Trying to set up mailgun through nullmailer for email delivery from a box (let's call it a.example.com).
After some experimenting I found out that this works well for my /etc/nullmailer/remotes:
smtp.mailgun.org smtp --port=587 --user=postmaster#mg.example.com --pass=PASSWORD
But this only works on b.example.com, not on a.example.com that I wanted to set this up on. Looking further into this it looks as if mailgun is blocking my server.
On my laptop and b.example.com this works:
$ telnet smtp.mailgun.org 587
Trying 52.38.21.43...
Connected to smtp.mailgun.org.
Escape character is '^]'.
220 ak47 ESMTP ready
But on a.example.com it stops:
$ telnet smtp.mailgun.org 587
Trying 52.38.21.43...
Now I wonder if Mailgun is blocking a.example.com? And if so, if this is only temporary. And if not, what is going on here?
Found out that Scaleway.com (where a.example.com is) decided to block outgoing SMTP traffic by default.
Related
I am using gerrit 3.2.1
After I tried everything I can do to configure my gerrit.sendemail, I failed to send a verification mail
[sendemail]
enable = true
smtpServer = smtp.offce365.com
smtpServerPort = 587
smtpEncryption = ssl
sslVerify = false
smtpUser = gerrit#gerritserver.com
smtpPass = pswd
I refered to https://groups.google.com/forum/#!msg/repo-discuss/RWvdXR-Z4nA/1USSK1F6AAAJ\
but seems I met different problem,
For the encryption, according with office 365, the SMTP uses STARTTLS, but seems it always fail. I tried ssl, tls, neither works.
I also tried port 25.
[2020-06-16T14:33:53.834+0800] [WorkQueue-2] INFO com.googlesource.gerrit.plugins.deleteproject.fs.RepositoryCleanupTask : Cleaning up expired git repositories... Done
[2020-06-16T14:35:32.927+0800] [plugin-manager-preloader] INFO com.googlesource.gerrit.plugins.manager.OnStartStop : 66 plugins successfully pre-loaded
[2020-06-16T14:36:13.420+0800] [HTTP PUT /accounts/self/emails/name%40emailhost.com (flynn from 127.0.0.1)] ERROR com.google.gerrit.server.restapi.account.CreateEmail : Cannot send email verification message to name#emailhost.com
com.google.gerrit.exceptions.EmailException: Mail Error: Connection timed out (Connection timed out)
at com.google.gerrit.server.mail.send.SmtpEmailSender.open(SmtpEmailSender.java:437)
at com.google.gerrit.server.mail.send.SmtpEmailSender.send(SmtpEmailSender.java:207)
at com.google.gerrit.server.mail.send.OutgoingEmail.send(OutgoingEmail.java:225)
at com.google.gerrit.server.restapi.account.CreateEmail.apply(CreateEmail.java:164)
at com.google.gerrit.server.restapi.account.CreateEmail.apply(CreateEmail.java:121)
at com.google.gerrit.server.restapi.account.CreateEmail.apply(CreateEmail.java:71)
Is this related to this question on the mailing list?
Also, when I check the office365 smtp settings it looks like it should use tls instead of ssl:
SMTP Host: smtp.office365.com
SMTP Port: 587
SSL Protocol: OFF
TLS Protocol: ON
SMTP Username: (your Office365 username)
SMTP Password: (your Office365 password)
Try to change your settings to tls and maybe you need to implement the workaround for java11.
1 more tip when I come back to this 3 years later...
I met another problem with similar phenominal.
It turns out some mail server requires the field 'from' must be equal to 'smtpUser'.
I'm currently trying to run a mastodon server I've installed everything correctly and I haven't gotten an error till now
I'm setting up my SMTP this is the info I've put in
SMTP server: smtp.mailgun.org
SMTP username: mastodon#notifications.example.com
SMTP password:
SMTP authentication: plain
SMTP OpenSSL verify mode: peer
Then when I try to send a test e-mail it throws this error
E-mail could not be sent with this configuration, try again.
SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
Ahh! So someone just pointed out on this thread (https://mastodon.social/#slackz/99772551531768277) that authentication SMTP_AUTH_METHOD and SMTP_OPENSSL_VERIFY_MODE should be commented out in the config. The mastodon:setup rake task automatically adds them (gonna look into making a PR to change that), but if you:
comment out the two lines in .env.production with the above env variables
ensure all your mailgun account records are verified, that you can send email with a curl command they supply on their site
restart the mastodon processes:
sudo systemctl restart mastodon-*
Opened an issue about the behavior here:
https://github.com/tootsuite/mastodon/issues/6975
I have two laptops that I use when I travel. I need them to have access
to my LDAP server. I tried configuring this in my IPFW firewall rules,
but they fail:
#!/bin/sh
cmd="ipfw -q add"
pif="em0"
## Lots of rules - truncated
$cmd allow log tcp from any MAC "0C:54:A5:04:BA:DD" to me 389 in via $pif setup keep-state
$cmd allow log tcp from any MAC "00:1A:A0:89:CA:EA" to me 389 in via $pif setup keep-state
This is the error message repeated twice:
ipfw: missing ``to''
If I substitute an IP address and remove the "any MAC "address" it works
fine. I got this example from a web search. Can anyone tell me what I
am doing wrong?
Looking at the manual page, the MAC dst-mac src-mac is a rule option which means it should appear after the proto from src to dst part of the rule.
So your rule option is both incomplete and in the wrong place.
Are you attempting to check the MAC address while your laptops are travelling? Because I would have thought that the MAC screening will only be meaningful when the laptops are on the same LAN as the firewall.
I have a local SMTP email server I use for testing purposes running on my machine. It listens for SMTP on port 25. I am able to send and receive emails to it using a regular email client.
When I build a Node-RED flow that contains an e-mail output node and configure its properties with:
to: <email address>
server: localhost
port: 25
and submit a flow, I get the error:
25 Feb 16:43:24 - [error] [e-mail:<email address>] Error: 101057795:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:openssl\ssl\s23_clnt.c:794:
I am at a loss on how to proceed. Looking at the messages, it almost appears that there is some form of SSL negotiation/test at play here. Switching on trace on my SMTP server, I find the following logs each time I try and run a flow:
"TCPIP" 10708 "2016-02-25 16:43:08.294" "TCP - 127.0.0.1 connected to 127.0.0.1:25."
"DEBUG" 10708 "2016-02-25 16:43:08.298" "Creating session 22"
"SMTPD" 10708 22 "2016-02-25 16:43:08.298" "127.0.0.1" "SENT: 220 WIN7-X64 ESMTP"
"DEBUG" 9772 "2016-02-25 16:43:08.299" "Ending session 22"
It appears that the Node-RED node is sending a connection request, getting back the SMTP 220 response and then failing immediately after that.
I came across the same problem and have a nasty hack that will enable mail to go via my local exchange server's plain SMTP, with no auth.
Edit the .../61-email.js file and change it thusly:
var smtpTransport = nodemailer.createTransport({
host: node.outserver,
port: node.outport,
secure: false,
ignoreTLS: true //,
// auth: {
// user: node.userid,
// pass: node.password
// }
});
I see Dave has replied to the github issue but just to close the loop on this question.
At this time (Feb 2016) the node assumes SSL is always available and enabled, at some point we need to go back to the email node and find a simple way to expose a lot more of the nodemailer options to allow connections to a wider range of email providers both public and private.
How should I check if my ISP blocks port 25?
cmd> telnet <some well known email provider IP> 25
to determine which exactly host (subdomain) is listening port 25:
nslookup -q=MX <top-level domain>
For example:
cmd> nslookup -q=MX gmail.com
gmail.com MX preference = 50, mail exchanger = gsmtp147.google.com
gmail.com MX preference = 50, mail exchanger = gsmtp183.google.com
gmail.com MX preference = 5, mail exchanger = gmail-smtp-in.l.google.com
gmail.com MX preference = 10, mail exchanger = alt1.gmail-smtp-in.l.google.com
gmail.com MX preference = 10, mail exchanger = alt2.gmail-smtp-in.l.google.com
gsmtp147.google.com internet address = 209.85.147.27
gsmtp183.google.com internet address = 64.233.183.27
gmail-smtp-in.l.google.com internet address = 64.233.183.114
cmd> telnet gsmtp147.google.com 25
220 mx.google.com ESMTP l27si12759488waf.25
On Linux, you can 'dig', I guess.
http://www.canyouseeme.org/
telnet host 25
Just select a host that you know is listening on port 25.
You could call them and ask.
Probing a server that listens on your desired port is of course the best option, as abatishchev has shown.
In the case where you can't find an "echo" service on your desired port or you want to know who is blocking you on the path you can resort to firewalking. Firewalking probes the path by starting with a Time-To-Live (TTL) set to zero and then icrementing it by one each iteration. When you stop getting "ICMP TTL Exceeded" messages that means the next hop in the chain is filtering your packets.
You can use hping3 to do this:
:~$ hping3 -z -T -p 25 server.com
or use Firewalk which was created for exactly this.
Edit: Any NAT devices on the route will silently destroy your results since the TTL is reset to whatever sane value the router sees fit.