", line 1009, in _read_ready__data_received
self._protocol.data_received(data)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'SSLProtocol' object has no attribute 'data_received'
[2022-12-21 18:59:30] ERROR:mail.log:('172.18.0.1', 46532) SMTP session exception
Traceback (most recent call last):
File "/home/mailrise/.local/lib/python3.11/site-packages/aiosmtpd/smtp.py", line 895, in smtp_STARTTLS
await waiter
File "/usr/local/lib/python3.11/asyncio/selector_events.py", line 1009, in _read_ready__data_received
self._protocol.data_received(data)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'SSLProtocol' object has no attribute 'data_received'
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/home/mailrise/.local/lib/python3.11/site-packages/aiosmtpd/smtp.py", line 728, in _handle_client
await method(arg)
File "/home/mailrise/.local/lib/python3.11/site-packages/aiosmtpd/smtp.py", line 899, in smtp_STARTTLS
raise TLSSetupException() from error
aiosmtpd.smtp.TLSSetupException
from mailrise.
Hmm https://gitlab.com/mailman/mailman/-/issues/936
from mailrise.
Coincidentally, the fixed version was released 4 hours ago.
https://github.com/aio-libs/aiosmtpd/releases/tag/1.4.3
from mailrise.
Right, starttls was broken in the last stable aiosmtpd. #37 reported it just the other day. I'll upgrade versions ASAP.
(Glad to see that it's finally out; I've been waiting on the new unthreaded controller API.)
from mailrise.
Upgrade complete. Please let me know if all is well with starttls. Cheers!
from mailrise.
STARTTLS works properly now
I also tried onconnect
but that doesn't seem to work. A TLS connection is established by curl but the server doesn't announce that it requires authentication:
curl -k -s -v smtps://localhost:587 --mail-rcpt [email protected] --user 'pushover:xxxxxxxxxxx' -T - <<<"Test"
< 220 nxdomain.info Mailrise 0.0.post1.dev1+g5d58a83
> EHLO proliant
< 250-nxdomain.info
< 250-SIZE 33554432
< 250-8BITMIME
< 250-SMTPUTF8
< 250 HELP
> MAIL FROM:<>
< 530 5.7.0 Authentication required
> QUIT
< 221 Bye
Full log
* Trying 127.0.0.1:587...
* Connected to localhost (127.0.0.1) port 587 (#0)
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS header, Certificate Status (22):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.2 (IN), TLS header, Finished (20):
{ [5 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [6 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1314 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.2 (OUT), TLS header, Finished (20):
} [5 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=nxdomain.info
* start date: Dec 20 16:15:22 2022 GMT
* expire date: Dec 17 16:15:22 2032 GMT
* issuer: CN=nxdomain.info
* SSL certificate verify result: self-signed certificate (18), continuing anyway.
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [233 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [233 bytes data]
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
< 220 nxdomain.info Mailrise 0.0.post1.dev1+g5d58a83
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
> EHLO proliant
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
< 250-nxdomain.info
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
< 250-SIZE 33554432
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
< 250-8BITMIME
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
< 250-SMTPUTF8
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
< 250 HELP
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
> MAIL FROM:<>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
< 530 5.7.0 Authentication required
* MAIL failed: 530
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
> QUIT
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
< 221 Bye
* Closing connection 0
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS alert, close notify (256):
{ [2 bytes data]
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* TLSv1.3 (OUT), TLS alert, close notify (256):
} [2 bytes data]
Config:
configs:
pushover:
urls:
- pover://xxxxxxxxxxxxxxxx@yyyyyyyyyyyyyyyyyyy
tls:
mode: onconnect
certfile: /etc/ssl/cert.pem
keyfile: /etc/ssl/key.pem
smtp:
hostname: nxdomain.info
auth:
basic:
pushover: xxxxxxxxxxxxxxxx
from mailrise.
Misinterpreted the use of auth_require_tls
. In the on-connect mode, aiosmtpd isn't aware of the TLS wrapper, so that argument should be set to False.
Should be fixed with 8038473. Thanks again for all your help testing these TLS use-cases.
from mailrise.
Related Issues (20)
- Unable to start docker container HOT 1
- STARTTLS issue with aiosmtpd 1.4.2 HOT 1
- Advertise auth support in EHLO HOT 3
- Session.login_data is deprecated HOT 4
- Allow environment variable configuration to be passed to configuration file HOT 2
- Handle docker signals HOT 3
- Publish images to GHCR HOT 4
- TLS with traefik not working HOT 6
- Allow use of variables in urls HOT 2
- Can not get docker to start HOT 17
- ghcr.io image cannot be pulled by version HOT 1
- Unable to get container working HOT 10
- Custom Discord Avatar with Alert
- Individual recipients based on emails usernames? HOT 1
- Container crashes / won't start: "No module named 'mailrise'"
- Feature request: Filtering the text in the body HOT 5
- Mailrise service fails to start HOT 1
- How to use Traefik with TLS + Auth HOT 2
- Specify log level via config
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mailrise.