SMTPAuthenticationError Rails Mailing Development - ruby-on-rails-4

Why am I getting a 500 error? I have not been able to successfully receive an email into my gmail account in developent
Here what is in my server log:
tarted POST "/contacts" for ::1 at 2015-04-06 12:23:42 -0500
Processing by ContactsController#create as */*
Parameters: {"utf8"=>"✓","authenticity_token"=>"2rAtjm6kGBtqrHwLM1oCdrjzJUhYuSR2eX+/4fJpgcCF2TvDs+jKtOPgXmSPOV/eQ9eIRlftynyB6VZKqHw4Ew==", "contact"=>{"name"=>"ahdiwhfjfhew", "email"=>"iahfiwhef#yahoo.com", "message"=>"kfbjwefawjbfjwbeakfekwjfjk3fwoefowqou"}, "commit"=>"Send Message"}
DEPRECATION WARNING: `#deliver` is deprecated and will be removed in Rails 5. Use `#deliver_now` to deliver immediately or `#deliver_later` to deliver through Active Job. (called from create at /Users/corneliusmurphy/spartan_strength_and_power/app/controllers/contacts_controller.rb:9)
Rendered /usr/local/lib/ruby/gems/2.2.0/gems/mail_form-1.5.0/lib/mail_form/views/mail_form/contact.erb (0.6ms)
MailForm::Notifier#contact: processed outbound mail in 83.5ms
Sent mail to neil.murphy0600#gmail.com (817.1ms)
Date: Mon, 06 Apr 2015 12:23:42 -0500
From: ahdiwhfjfhew <iahfiwhef#yahoo.com>
To: neil.murphy0600#gmail.com
Message-ID: <5522c11eb5b6b_596c3fc77b83f2c055624#CorneliussMBP3.mail>
Subject: My Contact Form
Mime-Version: 1.0
Content-Type: text/html;
charset=UTF-8
Content-Transfer-Encoding: 7bit
<h4 style="text-decoration:underline">My Contact Form</h4>
<p><b>Name:</b>
ahdiwhfjfhew</p>
<p><b>Email:</b>
iahfiwhef#yahoo.com</p>
<p><b>Message:</b>
kfbjwefawjbfjwbeakfekwjfjk3fwoefowqou</p>
Completed 500 Internal Server Error in 902ms
Net::SMTPAuthenticationError (534-5.7.14 <https://accounts.google.com/ContinueSignIn?sarp=1&scc=1&plt=AKgnsbt4U):app/controllers/contacts_controller.rb:9:in `create'

The answer was Because Google was an issue with Google security feature that can be enable/disabled within Gmail

Related

Does SNS HTTP/S delivery honor any HTTP codes?

I created a test to fill my SNS dead letter queue to help me develop code to read from this queue. Long story short, I thought an HTTP error would be easiest to simulate failures, but surprisingly, they seem to be counted as success.
In case I am doing it wrong and for the benefit of anyone else who wants to try this out, here is my methodology. I created an HTTP/s endpoint specifically for this test using a bash one liner:
while true; do echo -e "HTTP/1.1 200 OK\n" | nc -Nl 9078; echo "" && date; done
So far so good. I decided that returning a 401 code might be easiest. Capturing a 401 page output with netcat:
HTTP/1.1 401 Unauthorized
Server: nginx/1.21.0
Date: Wed, 01 Sep 2021 12:22:03 GMT
Content-Type: text/html
Content-Length: 179
Connection: keep-alive
WWW-Authenticate: Basic realm="Restricted example.com"
Strict-Transport-Security: max-age=31536000
<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.21.0</center>
</body>
</html>
I altered my one liner accordingly:
while true; do echo -e "$(cat 401error)\n" | nc -Nl 9078; echo "" && date; done
I verified that visiting this page in Firefox would pop up a password dialog.
Come test time, SNS blunders along and delivers the message without fear. The message never appears in the DLQ:
POST /poot/testingevent HTTP/1.1
x-amz-sns-message-type: Notification
x-amz-sns-message-id: REDACTED
x-amz-sns-topic-arn: REDACTED
x-amz-sns-subscription-arn: REDACTED
x-amz-sns-rawdelivery: true
Content-Length: 24
Content-Type: text/plain; charset=UTF-8
Host: example.com:9078
Connection: Keep-Alive
User-Agent: Amazon Simple Notification Service Agent
Accept-Encoding: gzip,deflate
{"401 for sure man": 11}
Wed Sep 1 12:25:31 UTC 2021
Does anyone know? Nothing so far uncovered in duckduckgoing "http code" sns. If I can capture some other codes (403,500,etc) using netcat, I thought it might be useful to know which, if any, are honored.
Any status code outside of the range 200 - 499 will be considered as a failure and retried according to your retry policy as per https://docs.aws.amazon.com/sns/latest/dg/sns-message-delivery-retries.html. Once the max number of retries has been exhausted, the message will be delivered to a DLQ if one is configured.

Postfix: Mailgun not triggered within same domain

The Configs
We did the usual main.cf (postfix) relay/sasl entries:
# Amavisd + SpamAssassin + ClamAV
#
content_filter = smtp-amavis:[127.0.0.1]:10024
# Concurrency per recipient limit.
smtp-amavis_destination_recipient_limit = 1
relayhost = [smtp.mailgun.org]:587
smtp_tls_security_level = encrypt
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = static:login#domain.com:password
smtp_sasl_security_options = noanonymous
This actually works perfectly fine, and mail deliveries are properly logged under Mailgun too.
The Problem
If we send an email within our domain, it's not triggering Mailgun. Means: if JohnDoe#ourXYZDomain.com sends an email to JaneDoe#ourXYZDomain, it is delivered via postfix. If JohnDoe#ourXYZDomain.com sends an email to JohnDoe#someOtherDomain.com, it is delivered and logged via Mailgun smtp.
The Analysis
Mails within same domain are sent and no errors are thrown. When looking into header of received email, it shows that postfix didn't even bother using Mailgun. See localhost [127.0.0.1] in line 6:
Subject:test - 00:11
Contact photo
From johndoe#ourXYZDomain.com Date Mon 00:11
Return-Path: <johndoe#ourXYZDomain.com>
Delivered-To: janedoe#ourXYZDomain.com
Received: from mail.ourXYZDomain.com (localhost [127.0.0.1])
by mail.ourXYZDomain.com (Postfix) with ESMTP id 49KwDw97hggXdtN
for <janedoe#ourXYZDomain.com>; Sun, 10 May 2020 20:11:12 +0000 (UTC)
Authentication-Results: mail.ourXYZDomain.com (amavisd-new); dkim=pass
reason="pass (just generated, assumed good)"
header.d=ourXYZDomain.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=
ourXYZDomain.com; h=user-agent:message-id:subject:subject
:to:from:from:date:date:content-transfer-encoding:content-type
:content-type:mime-version; s=dkim; t=1589141471; x=1591733472;
bh=WonWKNs0MVBQ4Md9bT3TQ0-----=; b=1lp9qX-----YE
HQwrRVwjLjcPcP/jkjhgjghgfWisfODNZ5xHnQto5Xa
D6/Wj8fAEpwiu8uG5Ujhugz778gjNZ8UhFXtJf2aK
1B8iZembDuiIsjg6fKj6snRjA=
X-Virus-Scanned: amavisd-new at mail.ourXYZDomain.com
Received: from mail.ourXYZDomain.com ([127.0.0.1])
by mail.ourXYZDomain.com (mail.ourXYZDomain.com [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id xzds0121548c for <janedoe#ourXYZDomain.com>;
Sun, 10 May 2020 20:11:11 +0000 (UTC)
Received: from _ (localhost [127.0.0.1])
by mail.ourXYZDomain.com (Postfix) with ESMTPSA id 49KwDv54101252XdtL
for <janedoe#ourXYZDomain.com>; Sun, 10 May 2020 20:11:11 +0000 (UTC)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
format=flowed
Content-Transfer-Encoding: 7bit
Date: Mon, 11 May 2020 00:11:11 +0400
From: johndoe#ourXYZDomain.com
To: janedoe#ourXYZDomain.com
Subject: test - 00:11
Message-ID: <1003f6125a2ff654101214#ourXYZDomain.com>
X-Sender: johndoe#ourXYZDomain.com
We have no explanation for this behaviour. Maybe we missed something?
Thank you for any hint
When You send mail from one $mydomain virtual mailbox to another $mydomain virtual mailbox postfix will not relay it to Mailgun and transport it locally.
You need to create multiple instances of Postfix where one instance will relay all mails to Mailgun without local delivery and second instance will listen 25 port for income mail and will deliver it to virtual boxes.
Explanation of this solution You can find there: http://www.postfix.org/MULTI_INSTANCE_README.html
Mailgun is one of many Mail Relay service mostly used to relay mails to outside networks. Mail relay is the process of transferring an email from one server to another for delivery. For example, if you work for Company A and send an email to someone at Company B, you connect to your company's SMTP server which then relays your email to the server owned by Company B.
To send mail on same network you do not need a relayhost. Mails here are deliver locally by postfix to other user's account. Local mails depend on "myorigin" "mydestination" mynetworks" settings in main.cf. The following mailhost configuration is an example which will make things clear to you.
/etc/postfix/main.cf:
myorigin = $mydomain
mydestination = $myhostname localhost.$mydomain localhost $mydomain
mynetworks = 127.0.0.0/8 10.0.0.0/24
relayhost = [smtp.mailgun.org]:587
# Optional: forward all non-local mail to firewall
#relayhost = [firewall.example.com]
You can find more information in following link
Postfix Standard Configuration Examples

Django+Angular CORS not working with POST

My Angular4 app (running on http://127.0.0.1:4200 development server) is supposed to access a django REST backend on the web. The backend is under my control and is available only via HTTPS (running Apache that tunnels the request to a gunicorn server running on an internal port). Let's say that this is https://example.com/. For historical reasons, logging the user in is done using sessions, because I want the users to be able to also use Django's admin interface after they logged in. The workflow is as follows:
Users opens http://127.0.0.1:4200, I perform a GET request to https://example.com/REST/is_logged_in which returns a 403 when the user isn't logged in via sessions yet, 200 otherwise. In the former case, the user is redirected to https://example.com/login/, rendered by Django's template engine, allowing the user to log in. Once logged in, the user is redirected to http://127.0.0.1:4200
When clicking on some button in my Angular UI, a POST request is performed. This post request fails with 403, even though the preflight OPTIONS request explicitly lists POST as allowed actions.
Here is my CORS configuration in Django:
NG_APP_ABSOLUTE_URL = 'http://127.0.0.1:4200'
# adapt Django's to Angular's presumed XSRF cookie/header names
CSRF_COOKIE_NAME = "XSRF-TOKEN"
CSRF_HEADER_NAME = "HTTP_X_XSRF_TOKEN"
CORS_ORIGIN_WHITELIST = (
urlparse(NG_APP_ABSOLUTE_URL).netloc
)
CSRF_TRUSTED_ORIGINS = (
urlparse(NG_APP_ABSOLUTE_URL).netloc
)
CORS_ALLOW_HEADERS = default_headers + (
'x-xsrf-token',
)
CORS_ALLOW_CREDENTIALS = True
This is what Chrome reports for the (successful, 200) first REST GET request to check whether the user is logged in (after he successfully did) in the response:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://127.0.0.1:4200
Allow:GET, HEAD, OPTIONS
Connection:close
Content-Type:application/json
Date:Wed, 26 Apr 2017 15:09:26 GMT
Server:gunicorn/19.6.0
Set-Cookie:XSRF-TOKEN=...; expires=Wed, 25-Apr-2018 15:09:26 GMT; Max-Age=31449600; Path=/
Transfer-Encoding:chunked
Vary:Accept,Cookie,Origin
X-Frame-Options:SAMEORIGIN
The corresponding request had this:
Cookie:sessionid=...; XSRF-TOKEN=...
Host:example.com
Origin:http://127.0.0.1:4200
Referer:http://127.0.0.1:4200/
Now, to the actual problem:
Preflight request:
Request URL:https://example.com/REST/change_user_data/
Request Method:OPTIONS
Status Code:200 OK
Access-Control-Request-Headers:content-type
Access-Control-Request-Method:POST
Connection:keep-alive
Host:example.com
Origin:http://127.0.0.1:4200
Referer:http://127.0.0.1:4200/dashboard/account
Preflight response:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, x-xsrf-token
Access-Control-Allow-Methods:DELETE, GET, OPTIONS, PATCH, POST, PUT
Access-Control-Allow-Origin:http://127.0.0.1:4200
Access-Control-Max-Age:86400
Connection:close
Content-Length:0
Content-Type:text/html; charset=utf-8
Date:Wed, 26 Apr 2017 15:36:56 GMT
Server:gunicorn/19.6.0
Vary:Origin
X-Frame-Options:SAMEORIGIN
Now my failing (403) POST request:
Accept:application/json
Accept-Encoding:gzip, deflate, br
Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
Connection:keep-alive
Content-Length:60
Content-Type:application/json
Cookie:sessionid=...; XSRF-TOKEN=...
Host:example.com
Origin:http://127.0.0.1:4200
Referer:http://127.0.0.1:4200/dashboard/account
The response headers:
HTTP/1.1 403 Forbidden
Date: Wed, 26 Apr 2017 15:36:56 GMT
Server: gunicorn/19.6.0
Vary: Accept,Cookie,Origin
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Credentials: true
Allow: POST, OPTIONS
Access-Control-Allow-Origin: http://127.0.0.1:4200
Set-Cookie: XSRF-TOKEN=...; expires=Wed, 25-Apr-2018 15:36:56 GMT; Max-Age=31449600; Path=/
Connection: close
Transfer-Encoding: chunked
Why wouldn't this request work? It makes little sense to me!
Best regards!
I had the same problem, trying to send a POST request to Django (port 8000) from my Angular CLI (port 4200). I thought it was a problem of Django so I installed cors package however the "problem" is with the browser (actually is not a problem, it is a security issue, see here). Anyway, I solved the problem adding a proxy rule for my Angular CLI, as follows:
First, instead of sending my requests to http://localhost:8000/api/... is send them to /api/ (i.e. to my ng server running at port 4200).
Then I added a file in my Angular project called "proxy.conf.json" with the following content:
{
"/api": {
"target": "http://localhost:8000",
"secure": false
}
}
Finally, run your ng server with the flag "--proxy-config":
ng serve --watch --proxy-config proxy.conf.json
All API requests will be sent to the port 4200 and Angular will internally redirect them to Django, avoiding the CORS problem.
Note that this is only valid for development and won't be used when you build your app code and add it as the static code of your Django server.
Finally, with this solution I didn't need anymore the python module for cors so you could remove it.

HTTP/1.1 401 Unauthorized in Response Headers in Load runner for GET Requests

I am new to Load runner , Am facing am issue while play back of the script
LR 12.50
O.S Windows 7 SP2
Protocol is Mobile HTTP/HTML
Recording mode is Proxy
Let me explain my scenario
While executing following function:
web_custom_request("authenticate",
"URL=https://ws-xx.xxx.com/tcs/rest/authenticate?include=user,company",
"Method=POST",
"Resource=0",
"RecContentType=application/json",
"Referer=",
"Snapshot=t1.inf",
"Mode=HTTP",
"EncType=application/json",
"Body={\"password\":\"xxx\",\"username\":\"xxx\",\"version\":\"1.0.40\"}",
LAST);
For the above POST method , am getting response as below
HTTP/1.1 200 OK\r\n
Date: Tue, 13 Oct 2015 19:19:21 GMT\r\n
Server: Apache-Coyote/1.1\r\n
Content-Type: application/json\r\n
Set-Cookie: dtCookie=DBE9311E44E5C47902702DC762030583|TXlBcHB8MQ; Path=/;
Domain=.xxx.com\r\n
Connection: close\r\n
Transfer-Encoding: chunked\r\n
Which is fine ,Now the second custom request is shown below
web_custom_request("profiles",
"URL=https://ws-test.xxx.com/tcs/rest/profiles",
"Method=GET",
"Resource=1",
"RecContentType=application/json",
"Referer=",
"Snapshot=t2.inf",
LAST);
For the above GET requests in the replay logs am getting:
401 unauthorized error.
GET /tcs/rest/profiles HTTP/1.1\r\n
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT)\r\n
Accept: */*\r\n
Connection: Keep-Alive\r\n
Host: ws-test.xxx.com\r\n
Cookie: dtCookie=DBE9311E44E5C47902702DC762030583|TXlBcHB8MQ\r\n
\r\n
t=5921ms: 172-byte response headers for "https://ws-test.xxx.com/tcs/rest/profiles" (RelFrameId=1, Internal ID=2)
HTTP/1.1 401 Unauthorized\r\n
Date: Tue, 13 Oct 2015 19:19:22 GMT\r\n
Server: Apache-Coyote/1.1\r\n
Content-Type: application/json\r\n
Connection: close\r\n
Transfer-Encoding: chunked\r\n
\r\n
t=5922ms: 4-byte chunked response overhead for "https://ws-test.xxx.com/tcs/rest/profiles" (RelFrameId=1, Internal ID=2)
8b\r\n
t=5923ms: 139-byte chunked response body for "https://ws-test.xxx.com/tcs/rest/profiles" (RelFrameId=1, Internal ID=2)
{"errors":[{"message":"Authentication required to access endpoint","status":"401","code":"
NotAuthenticated","header":"Not Authenticated"}]}
I refereed this link.
My understanding from the above custom request , login is success but the next
subsequent requests are getting failed.
I have used web_cleanup_cookies() function but didn't solve the issue .
I tried to capture the Cookie ID using the below function
web_reg_save_param("COOKIE_ID",
"LR= Cookie: dtCookie=" ,
"RB= |TXlBcHB8MQ\r\n",
"Ord=All",
"RelFrameId=1",
"Search=All",
LAST);
web_add_header("Cookie",lr_eval_string("{COOKIE_ID}"));
Now question is where to place parameter "COOKIE_ID" in my script while there is
no value in script for COOKIE_ID?
How to handle this issue ? Can anybody please help me .
Please add below headers to the script
web_set_sockets_option("SSL_VERSION","TLS");
web_set_user("username", "password", "domain:portno" );
web_set_sockets_option("INITIAL_BASIC_AUTH","1");
In Vugen, Select snapshot view and compare both record and replay requests, suspecting there might be a missing of header in replay request.
If cookie is the only thing changing you can add it by using web_add_cookie function.

django-paypal: IPN requests are always INVALID

I'm using dcramer's fork of django-paypal, but I always encounter an invalid IPN while working with my sandbox accounts.
I receive the following IPN:
Invalid postback. (INVALID)
I tried everything that showed up on google:
checked seller & buyer emails
sandbox accounts are both verified
I use form.sandbox to render the paypal form
tried removing custom values
there is no non-ascii character in the request
When manually checking the request with https://www.sandbox.paypal.com/cgi-bin/webscr, I also get INVALID.
Did someone encounter this issue ? Is there any more-verbose page to validate ipn requests ?
Yes, I also get errors on post-back starting yesterday (18 June):
Opened POST Back Socket to PayPal.
PayPal Post Back returns HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 216
Expires: Mon, 18 Jun 2012 22:18:00 GMT
Date: Mon, 18 Jun 2012 22:18:00 GMT
Connection: close
<HTML><HEAD>
<TITLE>Invalid URL</TITLE>
</HEAD><BODY>
<H1>Invalid URL</H1>
The requested URL "/cgi-bin/webscr", is invalid.<p>
....
</BODY></HTML>
: not handled.
I use my own IPN integration. It tries to handle all replies from PayPal, which is why I get the last message (: not handled.) I made a package upgrade yesterday, so I'm not quite sure it is a PayPal problem though.