github-starred/pangolin
2
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-15 03:17:19 -05:00
Code Issues 94 Packages Projects Releases 48 Wiki Activity

Secure SMTP does not work #86

New Issue
Closed
opened 2025-11-13 11:49:28 -06:00 by GiteaMirror · 7 comments
GiteaMirror commented 2025-11-13 11:49:28 -06:00
Owner
Copy Link

Originally created by @Glow91 on GitHub (Feb 15, 2025).

I tried to configure the email part and as my provider only shows the secure stuff on the page my config looks like this:

email:
    smtp_host: "smtp.strato.de"
    smtp_port: 465
    smtp_user: "printer@mydomain.de"
    smtp_pass: "xxxxxxxxx"
    smtp_secure: true
    no_reply: "printer@mydomain.de"

It looks like there is an Problem with the secure connection because this config results in an error loke this:

2025-02-13T23:18:19.875Z [error]: Connection timeout Stack: Error: Connection timeout at SMTPConnection._formatError (/app/node_modules/nodemailer/lib/smtp-connection/index.js:807:19) at SMTPConnection._onError (/app/node_modules/nodemailer/lib/smtp-connection/index.js:793:20) at Timeout.<anonymous> (/app/node_modules/nodemailer/lib/smtp-connection/index.js:237:22) at listOnTimeout (node:internal/timers:581:17) at process.processTimers (node:internal/timers:519:7) {"code":"ETIMEDOUT","command":"CONN"}

After removing the smtp_secure property and set the port to 587 everything works fine.
For my usecase this ist just fine and I will use the unsecure connection, but maybe someone will have a look into it :)

Originally created by @Glow91 on GitHub (Feb 15, 2025). I tried to configure the email part and as my provider only shows the secure stuff on the page my config looks like this: ``` email: smtp_host: "smtp.strato.de" smtp_port: 465 smtp_user: "printer@mydomain.de" smtp_pass: "xxxxxxxxx" smtp_secure: true no_reply: "printer@mydomain.de" ``` It looks like there is an Problem with the secure connection because this config results in an error loke this: `2025-02-13T23:18:19.875Z [error]: Connection timeout Stack: Error: Connection timeout at SMTPConnection._formatError (/app/node_modules/nodemailer/lib/smtp-connection/index.js:807:19) at SMTPConnection._onError (/app/node_modules/nodemailer/lib/smtp-connection/index.js:793:20) at Timeout.<anonymous> (/app/node_modules/nodemailer/lib/smtp-connection/index.js:237:22) at listOnTimeout (node:internal/timers:581:17) at process.processTimers (node:internal/timers:519:7) {"code":"ETIMEDOUT","command":"CONN"}` After removing the smtp_secure property and set the port to 587 everything works fine. For my usecase this ist just fine and I will use the unsecure connection, but maybe someone will have a look into it :)
GiteaMirror commented 2025-11-13 11:49:29 -06:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Feb 15, 2025):

HI!

Just curious are you sure that your SMTP provider supports secure on 465? It looks like it was trying to connect but timing out which may suggest that it is not supported?

Otherwise we will test and see if we can reproduce!

@oschwartz10612 commented on GitHub (Feb 15, 2025): HI! Just curious are you sure that your SMTP provider supports secure on 465? It looks like it was trying to connect but timing out which may suggest that it is not supported? Otherwise we will test and see if we can reproduce!
GiteaMirror commented 2025-11-13 11:49:29 -06:00
Author
Owner
Copy Link

@Glow91 commented on GitHub (Feb 15, 2025):

HI,
I use the same SMTP Mail in my Bitwarden Instance and it works fine on port 465.

Let me know in case I can provide further information or semething else.

@Glow91 commented on GitHub (Feb 15, 2025): HI, I use the same SMTP Mail in my Bitwarden Instance and it works fine on port 465. Let me know in case I can provide further information or semething else.
GiteaMirror commented 2025-11-13 11:49:29 -06:00
Author
Owner
Copy Link

@zandercodes commented on GitHub (Mar 11, 2025):

HI, I use the same SMTP Mail in my Bitwarden Instance and it works fine on port 465.

Let me know in case I can provide further information or semething else.

The question is, is it STARTTLS or just TLS.
These are two different protocols.
Which of these does not work?
If it is a self-signed mail server certificate, this will probably be the problem.

@zandercodes commented on GitHub (Mar 11, 2025): > HI, I use the same SMTP Mail in my Bitwarden Instance and it works fine on port 465. > > Let me know in case I can provide further information or semething else. The question is, is it STARTTLS or just TLS. These are two different protocols. Which of these does not work? If it is a self-signed mail server certificate, this will probably be the problem.
GiteaMirror commented 2025-11-13 11:49:30 -06:00
Author
Owner
Copy Link

@tomasodehnal commented on GitHub (Apr 5, 2025):

Checking with openssl the cert is trusted from public CA, doesn't seem this is the issue.

I have tested both SMTP connection options and they work fine with my server:

  • SSL/TLS 
    smtp_host: "smtp.purelymail.com"
smtp_port: 465
smtp_secure: true
  • STARTTLS 
    smtp_host: "smtp.purelymail.com"
smtp_port: 587
smtp_secure: false

When trying with incorrect credentials (just for the sake of the test) on smtp.strato.de, I don't get connection timed out but the expected auth failed:

pangolin  | 2025-04-05T08:22:00.187Z [error]: Invalid login: 535 5.7.8 Authentication failed: wrong user/password

@Glow91 Could you maybe try it once more? Looks like there was some temporary issue along the way.

@tomasodehnal commented on GitHub (Apr 5, 2025): Checking with openssl the cert is trusted from public CA, doesn't seem this is the issue. I have tested both SMTP connection options and they work fine with my server: - SSL/TLS ``` smtp_host: "smtp.purelymail.com" smtp_port: 465 smtp_secure: true ``` - STARTTLS ``` smtp_host: "smtp.purelymail.com" smtp_port: 587 smtp_secure: false ``` When trying with incorrect credentials (just for the sake of the test) on `smtp.strato.de`, I don't get connection timed out but the expected auth failed: ``` pangolin | 2025-04-05T08:22:00.187Z [error]: Invalid login: 535 5.7.8 Authentication failed: wrong user/password ``` @Glow91 Could you maybe try it once more? Looks like there was some temporary issue along the way.
GiteaMirror commented 2025-11-13 11:49:30 -06:00
Author
Owner
Copy Link

@Glow91 commented on GitHub (Apr 18, 2025):

Sorry for the late answer. I found some time to check this again and got the same result.

I used this configuration:
email:
smtp_host: "smtp.strato.de"
smtp_port: 465 -- Commented to get it work again
smtp_user: "mymail@mydomain.de"
smtp_pass: "mypass"
smtp_secure: true -- Commented to get it work again
no_reply: "mymail@mydomain.de"

Here a link to Strato documentation --> https://www.strato.de/faq/mail/so-lauten-die-strato-e-mail-server/

@Glow91 commented on GitHub (Apr 18, 2025): Sorry for the late answer. I found some time to check this again and got the same result. I used this configuration: email: smtp_host: "smtp.strato.de" smtp_port: 465 -- Commented to get it work again smtp_user: "mymail@mydomain.de" smtp_pass: "mypass" smtp_secure: true -- Commented to get it work again no_reply: "mymail@mydomain.de" Here a link to Strato documentation --> https://www.strato.de/faq/mail/so-lauten-die-strato-e-mail-server/
GiteaMirror commented 2025-11-13 11:49:30 -06:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Apr 22, 2025):

We need to see if the machine/container running Pangolin can establish a basic TLS connection to Strato on port 465 without involving Pangolin's code. On shell inside the environment where Pangolin is running please try running the following command:

openssl s_client -connect smtp.strato.de:465 -crlf

What to look for:

Does it successfully connect and show certificate information, eventually saying something like 220 smtp.strato.de ESMTP RZmta ...? (You can type QUIT after it connects).

Or does this openssl command also hang or time out?

Please paste the output (or describe the result) here. This test bypasses Nodemailer and helps determine if the issue is at a lower network/TLS level within your Pangolin environment or if it's specific to how Pangolin/Nodemailer initiates the connection.

@oschwartz10612 commented on GitHub (Apr 22, 2025): We need to see if the machine/container running Pangolin can establish a basic TLS connection to Strato on port 465 without involving Pangolin's code. On shell inside the environment where Pangolin is running please try running the following command: ``` openssl s_client -connect smtp.strato.de:465 -crlf ``` What to look for: Does it successfully connect and show certificate information, eventually saying something like 220 smtp.strato.de ESMTP RZmta ...? (You can type QUIT after it connects). Or does this openssl command also hang or time out? Please paste the output (or describe the result) here. This test bypasses Nodemailer and helps determine if the issue is at a lower network/TLS level within your Pangolin environment or if it's specific to how Pangolin/Nodemailer initiates the connection.
GiteaMirror commented 2025-11-13 11:49:30 -06:00
Author
Owner
Copy Link

@Glow91 commented on GitHub (Apr 22, 2025):

Thanks for the quick response.
The mentioned command also leads to an timeout.
After some investigation I saw that my VPS Provider blocks some Ports because auf Spam protection and these Ports needs to be unlocked by request.

Im pretty sure after this is done there are no more issues.

Very sorry for wasting your time. But i appreciate your effort.
I will give final feedback after response from my VPS provider but from my side the issue can be closed.

(Edit): Port is now unlocked by my VPS Provider and everything works fine.
Thanks guys for this amazing piece of software ❤

@Glow91 commented on GitHub (Apr 22, 2025): Thanks for the quick response. The mentioned command also leads to an timeout. After some investigation I saw that my VPS Provider blocks some Ports because auf Spam protection and these Ports needs to be unlocked by request. Im pretty sure after this is done there are no more issues. Very sorry for wasting your time. But i appreciate your effort. I will give final feedback after response from my VPS provider but from my side the issue can be closed. (Edit): Port is now unlocked by my VPS Provider and everything works fine. Thanks guys for this amazing piece of software ❤
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
api
authentication
bug
config
dependencies
docker
documentation
enhancement
good first issue
help wanted
Improvement
Look Into
needs investigating
networking
new feature
non-critical bug
potential bug
pull-request
Mirrored from GitHub Pull Request
 question
reverse proxy
Security
stale
ui
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#86
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?