Rundeck gmail smtp setting - ssl

I've been trying for weeks to get to configure rundeck to send emails using my gmail smtp settings on a Centos7 vm. I do have an ssl cert (that I purchased) configured for the server. Not sure if that has something to do with it. So far I have:
Converted the "/etc/rundeck/rundeck-config.properties" file to
"/etc/rundeck/rundeck-config.groovy" file
Updates the "/etc/sysconfig/rundeckd" file with the following settings. "export RUNDECK_WITH_SSL=true
export RDECK_CONFIG_FILE="/etc/rundeck/rundeck-config.groovy"
Edited my "/etc/rundeck/rundeck-config.groovy" with the following text.
loglevel.default="INFO"
rdeck.base="/var/lib/rundeck"
rss.enabled=false
grails.mail.default.from="user#gmail.com"
dataSource.dbCreate = "update"
dataSource.url = "jdbc:h2:file:/var/lib/rundeck/data/rundeckdb;MVCC=true;TRACE_LEVEL_FILE=4"
grails {
mail {
host = "smtp.gmail.com"
username = "user#gmail.com"
port = 465
password = "password"
props = ["mail.smtp.auth":"true",
"mail.smtp.port":"465",
"mail.smtp.starttls.enable":"true",
"mail.smtp.socketFactory.port":"465",
"mail.smtp.socketFactory.fallback":"false"]
}
}
grails.serverURL="https://rundeck-server:4443"
rundeck.log4j.config.file = "/etc/rundeck/log4j.properties"
If I run it with port 465, I receive the following error.
2019-01-03 14:57:26.260 ERROR --- [eduler_Worker-1] rundeck.services.NotificationService : Error sending notification email to user#gmail.com for Execution 231: Mail server connection failed; nested exception is javax.mail.MessagingException: Could not connect to SMTP host: smtp.gmail.com, port: 465, response: -1. Failed messages: javax.mail.MessagingException: Could not connect to SMTP host: smtp.gmail.com, port: 465, response: -1
If I configure using port 587, I receive the following error in the "/var/log/rundeck/service.log"
2019-01-03 15:05:52.121 ERROR --- [eduler_Worker-1] rundeck.services.NotificationService : Error sending notification email to user#gmail.com for Execution 233: Mail server connection failed; nested exception is javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Failed messages: javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Alternatively, I installed mailx and although theres an error in the logs, it successfully sends an email when I run the following "echo "Your message" | mail -v -s "Message Subject" user#gmail.com" command. The output is
Resolving host smtp.gmail.com . . . done.
Connecting to x.x.x.x:465 . . . connected.
Error in certificate: Peer's certificate issuer is not recognized.
Comparing DNS name: "smtp.gmail.com"
SSL parameters: cipher=AES-xxx-GCM, keysize=xxx, secretkeysize=xxx,
issuer=CN=Google Internet Authority G3,O=Google Trust Services,C=US
subject=CN=smtp.gmail.com,O=Google LLC,L=Mountain View,ST=California,C=US
220 smtp.gmail.com ESMTP b22sm9658588ios.45 - gsmtp
>>> EHLO rundeck-server
250-smtp.gmail.com at your service, [x.x.x.x]
250-SIZE 35882577
250-8BITMIME
250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
>>> AUTH LOGIN
334 xxxx
>>> xxxx==
334 xxxx
>>> xxxx==
235 2.7.0 Accepted
>>> MAIL FROM:<user#rundeck-server>
250 2.1.0 OK xx - gsmtp
>>> RCPT TO:<user#gmail.com>
250 2.1.5 OK xx - gsmtp
>>> DATA
354 Go ahead xx - gsmtp
>>> .
250 2.0.0 OK xx - gsmtp
>>> QUIT
221 2.0.0 closing connection xx - gsmtp
I added the following to the bottom of my "/etc/mail.rc" file
set smtp=smtps://smtp.gmail.com:465
set smtp-auth=login
set smtp-auth-user=USER.GMAIL.COM
set smtp-auth-password='password'
set ssl-verify=ignore
set nss-config-dir=/etc/pki/nssdb/


Looks like you're using a self-signed certificate or non trusted certificate by google, check that:
Related links:
Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
http://web.archive.org/web/20080820101722/http://blogs.sun.com/andreas/entry/no_more_unable_to_find
https://news.ycombinator.com/item?id=4920088
http://code.naishe.in/2011/07/looks-like-article-no-more-unable-to.html


I send emails from my gmail account with these settings in /etc/rundeck/rundeck-config.groovy
grails {
mail {
host = "smtp.gmail.com"
username = "USER"
port = 587
password = "PASSWORD"
props = ["mail.smtp.starttls.enable":"true","mail.smtp.auth":"true","mail.smtp.socketFactory.port":"587","mail.smtp.socketFactory.fallback":"false"]
}
}

Related

Unable to remotly connect to SSL enabled application from Hawtio

I am not able to remotly connect to my springboot microservice from hawtio.
If i am disabling ssl then i am able to see camel routes in hawtio console.
hawtio console
Error in response:
Request URL: http://localhost:8090/hawtio/proxy/https/lxapptaldev003/4150/jolokia/
Request Method: POST
Status Code: 500 sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Add this JVM parameter:
-Dhawtio.proxyDisableCertificateValidation=true
Credit:
Google-Groups

PHPMailer fails after upgrade from PHP 5.5 to 7.1.4

Specifically we fail with this message:
[30-Apr-2017 14:05:18 UTC] PHP Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure in /home/xxxxxxxx/public_html/phpmailer/PHPMailer-5.2.8/class.smtp.php on line 272
Googling this we find reports of similar errors during upgrades from PHP 5.5 - but these all stem from improved certificate verification introduced in PHP 5.6. This doesnt seem to be our issue. For instance - following the PHPMailer troubleshooting wiki - we are able to connect to the smtp server with openSSL.
openssl s_client -starttls smtp -crlf -connect vps.ourserver.com:587
.
.
SSL handshake has read 5284 bytes and written 468 bytes
.
.
Verify return code: 0 (ok)
Turning SMTBDebug on (level 4) doesn't really show anything useful:
2017-04-30 16:04:54 CLIENT -> SERVER: STARTTLS
2017-04-30 16:04:54 SMTP -> get_lines(): $data is ""
2017-04-30 16:04:54 SMTP -> get_lines(): $str is "220 TLS go ahead
"
2017-04-30 16:04:54 SERVER -> CLIENT: 220 TLS go ahead
2017-04-30 16:04:54 SMTP Error: Could not connect to SMTP host.
2017-04-30 16:04:54 CLIENT -> SERVER: QUIT
As stated - this problem started immediately after the PHP upgrade. No changes to code or SSL/Certificate configurations.
Suggestions on next steps to troubleshoot?
Edit: It was suggested that this question may have been solved previously SSL3_GET_SERVER_CERTIFICATE.. but it is a different error message (and I did try overriding the smtpoptions as suggested - to no effect).

Solved.
Upgraded to PHPMailer 5.2.23 and the error message disappeared. Thanks to Synchro (despite the snarky tone...lol).

getting correct certificate info for offlineimap from outlook imap server

I'm trying to use offlineimap to download Outlook.com messages, but can't seem to get the security correct (I use offlineimap successfully for other IMAP accounts as well). In .offlineimaprc, in the remote repository section, I've put:
[Repository remoteOutlook]
type = IMAP
remotehost = imap-mail.outlook.com
ssl = yes
cert_fingerprint = c914dd966dbd0912c36ec294f83d8d3b5a434729
remoteport = 993
remoteuser = <hidden>
remotepass = <hidden>
The fingerprint was captured using gnutls-cli, as follows:
$ gnutls-cli -p 993 imap-mail.outlook.com
Processed 168 CA certificate(s).
Resolving 'imap-mail.outlook.com'...
Connecting to '157.56.195.250:993'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `C=US,ST=Washington,L=Redmond,O=Microsoft Corporation,CN=*.hotmail.com', issuer `C=BE,O=GlobalSign nv-sa,CN=GlobalSign Organization Validation CA - SHA256 - G2', RSA key 2048 bits, signed using RSA-SHA256, activated `2015-12-15 22:26:11 UTC', expires `2016-12-15 22:26:11 UTC', SHA-1 fingerprint `c914dd966dbd0912c36ec294f83d8d3b5a434729'
Public Key ID:
e74e1f5a4a2656b5bbf73ae68e293e43a0846941
Public key's random art:
+--[ RSA 2048]----+
| .E |
| . |
| + . |
| + . . . . |
| . . .S.o . |
| . +. . |
| o.= + |
| . *+= =+ |
| .=+==++.|
+-----------------+
- Certificate[1] info:
- subject `C=BE,O=GlobalSign nv-sa,CN=GlobalSign Organization Validation CA - SHA256 - G2', issuer `C=BE,O=GlobalSign nv-sa,OU=Root CA,CN=GlobalSign Root CA', RSA key 2048 bits, signed using RSA-SHA256, activated `2014-02-20 10:00:00 UTC', expires `2024-02-20 10:00:00 UTC', SHA-1 fingerprint `902ef2deeb3c5b13ea4c3d5193629309e231ae55'
- Status: The certificate is trusted.
- Description: (TLS1.0)-(ECDHE-RSA-SECP384R1)-(AES-256-CBC)-(SHA1)
- Session ID: 82:4B:00:00:4D:3C:F0:07:B9:B1:49:21:9F:95:99:A9:8B:E4:A7:44:21:6F:06:F6:15:6D:76:F5:F6:3F:4C:97
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP384R1
- Curve size: 384 bits
- Version: TLS1.0
- Key Exchange: ECDHE-RSA
- Cipher: AES-256-CBC
- MAC: SHA1
- Compression: NULL
- Options: extended master secret, safe renegotiation,
- Handshake was completed
- Simple Client Mode:
* OK Outlook.com IMAP4rev1 server version 17.4.0.0 ready (DUB451-IMAP396)
*** Fatal error: The TLS connection was non-properly terminated.
*** Server has terminated the connection abnormally.
This output shows two certificates (0 and 1), with respective SHA1 fingerprints,
c914dd966dbd0912c36ec294f83d8d3b5a434729
902ef2deeb3c5b13ea4c3d5193629309e231ae55
If I use the first one (as shown in .offlineimaprc above), offlineimap fails to authenticate correctly, and the response is "BAD ['SASL Token argument is missing or invalid.']":
$ offlineimap -o
XOAUTH2 authentication failed: AUTHENTICATE command error: BAD ['SASL Token argument is missing or invalid.']. Data: FBPH2 AUTHENTICATE XOAUTH2
PLAIN authentication failed: [AUTHENTICATIONFAILED] Invalid username or password.
LOGIN authentication failed: [AUTHENTICATIONFAILED] Invalid username or password.
ERROR: All authentication types failed:
XOAUTH2: AUTHENTICATE command error: BAD ['SASL Token argument is missing or invalid.']. Data: FBPH2 AUTHENTICATE XOAUTH2
PLAIN: [AUTHENTICATIONFAILED] Invalid username or password.
LOGIN: [AUTHENTICATIONFAILED] Invalid username or password.
ERROR: Exceptions occurred during the run!
ERROR: All authentication types failed:
XOAUTH2: AUTHENTICATE command error: BAD ['SASL Token argument is missing or invalid.']. Data: FBPH2 AUTHENTICATE XOAUTH2
PLAIN: [AUTHENTICATIONFAILED] Invalid username or password.
LOGIN: [AUTHENTICATIONFAILED] Invalid username or password.
Traceback:
File "/usr/lib64/python2.7/site-packages/offlineimap/accounts.py", line 271, in syncrunner
self.__sync()
File "/usr/lib64/python2.7/site-packages/offlineimap/accounts.py", line 334, in __sync
remoterepos.getfolders()
File "/usr/lib64/python2.7/site-packages/offlineimap/repository/IMAP.py", line 448, in getfolders
imapobj = self.imapserver.acquireconnection()
File "/usr/lib64/python2.7/site-packages/offlineimap/imapserver.py", line 525, in acquireconnection
self.__authn_helper(imapobj)
File "/usr/lib64/python2.7/site-packages/offlineimap/imapserver.py", line 437, in __authn_helper
"failed:\n\t%s"% msg, OfflineImapError.ERROR.REPO)
Alternatively, if I use the second, offlineimap reports that actually the first fingerprint is the one that the outlook server uses, but as shown previously that one fails, insisting that the username/password is bad.
$ offlineimap -o
ERROR: Server SSL fingerprint 'c914dd966dbd0912c36ec294f83d8d3b5a434729' for hostname 'imap-mail.outlook.com' does not match configured fingerprint(s) ['902ef2deeb3c5b13ea4c3d5193629309e231ae55']. Please verify and set 'cert_fingerprint' accordingly if not set yet.
ERROR: Exceptions occurred during the run!
ERROR: Server SSL fingerprint 'c914dd966dbd0912c36ec294f83d8d3b5a434729' for hostname 'imap-mail.outlook.com' does not match configured fingerprint(s) ['902ef2deeb3c5b13ea4c3d5193629309e231ae55']. Please verify and set 'cert_fingerprint' accordingly if not set yet.
Traceback:
File "/usr/lib64/python2.7/site-packages/offlineimap/accounts.py", line 271, in syncrunner
self.__sync()
File "/usr/lib64/python2.7/site-packages/offlineimap/accounts.py", line 334, in __sync
remoterepos.getfolders()
File "/usr/lib64/python2.7/site-packages/offlineimap/repository/IMAP.py", line 448, in getfolders
imapobj = self.imapserver.acquireconnection()
File "/usr/lib64/python2.7/site-packages/offlineimap/imapserver.py", line 511, in acquireconnection
af=self.af,
File "/usr/lib64/python2.7/site-packages/offlineimap/imaplibutil.py", line 194, in __init__
super(WrappedIMAP4_SSL, self).__init__(*args, **kwargs)
File "/usr/lib64/python2.7/site-packages/offlineimap/bundled_imaplib2.py", line 2135, in __init__
IMAP4.__init__(self, host, port, debug, debug_file, identifier, timeout, debug_buf_lvl)
File "/usr/lib64/python2.7/site-packages/offlineimap/bundled_imaplib2.py", line 357, in __init__
self.open(host, port)
File "/usr/lib64/python2.7/site-packages/offlineimap/imaplibutil.py", line 213, in open
OfflineImapError.ERROR.REPO)
I've checked username and password several times (I use the same setup in mutt, and this works fine in terms of accessing the outlook IMAP server). Can anyone tell me what I might be doing incorrectly?

OK, I should have paid more attention to the very first error message:
XOAUTH2 authentication failed: AUTHENTICATE command error: BAD ['SASL Token argument is missing or invalid.']. Data: BFKO2 AUTHENTICATE XOAUTH2
Apparently, as discussed in this archlinux forum thread, the default authentication order in offlineimap is
auth_mechanisms = GSSAPI, CRAM-MD5, XOAUTH2, PLAIN, LOGIN
In order for OAUTH2 to work, as detailed here additional settings need to be present in .offlineimaprc:
oauth2_client_secret = ...
oauth2_client_id = ...
oauth2_refresh_token = ...
So the first certificate fingerprint is indeed correct, the error is just a notice that XOAUTH2 failed, which can be suppressed simply by specifying the authentication protocols explicitly, and removing XOAUTH2 from the list:
auth_mechanisms = GSSAPI, CRAM-MD5, PLAIN, LOGIN
I will give setting up XOAUTH2 a shot and post back.

Pentaho PDI - Mail using gmail account Connection timed out

Whilst trying to send email using GMAIL on the PDI job, I face a connection timed out error.
Settings were as give below
SMTP ->smtp.gmail.com
Port -> 465 (also tried with 587 and 25)
And followed by SSL connection with my full credentials.
This is the error I am getting
2016/08/24 11:56:48 - Mail - ERROR (version 6.1.0.1-196, build 1 from 2016-04-07 12.08.49 by buildguy) : Problem while sending message: javax.mail.MessagingException: Could not connect to SMTP host: smtp.gmail.com, port: 465;
nested exception is:
java.net.ConnectException: Connection timed out: connect
I see a similar open question here but with little help
Any help?

by using below server configuration i used to send mail from PDI
1.SMTP ->smtp.gmail.com
2.Port -> 465
3. use authentication [check this]
4.authentication user (use your gmail id)
5.authentication password (use your gmail password)
6.use secure authentication
7. secure connection type = SSL
when this job will execute in your gmail account a security concern mail will be sent by gmail team and you need to allow that security check

PHPmailer google oAuth authentication failure

trying to send notification mails from my web site to myself using google smtp with phpmailer and I got to a point where I have a refresh token.
when I try to test the mail I get the following debug Error:
SERVER -> CLIENT: 220 smtp.gmail.com ESMTP h6sm35172248paf.23 - gsmtp
CLIENT -> SERVER: EHLO localhost
SERVER -> CLIENT: 250-smtp.gmail.com at your service, [2001:569:78a5:aa00:8d54:17b8:c04b:1f31]250-SIZE 35882577250-8BITMIME250-STARTTLS250-ENHANCEDSTATUSCODES250-PIPELINING250-CHUNKING250 SMTPUTF8
CLIENT -> SERVER: STARTTLS
SERVER -> CLIENT: 220 2.0.0 Ready to start TLS
CLIENT -> SERVER: EHLO localhost
SERVER -> CLIENT: 250-smtp.gmail.com at your service, [2001:569:78a5:aa00:8d54:17b8:c04b:1f31]250-SIZE 35882577250-8BITMIME250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH250-ENHANCEDSTATUSCODES250-PIPELINING250-CHUNKING250 SMTPUTF8
CLIENT -> SERVER: AUTH XOAUTH2 dXNlcj1qYWNvYi5iYWxhYmFub3ZAZ21haWwuY29tAWF1dGg9QmVhcmVyIHlhMjkuQ2pIY0FneVhWcjlvdWVSUjRYN3o1aFhvYVFrRHROTDRONEwyd21DekpfTS1FWnpESWRQSHFlZlZTSEJTa3gwLXJDZ0oBAQ==
SERVER -> CLIENT: 334 eyJzdGF0dXMiOiI0MDAiLCJzY2hlbWVzIjoiQmVhcmVyIiwic2NvcGUiOiJodHRwczovL21haWwuZ29vZ2xlLmNvbS8ifQ==
SMTP ERROR: AUTH command failed: 334 eyJzdGF0dXMiOiI0MDAiLCJzY2hlbWVzIjoiQmVhcmVyIiwic2NvcGUiOiJodHRwczovL21haWwuZ29vZ2xlLmNvbS8ifQ==
SMTP Error: Could not authenticate.
CLIENT -> SERVER: QUIT
SERVER -> CLIENT: 535-5.7.8 Username and Password not accepted. Learn more at535 5.7.8 https://support.google.com/mail/answer/14257 h6sm35172248paf.23 - gsmtp
SMTP ERROR: QUIT command failed: 535-5.7.8 Username and Password not accepted. Learn more at535 5.7.8 https://support.google.com/mail/answer/14257 h6sm35172248paf.23 - gsmtp
SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting
string 'SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting' (length=82)
so I tried everything and I have no idea what to do...