Thanks @flink91, I just updated and for me it still doesn’t send emails.
I use SMTP port 25 without TLS and SSL, there are no errors in the log and tomorrow I will post the details, I hope …
I confirm, 2.9.0.beta4 002d62b847 and always:
SSL_connect returned=1 errno=0 peeraddr=xxx.xxx.xxx.xxx:25 state=error: certificate verify failed (Hostname mismatch)
The patch does not work for disabling the checks, it only works for disabling starttls altogether. What do your settings look like?
1 Like
DISCOURSE_SMTP_ADDRESS: smtp.mydomain.info
DISCOURSE_SMTP_PORT: 25
DISCOURSE_SMTP_USER_NAME: info@mydomain.info
DISCOURSE_SMTP_PASSWORD: “mypassword”
DISCOURSE_SMTP_OPENSSL_VERIFY_MODE: none
DISCOURSE_SMTP_ENABLE_START_TLS: false # (optional, default true)
DISCOURSE_SMTP_DOMAIN: mydomain.info # (required by some providers)
Thanks
Hmm that should indeed work (although I did not test the patch myself)
I also updated the second forum to the version 2.9.0.beta5 (47034d9ca0) and:
======================================== ERROR ========================================
UNEXPECTED ERROR
SSL_connect returned=1 errno=0 peeraddr=xxx.xxx.xxx.xxx:25 state=error: certificate verify failed (Hostname mismatch)
====================================== SOLUTION =======================================
This is not a common error. No recommended solution exists!
Great!
OK, since sending emails no longer works without SSL / TLS, can someone please help me reconfigure it?
From here:
- Try to open a connection to your smtp server via
openssl:
(telnet, nc etc. are not installed inside the container.)
Fiddle with some different settings until you succeed with a connection.
openssl s_client -connect your.smtp.server:465
And this is the answer:
openssl s_client -connect smtps.aruba.it:465
CONNECTED(00000003)
depth=2 C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA
verify return:1
depth=1 C = IT, ST = Bergamo, L = Ponte San Pietro, O = Actalis S.p.A., CN = Actalis Organization Validated Server CA G3
verify return:1
depth=0 C = IT, ST = Bergamo, L = Ponte San Pietro, O = Aruba S.p.A., CN = *.aruba.it
verify return:1
---
Certificate chain
0 s:C = IT, ST = Bergamo, L = Ponte San Pietro, O = Aruba S.p.A., CN = *.aruba.it
i:C = IT, ST = Bergamo, L = Ponte San Pietro, O = Actalis S.p.A., CN = Actalis Organization Validated Server CA G3
1 s:C = IT, ST = Bergamo, L = Ponte San Pietro, O = Actalis S.p.A., CN = Actalis Organization Validated Server CA G3
i:C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHvjCCBaagAwIBAgIQQsyIUeEmwDx+2lgTpgT70jANBgkqhkiG9w0BAQsFADCB
iTELMAkGA1UEBhMCSVQxEDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRl
IFNhbiBQaWV0cm8xFzAVBgNVBAoMDkFjdGFsaXMgUy5wLkEuMTQwMgYDVQQDDCtB
Y3RhbGlzIE9yZ2FuaXphdGlvbiBWYWxpZGF0ZWQgU2VydmVyIENBIEczMB4XDTIy
MDQwNTEyMjI0M1oXDTIzMDQwNTEyMjI0M1owZjELMAkGA1UEBhMCSVQxEDAOBgNV
BAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRlIFNhbiBQaWV0cm8xFTATBgNVBAoM
DEFydWJhIFMucC5BLjETMBEGA1UEAwwKKi5hcnViYS5pdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMTsWOBfptIEva0cH2jJ177n5TuMqC85jYsc8IC7
zeCQzI7yqWZl2uwbkXQ8SKnb8MDzGaYGMzBW7/Zow2qIoG9XlRMet5J6MKpLn7Us
LMB1rMSMa0UeG1+VWH1pbIrpXw2nKdAEktaUwqtNVWIBGe/f4hnuM0ESVBfblt+4
7IeHiOsiSu1t54L57kgo+yRknLmSZi5N1JhgFIjCQG/iaqj2Y/jDpd/iX21iN7+P
Iir1Zop0cdEAqyi+Sp5/PK9Pz6RdQKLfnJmKroB/NJEKrSXLAI1vWYyL5wQN/LEz
AykZqlf6iPnQ0VhonKly05A6mIJP16X8FAmB7eq0jTHv2TcCAwEAAaOCA0IwggM+
MAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUn4qxtfGx3oL0J3y+iM3eqUOBo0sw
fgYIKwYBBQUHAQEEcjBwMDsGCCsGAQUFBzAChi9odHRwOi8vY2FjZXJ0LmFjdGFs
aXMuaXQvY2VydHMvYWN0YWxpcy1hdXRob3ZnMzAxBggrBgEFBQcwAYYlaHR0cDov
L29jc3AwOS5hY3RhbGlzLml0L1ZBL0FVVEhPVi1HMzAfBgNVHREEGDAWggoqLmFy
dWJhLml0gghhcnViYS5pdDBRBgNVHSAESjBIMDwGBiuBHwETATAyMDAGCCsGAQUF
BwIBFiRodHRwczovL3d3dy5hY3RhbGlzLml0L2FyZWEtZG93bmxvYWQwCAYGZ4EM
AQICMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATBIBgNVHR8EQTA/MD2g
O6A5hjdodHRwOi8vY3JsMDkuYWN0YWxpcy5pdC9SZXBvc2l0b3J5L0FVVEhPVi1H
My9nZXRMYXN0Q1JMMB0GA1UdDgQWBBT5JV1WzJxD4wKVKCWHmNcn8d7D1TAOBgNV
HQ8BAf8EBAMCBaAwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AK33vvp8/xDI
i509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABf/m2kgoAAAQDAEcwRQIgI+uZPC+F
CY9H7NSyarAPzAXGfUrbEyn1Eq/5kautM64CIQC6zAXsxVHVvRF86izV+qKxWCpK
nmmUC7Fz0xfFhablzwB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MM
AAABf/m2kjcAAAQDAEgwRgIhAJ1dk0jwHeP7pCOlhptfu2t9ZLkSyJRGkdCbnT1D
ANYxAiEA0WTOchSXhiXA3PtLW5D+4P8l9yTAJRoaW/ilb5n/1MAAdgBvU3asMfAx
GdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAX/5tpIUAAAEAwBHMEUCIFiEZiPG
Ymr6DKYDfO0lidp9JafTSjT/ZHuZn7LOLdyoAiEAx3lSUK6he9ZeIBykatBimWWN
ipirn4oSEiKjT7DflTowDQYJKoZIhvcNAQELBQADggIBAIwK3YVxzM5BsKXIMpy7
Crpbzo2OLCkkDooNPM1lxeBGjCWOlSPTryiqNR5s7+ADtAGz0v6kllSLSAxm5Bah
PEWbg6zYoob6X8daEEzYVGrtXu1p2iGUuMNREjJRoiMZRY2i97FBkxYJSax/3d7n
xmcTEMnDUYZ+4sb7umre3sVKvnBK77IgHNatRLkeC6mnwHM+icW1/0m7IkrZ6loM
wwBApqErrsln4wXCMbIjBEqQAtH0PNO7TxnoIn+51Y3ejVNO8yifeyYprsC6gLEN
dfD+VrfU9ls1BKdXY4tMFrQXyGqylOUB5Z1hBM2D9uVpKAHYGrSFj8la7CaTkPLH
zIbjdINU1lX3AiXZPemirap6i4Tr25511hig5zbifBvUZtRnzxCv8taxb3tM+9Vp
7n0e0jibrl3YOQykjgxgBILfOFjpsfSV0NyZ+fwfdHqkxeZelt3OCzoE5LUBSLzv
ck9GJSPdGsuBH0y/mRBaghjEF4F3WkdINFLCJTrMh3gIAVdraVlganr5QdoMiV+M
28gf+cf6Bo1I+vuEsdBaRkpIFaBve5PjYADS2A3R9upk68j00EGH+50YnWVafBII
aY5JeMOSIXG9taUq3QszPi/H827Ky4BGG3sN0fBQsR7kniKkfnNDnN6frw/2FSas
gp5el2uwKHDl5M/w10cCL5hp
-----END CERTIFICATE-----
subject=C = IT, ST = Bergamo, L = Ponte San Pietro, O = Aruba S.p.A., CN = *.aruba.it
issuer=C = IT, ST = Bergamo, L = Ponte San Pietro, O = Actalis S.p.A., CN = Actalis Organization Validated Server CA G3
---
No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4572 bytes and written 432 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: E79BF76633C1FF1930AB44B11DD45E5CE0CE4D3ECAA3B035C4239E3D576BADC0
Session-ID-ctx:
Master-Key: B2DFD5C791C36245D8B51F876F720F627F60F5AA1C085D4F16643D206406737059C6DD4CB51A508FFD872FE718822394
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - d5 97 a0 c2 6a b1 51 3e-7c 9d fa b3 d2 99 0f 13 ....j.Q>|.......
0010 - fc 39 61 86 c1 88 91 51-11 7b 55 42 e5 7c 1f 27 .9a....Q.{UB.|.'
0020 - 39 3b 22 67 45 6c 22 53-7a 1a 4f f8 76 e9 ef 89 9;"gEl"Sz.O.v...
0030 - 3c 11 df 3b 98 f3 0c 1e-44 f0 f9 af 27 71 f5 6f <..;....D...'q.o
0040 - ab 3e 78 b4 9d b3 e5 49-fb 20 80 2e a2 5b f8 4a .>x....I. ...[.J
0050 - 4f 4b fe 60 5a c2 cf ea-d0 81 6b bc 42 a3 ac 2a OK.`Z.....k.B..*
0060 - 4a 14 e5 61 a8 5e 94 c6-5c 27 09 81 e5 4d 93 b7 J..a.^..\'...M..
0070 - 13 b2 e0 6d f2 db 08 c2-16 f5 b9 e3 52 6b 70 d0 ...m........Rkp.
0080 - 25 44 b4 37 07 c6 83 c3-0b 41 c4 d6 99 45 03 f2 %D.7.....A...E..
0090 - 5a 79 27 ea e2 52 96 62-bc bc 34 53 13 32 02 2b Zy'..R.b..4S.2.+
00a0 - 5a 46 1f 51 f4 82 12 36-2c 6d 4f 5b e6 07 94 7c ZF.Q...6,mO[...|
Start Time: 1655216339
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
220 smtpdh01.ad.aruba.it Aruba Outgoing Smtp ESMTP server ready
HELO mydomain.info
250 smtpdh01.ad.aruba.it hello [5.xxx.xxx.xxx], pleased to meet you
My app.yml
DISCOURSE_SMTP_ADDRESS: smtps.aruba.it
DISCOURSE_SMTP_PORT: 465
DISCOURSE_SMTP_USER_NAME: myemail@domain.info
DISCOURSE_SMTP_PASSWORD: "password"
DISCOURSE_SMTP_ENABLE_START_TLS: false # (optional, default true)
DISCOURSE_SMTP_DOMAIN: domain.info # (required by some providers)
Sending does not work…
./discourse-doctor
==================== MAIL TEST ====================
For a robust test, get an address from http://www.mail-tester.com/
Or just send a test message to yourself.
Email address for mail test? ('n' to skip) [myemail@domain.info]:
Sending mail to myemail@domain.info. . .
Testing sending to myemail@domain.info using smtps.aruba.it:465, username:myemail@domain.info with plain auth.
======================================== ERROR ========================================
UNEXPECTED ERROR
Net::ReadTimeout
====================================== SOLUTION =======================================
This is not a common error. No recommended solution exists!
DISCOURSE_SMTP_ENABLE_START_TLS: it is the same, nothing changes.
After more than a month of trying how can I solve?
Is it possible that I alone cannot send emails?
Thanks
Can you configure your mail server to use port 587 (TLS or none, see which works) and then try this and rebuild discourse
DISCOURSE_SMTP_ADDRESS: smtps.aruba.it
DISCOURSE_SMTP_PORT: 587
DISCOURSE_SMTP_USER_NAME: myemail@domain.info
DISCOURSE_SMTP_PASSWORD: “password”
1 Like
It does not work, these is the initial configuration that I have been using for a year but it has not worked for a month.
======================================== ERROR ========================================
UNEXPECTED ERROR
SSL_connect returned=1 errno=0 peeraddr=xxx.xxx.xxx.xxx:587 state=error: certificate verify failed (Hostname mismatch)
====================================== SOLUTION =======================================
This is not a common error. No recommended solution exists!
If i try to connect with openssl:
openssl s_client -connect smtps.aruba.it:587
CONNECTED(00000003)
548286781936:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 306 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
root@vps:/var/www/discourse#
Unfortunately no, I tried everything …
Try adding just this line to your app.yml
DISCOURSE_SMTP_OPENSSL_VERIFY_MODE: none
Don’t add the START_TLS line
4 Likes
I’ve moved this over to a dedicated #support topic. 
(my topic title skills need work, so feel free to suggest a more fitting description of the issue 
)
1 Like
You will need to specifically configure your SMTP server to use port 587 (not all servers have it enabled) with TLS or STARTTLS.
2 Likes
Now it works with discourse-doctor, the web test goes into timeout error but the emails are sent.
Thanks everyone for the help!
My VPS uses aarch64 CPU, could this be the problem?
2 Likes
Tagging @flink91 my suggestion seems to have worked with BETA 5; that would indicate that the TLS patch may not be working as expected.
Adding
DISCOURSE_SMTP_ENABLE_START_TLS: false
Appears to make SSL connections fail
2 Likes
Thanks!
And yes that’s weird indeed 
I’ll take another look to try to understand why it’s not working as intended but I guess everything will work again when the mail gem is fixed 
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.