github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-22 22:45:27 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

SMTP authentication is still failing #12145

New Issue
Closed
opened 2025-11-02 10:00:00 -06:00 by GiteaMirror · 15 comments
GiteaMirror commented 2025-11-02 10:00:00 -06:00
Owner
Copy Link

Originally created by @rrose-github on GitHub (Dec 4, 2023).

Description

I'm running Gitea on Ubuntu 22.04 LTS. Gitea was able to send test messages in version 1.14. In versions 1.18 through 1.21, when I have attempted to send a test email, it has always failed.

image

Under version 1.14, this configuration worked:

[mailer]
ENABLED = true
HOST       = mail.dummydomain.com:587
FROM      = gitea@dummydomain.com
USER        = me@dummydomain.com
PASSWD   = XXXXXXX
PROTOCOL = smtps
SMTP_ADDR = mail.dummydomain.com
SMTP_PORT  = 587

Under versions 1.18 through 1.21, I've tried this configuration:

[mailer]
ENABLED = true
FROM      = gitea@dummydomain.com
SMTP_ADDR = mail.dummydomain.com
SMTP_PORT = 587
USER            = me@dummydomain.com
PASSWD      = XXXXXX

I've also tried specifying PROTOCOL using smtp, smtps and starttls. Nothing has worked.

Per this posting, https://github.com/go-gitea/gitea/issues/24899, in versions 1.18 through 1.20 (it was deprecated in 1.21), I tried including the HOST = mail.dummydomain.com:587 statement, but that didn't help either.

I have also, using the openssl -client option, manually sent test emails from the server's terminal line. So, the server is able to communicate with the mail server.

Gitea Version

1.18 through 1.21

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

Ubuntu 22.04

How are you running Gitea?

Download the various versions of Gitea from dl.gitea.io. Followed these basic instructions for installing Gitea: https://www.rosehosting.com/blog/how-to-install-gitea-with-nginx-and-free-lets-encrypt-ssl-on-ubuntu-20-04/

Database

MySQL/MariaDB

Originally created by @rrose-github on GitHub (Dec 4, 2023). ### Description I'm running Gitea on Ubuntu 22.04 LTS. Gitea was able to send test messages in version 1.14. In versions 1.18 through 1.21, when I have attempted to send a test email, it has always failed. ![image](https://github.com/go-gitea/gitea/assets/78315360/a9d2b7a4-8698-4e54-9d1e-43e5b794842e) Under version 1.14, this configuration worked: ``` [mailer] ENABLED = true HOST = mail.dummydomain.com:587 FROM = gitea@dummydomain.com USER = me@dummydomain.com PASSWD = XXXXXXX PROTOCOL = smtps SMTP_ADDR = mail.dummydomain.com SMTP_PORT = 587 ``` Under versions 1.18 through 1.21, I've tried this configuration: ``` [mailer] ENABLED = true FROM = gitea@dummydomain.com SMTP_ADDR = mail.dummydomain.com SMTP_PORT = 587 USER = me@dummydomain.com PASSWD = XXXXXX ``` I've also tried specifying PROTOCOL using smtp, smtps and starttls. Nothing has worked. Per this posting, https://github.com/go-gitea/gitea/issues/24899, in versions 1.18 through 1.20 (it was deprecated in 1.21), I tried including the HOST = mail.dummydomain.com:587 statement, but that didn't help either. I have also, using the openssl -client option, manually sent test emails from the server's terminal line. So, the server is able to communicate with the mail server. ### Gitea Version 1.18 through 1.21 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System Ubuntu 22.04 ### How are you running Gitea? Download the various versions of Gitea from dl.gitea.io. Followed these basic instructions for installing Gitea: https://www.rosehosting.com/blog/how-to-install-gitea-with-nginx-and-free-lets-encrypt-ssl-on-ubuntu-20-04/ ### Database MySQL/MariaDB
GiteaMirror added the topic/authenticationissue/needs-feedbacktype/bug labels 2025-11-02 10:00:00 -06:00
GiteaMirror commented 2025-11-02 10:00:01 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Dec 5, 2023):

Have you tried PROTOCOL=smtp+starttls?

@lunny commented on GitHub (Dec 5, 2023): Have you tried `PROTOCOL=smtp+starttls`?
GiteaMirror commented 2025-11-02 10:00:02 -06:00
Author
Owner
Copy Link

@rrose-github commented on GitHub (Dec 5, 2023):

lunny,

I didn't explicitly tried it, but I did notice that the admin web page showed the PROTOCOL as being smtp+starttls when I didn't explicitly specified the PROTOCOL parameter.

Per your suggestion/question, I went ahead and explicitly added that line to app.ini file and restarted Gitea. Still get the same error message when I attempt to send a test email.

image

From app.ini:

[mailer]
ENABLED = true
FROM = gitea@dummydomain.com
PROTOCOL = smtp+starttls
SMTP_ADDR = mail.dummydomain.com
SMTP_PORT = 587
USER = me@dummydomain.com
PASSWD = XXXXXX
@rrose-github commented on GitHub (Dec 5, 2023): lunny, I didn't explicitly tried it, but I did notice that the admin web page showed the PROTOCOL as being smtp+starttls when I didn't explicitly specified the PROTOCOL parameter. Per your suggestion/question, I went ahead and explicitly added that line to app.ini file and restarted Gitea. Still get the same error message when I attempt to send a test email. ![image](https://github.com/go-gitea/gitea/assets/78315360/01a94665-3b24-4fbf-a48d-1b76c9604d52) From app.ini: ``` [mailer] ENABLED = true FROM = gitea@dummydomain.com PROTOCOL = smtp+starttls SMTP_ADDR = mail.dummydomain.com SMTP_PORT = 587 USER = me@dummydomain.com PASSWD = XXXXXX ```
GiteaMirror commented 2025-11-02 10:00:02 -06:00
Author
Owner
Copy Link

@jrjake commented on GitHub (Dec 12, 2023):

535 5.7.8

This mean Gitea is connecting to SMTP server fine, performing TLS fine, but Gitea send credential to server and SMTP server rejects credential for being incorrect. You need to consult with SMTP provider to find what is issue.

535 is a non-standard error code and 5.7.8 extended error code make it look like Google SMTP server. See this page for proper configuration https://support.google.com/a/answer/176600?hl=en

Edit: I did more research on Google SMTP. They no longer offer "Less Secure Apps". You need to enable 2FA on Gmail account and create app password (not normal password), and supply Gitea with app password https://support.google.com/mail/answer/185833?hl=en

@jrjake commented on GitHub (Dec 12, 2023): > 535 5.7.8 This mean Gitea is connecting to SMTP server fine, performing TLS fine, but Gitea send credential to server and SMTP server rejects credential for being incorrect. You need to consult with SMTP provider to find what is issue. 535 is a non-standard error code and 5.7.8 extended error code make it look like Google SMTP server. See this page for proper configuration https://support.google.com/a/answer/176600?hl=en Edit: I did more research on Google SMTP. They no longer offer "Less Secure Apps". You need to enable 2FA on Gmail account and create app password (not normal password), and supply Gitea with app password https://support.google.com/mail/answer/185833?hl=en
GiteaMirror commented 2025-11-02 10:00:02 -06:00
Author
Owner
Copy Link

@rrose-github commented on GitHub (Dec 12, 2023):

Thanks for replying.

It's my own mail server (running Ubuntu 22.04 LTS with Postfix and Dovecot). The user name/password is correct -- I've double and tripled checked it. I've also tried it with the password without quotes, and with single quotes (I've seen examples both way), and both with and without spaces around the equal sign (in case of maybe perhaps there's a parsing error). And as I mentioned in my orginal post, Gitea version 1,14 was able to authenticate and send test emails.

Below is a test session I just did using openssl s_client, connecting from the gitea server to the mail server using port 587 and the starttls protocol. As you can see, the server is quite willing to accept such a connection from the gitea server.

(domain name changed in screen capture to dummydomain for security purposes)

ubuntu@gitea1:/etc$ openssl s_client -starttls smtp -connect mail.dummydomain.com:587
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = mail.dummydomain.com
verify return:1
---
... lines deleted ...
---
read R BLOCK
EHLO gitea.dummydomain.com
250-mail.dummydomain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
AUTH PLAIN *************************************************************==
235 2.7.0 Authentication successful
@rrose-github commented on GitHub (Dec 12, 2023): Thanks for replying. It's my own mail server (running Ubuntu 22.04 LTS with Postfix and Dovecot). The user name/password is correct -- I've double and tripled checked it. I've also tried it with the password without quotes, and with single quotes (I've seen examples both way), and both with and without spaces around the equal sign (in case of maybe perhaps there's a parsing error). And as I mentioned in my orginal post, Gitea version 1,14 was able to authenticate and send test emails. Below is a test session I just did using openssl s_client, connecting from the gitea server to the mail server using port 587 and the starttls protocol. As you can see, the server is quite willing to accept such a connection from the gitea server. (domain name changed in screen capture to dummydomain for security purposes) ``` ubuntu@gitea1:/etc$ openssl s_client -starttls smtp -connect mail.dummydomain.com:587 CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = mail.dummydomain.com verify return:1 --- ... lines deleted ... --- read R BLOCK EHLO gitea.dummydomain.com 250-mail.dummydomain.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 CHUNKING AUTH PLAIN *************************************************************== 235 2.7.0 Authentication successful ```
GiteaMirror commented 2025-11-02 10:00:02 -06:00
Author
Owner
Copy Link

@j123b567 commented on GitHub (Feb 21, 2024):

I'm experiencing the exact same behavior with AWS SES. The given credentials are real but no longer valid. Email addresses are redacted.
I'm using gitea/gitea:1.21.5-rootless docker image.

[mailer]
ENABLED = true
FROM = example <noreplay@example.org>
PROTOCOL = smtps
SMTP_ADDR = email-smtp.eu-central-1.amazonaws.com
SMTP_PORT = 465
USER = AKIATNPWHAQOUCDTQX3M
PASSWORD = `BIJv8zsMFmHAOQPXn9/0lMKitVGCRiFvgQ50zj+70XDK`

I have also tried PASSWORD with ` and without. Different protocols smtp+starttls on port 587. Same result. It connects successfully but credentials are invalid.

Gitea error message

Failed to send a testing email to "recipient@example.org": gomail: could not send email 1: failed to authenticate SMTP: 535 Authentication Credentials Invalid

Explanation of error message is here https://docs.aws.amazon.com/ses/latest/dg/troubleshoot-smtp.html

Example program in Go using gomail.v2. I'm not a Golang programmer so this is AI generated code but fortunately, it works.

package main

import (
    "gopkg.in/gomail.v2"
    "log"
)

func main() {
    sender := "example <noreplay@example.org>"
    username := "AKIATNPWHAQOUCDTQX3M"
    password := "BIJv8zsMFmHAOQPXn9/0lMKitVGCRiFvgQ50zj+70XDK"
    recipient := "recipient@example.org"
    smtpHost := "email-smtp.eu-central-1.amazonaws.com"
    smtpPort := 465

    message := gomail.NewMessage()
    message.SetHeader("From", sender)
    message.SetHeader("To", recipient)
    message.SetHeader("Subject", "Hello from Gomail!")
    message.SetBody("text/plain", "This is a test email sent using Gomail.")

    dialer := gomail.NewDialer(smtpHost, smtpPort, username, password)

    if err := dialer.DialAndSend(message); err != nil {
        log.Fatalf("Could not send email: %v", err)
    } else {
        log.Println("Email sent successfully!")
    }
}

Output Email sent successfully! and really appears in the mailbox.

I have tried to run this program from golang:1.21 docker container - worked
from gitea/gitea:1.21.5-rootless docker container - worked

To summarise it

  • credentials are ok
  • gomail is working correctly
  • it is possible to send emails from gitea container (no missing certificates package, etc.)
@j123b567 commented on GitHub (Feb 21, 2024): I'm experiencing the exact same behavior with AWS SES. The given **credentials are real but no longer valid**. Email addresses are redacted. I'm using `gitea/gitea:1.21.5-rootless` docker image. ```ini [mailer] ENABLED = true FROM = example <noreplay@example.org> PROTOCOL = smtps SMTP_ADDR = email-smtp.eu-central-1.amazonaws.com SMTP_PORT = 465 USER = AKIATNPWHAQOUCDTQX3M PASSWORD = `BIJv8zsMFmHAOQPXn9/0lMKitVGCRiFvgQ50zj+70XDK` ``` I have also tried PASSWORD with \` and without. Different protocols `smtp+starttls` on port 587. Same result. It connects successfully but credentials are invalid. Gitea error message ``` Failed to send a testing email to "recipient@example.org": gomail: could not send email 1: failed to authenticate SMTP: 535 Authentication Credentials Invalid ``` Explanation of error message is here https://docs.aws.amazon.com/ses/latest/dg/troubleshoot-smtp.html Example program in Go using gomail.v2. I'm not a Golang programmer so this is AI generated code but fortunately, it works. ```go package main import ( "gopkg.in/gomail.v2" "log" ) func main() { sender := "example <noreplay@example.org>" username := "AKIATNPWHAQOUCDTQX3M" password := "BIJv8zsMFmHAOQPXn9/0lMKitVGCRiFvgQ50zj+70XDK" recipient := "recipient@example.org" smtpHost := "email-smtp.eu-central-1.amazonaws.com" smtpPort := 465 message := gomail.NewMessage() message.SetHeader("From", sender) message.SetHeader("To", recipient) message.SetHeader("Subject", "Hello from Gomail!") message.SetBody("text/plain", "This is a test email sent using Gomail.") dialer := gomail.NewDialer(smtpHost, smtpPort, username, password) if err := dialer.DialAndSend(message); err != nil { log.Fatalf("Could not send email: %v", err) } else { log.Println("Email sent successfully!") } } ``` Output `Email sent successfully!` and really appears in the mailbox. I have tried to run this program from `golang:1.21` docker container - worked from `gitea/gitea:1.21.5-rootless` docker container - worked To summarise it - credentials are ok - gomail is working correctly - it is possible to send emails from gitea container (no missing certificates package, etc.)
GiteaMirror commented 2025-11-02 10:00:03 -06:00
Author
Owner
Copy Link

@jrjake commented on GitHub (Feb 21, 2024):

[mailer]
ENABLED = true
FROM = example <noreplay@example.org>
PROTOCOL = smtps
SMTP_ADDR = email-smtp.eu-central-1.amazonaws.com
SMTP_PORT = 465
USER = AKIATNPWHAQOUCDTQX3M
PASSWORD = `BIJv8zsMFmHAOQPXn9/0lMKitVGCRiFvgQ50zj+70XDK`

I believe the key is PASSWD not PASSWORD, so config should be:

[mailer]
PASSWD = BIJv8zsMFmHAOQPXn9/0lMKitVGCRiFvgQ50zj+70XDK

See: https://docs.gitea.com/next/administration/config-cheat-sheet

@jrjake commented on GitHub (Feb 21, 2024): > ```ini > [mailer] > ENABLED = true > FROM = example <noreplay@example.org> > PROTOCOL = smtps > SMTP_ADDR = email-smtp.eu-central-1.amazonaws.com > SMTP_PORT = 465 > USER = AKIATNPWHAQOUCDTQX3M > PASSWORD = `BIJv8zsMFmHAOQPXn9/0lMKitVGCRiFvgQ50zj+70XDK` > ``` I believe the key is PASSWD not PASSWORD, so config should be: ```ini [mailer] PASSWD = BIJv8zsMFmHAOQPXn9/0lMKitVGCRiFvgQ50zj+70XDK ``` See: https://docs.gitea.com/next/administration/config-cheat-sheet
GiteaMirror commented 2025-11-02 10:00:03 -06:00
Author
Owner
Copy Link

@mertcangokgoz commented on GitHub (May 29, 2025):

the connection is successful, but it gives the following error

"failed to authenticate SMTP: 535 Authentication Credentials Invalid"

I can send mail from another app with the same information without any problem

[mailer]
ENABLED        = true
ENABLE_HELO    = true
FROM           = Git <git@redacted.net>
ENVELOPE_FROM  = git@redacted.net
PROTOCOL       = smtp+starttls
SMTP_ADDR      = email-smtp.eu-central-1.amazonaws.com
SMTP_PORT      = 587
USER           = REDACTED
PASSWD         = `REDACTED`

Can anyone send an e-mail with amazon ses?

@mertcangokgoz commented on GitHub (May 29, 2025): the connection is successful, but it gives the following error "failed to authenticate SMTP: 535 Authentication Credentials Invalid" I can send mail from another app with the same information without any problem ``` [mailer] ENABLED = true ENABLE_HELO = true FROM = Git <git@redacted.net> ENVELOPE_FROM = git@redacted.net PROTOCOL = smtp+starttls SMTP_ADDR = email-smtp.eu-central-1.amazonaws.com SMTP_PORT = 587 USER = REDACTED PASSWD = `REDACTED` ``` Can anyone send an e-mail with amazon ses?
GiteaMirror commented 2025-11-02 10:00:04 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (May 29, 2025):

Could you try ENABLE_HELO = false?

@lunny commented on GitHub (May 29, 2025): Could you try `ENABLE_HELO = false`?
GiteaMirror commented 2025-11-02 10:00:04 -06:00
Author
Owner
Copy Link

@mertcangokgoz commented on GitHub (May 31, 2025):

Could you try ENABLE_HELO = false?

Yes, I tried, nothing has changed.

@mertcangokgoz commented on GitHub (May 31, 2025): > Could you try `ENABLE_HELO = false`? Yes, I tried, nothing has changed.
GiteaMirror commented 2025-11-02 10:00:04 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (May 31, 2025):

I cannot reproduce it from my side. Maybe you can try to change passwd = `REDACTED` to passwd = REDACTED

@lunny commented on GitHub (May 31, 2025): I cannot reproduce it from my side. Maybe you can try to change passwd = \`REDACTED\` to passwd = REDACTED
GiteaMirror commented 2025-11-02 10:00:04 -06:00
Author
Owner
Copy Link

@mertcangokgoz commented on GitHub (Jun 4, 2025):

I cannot reproduce it from my side. Maybe you can try to change passwd = REDACTED to passwd = REDACTED

I don't understand. Aren't they the same? What do I change?

@mertcangokgoz commented on GitHub (Jun 4, 2025): > I cannot reproduce it from my side. Maybe you can try to change passwd = `REDACTED` to passwd = REDACTED I don't understand. Aren't they the same? What do I change?
GiteaMirror commented 2025-11-02 10:00:05 -06:00
Author
Owner
Copy Link

@mertcangokgoz commented on GitHub (Jun 7, 2025):

update: I have tried so many things, but I can run other applications with exactly the same configuration without any problem.

Has no one ever needed such a restructuring? Is there a working example?

@mertcangokgoz commented on GitHub (Jun 7, 2025): update: I have tried so many things, but I can run other applications with exactly the same configuration without any problem. Has no one ever needed such a restructuring? Is there a working example?
GiteaMirror commented 2025-11-02 10:00:05 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Jun 7, 2025):

update: I have tried so many things, but I can run other applications with exactly the same configuration without any problem.

Has no one ever needed such a restructuring? Is there a working example?

What error message do you see when you test sending an email?

@lunny commented on GitHub (Jun 7, 2025): > update: I have tried so many things, but I can run other applications with exactly the same configuration without any problem. > > Has no one ever needed such a restructuring? Is there a working example? What error message do you see when you test sending an email?
GiteaMirror commented 2025-11-02 10:00:05 -06:00
Author
Owner
Copy Link

@mertcangokgoz commented on GitHub (Jun 7, 2025):

update: I have tried so many things, but I can run other applications with exactly the same configuration without any problem.
Has no one ever needed such a restructuring? Is there a working example?

What error message do you see when you test sending an email?

failed to authenticate SMTP: 535 Authentication Credentials Invalid

but I tried with listmonk with the same information and I was able to send mail successfully.

@mertcangokgoz commented on GitHub (Jun 7, 2025): > > update: I have tried so many things, but I can run other applications with exactly the same configuration without any problem. > > Has no one ever needed such a restructuring? Is there a working example? > > What error message do you see when you test sending an email? ``` failed to authenticate SMTP: 535 Authentication Credentials Invalid ``` but I tried with listmonk with the same information and I was able to send mail successfully.
GiteaMirror commented 2025-11-02 10:00:06 -06:00
Author
Owner
Copy Link

@GiteaBot commented on GitHub (Jul 8, 2025):

We close issues that need feedback from the author if there were no new comments for a month. 🍵

@GiteaBot commented on GitHub (Jul 8, 2025): We close issues that need feedback from the author if there were no new comments for a month. :tea:
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/needs-feedback topic/authentication type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#12145
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?