We Keep Coding

Different server/IP - no more connection?

I'm using Mailgun through my local installation of Mautic. It used to connect correctly. Today however I got this error message: Unable to connect with TLS encryption Log data: ++ Starting Swift_SmtpTransport << 220-node6237.myfcloud.com ESMTP Exim 4.95 #2 Tue, 12 Apr 2022 13:38:14 +0000 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. >> EHLO dashboard.nsking.ee << 250-node6237.myfcloud.com Hello dashboard.nsking.ee [194.233.160.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP >> STARTTLS << 220 TLS go ahead !! Unable to connect with TLS encryption (code: 0) ++ Starting Swift_SmtpTransport << 220-node6237.myfcloud.com ESMTP Exim 4.95 #2 Tue, 12 Apr 2022 13:38:14 +0000 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. >> EHLO dashboard.nsking.ee << 250-node6237.myfcloud.com Hello dashboard.nsking.ee [194.233.160.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP >> STARTTLS << 220 TLS go ahead !! Unable to connect with TLS encryption (code: 0)
What is the cause of it? Keep in mind, nothing has changed in our installation except the server name and the IP.
I tried to change to SSL and I got this error:
Connection could not be established with host smtp.mailgun.org :stream_socket_client(): Peer certificate CN=node6237.myfcloud.com' did not match expected CN=smtp.mailgun.org' Log data: ++ Starting Swift_SmtpTransport !! Connection could not be established with host smtp.mailgun.org :stream_socket_client(): Peer certificate CN=node6237.myfcloud.com' did not match expected CN=smtp.mailgun.org' (code: 0)
++ Starting Swift_SmtpTransport !! Connection could not be established with host smtp.mailgun.org :stream_socket_client(): Peer certificate CN=node6237.myfcloud.com' did not match expected CN=smtp.mailgun.org' (code: 0)

Cannot send SMTP email from JBoss java app in Amazon EC2 instance: Could not convert socket to TLS

I'm running a java app in JBoss 6.4.0 in an Amazon Web Services red hat 8 EC2 instance.
When my app tries to send an email via javax.mail I'm getting an error "Could not convert socket to TLS".
I then coded up the AmazonSESSample.java sample program and tried it. I ran it in my EC2 instance outside JBoss and it ran successfully. (The AmazonSESSample program can be found here: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/examples-send-using-smtp.html)
Then I commented out the email code in my java app, and replaced it with the code in AmazonSESSample.java. When I run my java app with the AmazonSESSample code in JBoss I get the same error: "Could not convert socket to TLS". So the AmazonSESSample works fine outside JBoss, and gives an error when running inside JBoss.
Here is the AmazonSESSample code in my app. Can somebody help me fix the "Could not convert socket to TLS" error?:
public class AmazonSESSample {
private static final Logger logger = LogManager.getFormatterLogger("AmazonSESSample");
// Replace sender#example.com with your "From" address.
// This address must be verified.
static final String FROM = "email1#gmail.com";
static final String FROMNAME = "Steve";
// Replace recipient#example.com with a "To" address. If your account
// is still in the sandbox, this address must be verified.
static final String TO = "email2#gmail.com";
// Replace smtp_username with your Amazon SES SMTP user name.
static final String SMTP_USERNAME = "thisIsNotActualghijikl";
// Replace smtp_password with your Amazon SES SMTP password.
static final String SMTP_PASSWORD = "abcdefThisIsNotActual";
// Amazon SES SMTP host name. This example uses the US West (Oregon) region.
// See https://docs.aws.amazon.com/ses/latest/DeveloperGuide/regions.html#region-endpoints
// for more information.
static final String HOST = "email-smtp.us-east-2.amazonaws.com";
// The port you will connect to on the Amazon SES SMTP endpoint.
static final int PORT = 587;
static final String SUBJECT = "Amazon SES test (SMTP interface accessed using Java)";
static final String BODY = String.join(
System.getProperty("line.separator"),
"<h1>Amazon SES SMTP Email Test</h1>",
"<p>This email was sent with Amazon SES using the ",
"<a href='https://github.com/javaee/javamail'>Javamail Package</a>",
" for <a href='https://www.java.com'>Java</a>."
);
public int sendEmail(DisplayEmailMessage emailMessage) throws UnsupportedEncodingException, MessagingException {
// Create a Properties object to contain connection configuration information.
Properties props = System.getProperties();
props.put("mail.transport.protocol", "smtp");
props.put("mail.smtp.port", PORT);
props.put("mail.smtp.starttls.enable", "true");
props.put("mail.smtp.auth", "true");
// Create a Session object to represent a mail session with the specified properties.
Session session = Session.getDefaultInstance(props);
// Create a message with the specified information.
MimeMessage msg = new MimeMessage(session);
msg.setFrom(new InternetAddress(FROM, FROMNAME));
msg.setRecipient(Message.RecipientType.TO, new InternetAddress(TO));
msg.setSubject(SUBJECT);
msg.setContent(BODY, "text/html");
// Create a transport.
Transport transport = session.getTransport();
// Send the message.
try {
System.out.println("Sending...");
// Connect to Amazon SES using the SMTP username and password you specified above.
transport.connect(HOST, SMTP_USERNAME, SMTP_PASSWORD);
// Send the email.
transport.sendMessage(msg, msg.getAllRecipients());
System.out.println("Email sent!");
}
catch (Exception ex) {
System.out.println("The email was not sent.");
System.out.println("Error message: " + ex.getMessage());
}
finally {
// Close and terminate the connection.
transport.close();
}
return 0;
}
}
Here is the javamail debug output:
DEBUG: setDebug: JavaMail version 1.4.5.redhat-2
Sending email to 123#gmail.com
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]
Starting to connect at Sun Dec 26 13:14:23 UTC 2021 to email 123#gmail.com
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: trying to connect to host "smtp.dreamhost.com", port 587, isSSL false
220 pdx1-sub0-mail-a290.dreamhost.com ESMTP
DEBUG SMTP: connected to host "smtp.dreamhost.com", port: 587
EHLO ip-172-31-29-30.us-east-2.compute.internal
250-pdx1-sub0-mail-a290.dreamhost.com
250-PIPELINING
250-SIZE 40960000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 CHUNKING
DEBUG SMTP: Found extension "PIPELINING", arg ""
DEBUG SMTP: Found extension "SIZE", arg "40960000"
DEBUG SMTP: Found extension "ETRN", arg ""
DEBUG SMTP: Found extension "STARTTLS", arg ""
DEBUG SMTP: Found extension "AUTH", arg "PLAIN LOGIN"
DEBUG SMTP: Found extension "AUTH=PLAIN", arg "LOGIN"
DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""
DEBUG SMTP: Found extension "8BITMIME", arg ""
DEBUG SMTP: Found extension "CHUNKING", arg ""
STARTTLS
220 2.0.0 Ready to start TLS
MessagingException
javax.mail.MessagingException: Could not convert socket to TLS

I fixed this by upgrading my JBoss to 7.4.0.

Postfix: Mailgun not triggered within same domain

The Configs
We did the usual main.cf (postfix) relay/sasl entries:
# Amavisd + SpamAssassin + ClamAV
#
content_filter = smtp-amavis:[127.0.0.1]:10024
# Concurrency per recipient limit.
smtp-amavis_destination_recipient_limit = 1
relayhost = [smtp.mailgun.org]:587
smtp_tls_security_level = encrypt
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = static:login#domain.com:password
smtp_sasl_security_options = noanonymous
This actually works perfectly fine, and mail deliveries are properly logged under Mailgun too.
The Problem
If we send an email within our domain, it's not triggering Mailgun. Means: if JohnDoe#ourXYZDomain.com sends an email to JaneDoe#ourXYZDomain, it is delivered via postfix. If JohnDoe#ourXYZDomain.com sends an email to JohnDoe#someOtherDomain.com, it is delivered and logged via Mailgun smtp.
The Analysis
Mails within same domain are sent and no errors are thrown. When looking into header of received email, it shows that postfix didn't even bother using Mailgun. See localhost [127.0.0.1] in line 6:
Subject:test - 00:11
Contact photo
From johndoe#ourXYZDomain.com Date Mon 00:11
Return-Path: <johndoe#ourXYZDomain.com>
Delivered-To: janedoe#ourXYZDomain.com
Received: from mail.ourXYZDomain.com (localhost [127.0.0.1])
by mail.ourXYZDomain.com (Postfix) with ESMTP id 49KwDw97hggXdtN
for <janedoe#ourXYZDomain.com>; Sun, 10 May 2020 20:11:12 +0000 (UTC)
Authentication-Results: mail.ourXYZDomain.com (amavisd-new); dkim=pass
reason="pass (just generated, assumed good)"
header.d=ourXYZDomain.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=
ourXYZDomain.com; h=user-agent:message-id:subject:subject
:to:from:from:date:date:content-transfer-encoding:content-type
:content-type:mime-version; s=dkim; t=1589141471; x=1591733472;
bh=WonWKNs0MVBQ4Md9bT3TQ0-----=; b=1lp9qX-----YE
HQwrRVwjLjcPcP/jkjhgjghgfWisfODNZ5xHnQto5Xa
D6/Wj8fAEpwiu8uG5Ujhugz778gjNZ8UhFXtJf2aK
1B8iZembDuiIsjg6fKj6snRjA=
X-Virus-Scanned: amavisd-new at mail.ourXYZDomain.com
Received: from mail.ourXYZDomain.com ([127.0.0.1])
by mail.ourXYZDomain.com (mail.ourXYZDomain.com [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id xzds0121548c for <janedoe#ourXYZDomain.com>;
Sun, 10 May 2020 20:11:11 +0000 (UTC)
Received: from _ (localhost [127.0.0.1])
by mail.ourXYZDomain.com (Postfix) with ESMTPSA id 49KwDv54101252XdtL
for <janedoe#ourXYZDomain.com>; Sun, 10 May 2020 20:11:11 +0000 (UTC)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
format=flowed
Content-Transfer-Encoding: 7bit
Date: Mon, 11 May 2020 00:11:11 +0400
From: johndoe#ourXYZDomain.com
To: janedoe#ourXYZDomain.com
Subject: test - 00:11
Message-ID: <1003f6125a2ff654101214#ourXYZDomain.com>
X-Sender: johndoe#ourXYZDomain.com
We have no explanation for this behaviour. Maybe we missed something?
Thank you for any hint

When You send mail from one $mydomain virtual mailbox to another $mydomain virtual mailbox postfix will not relay it to Mailgun and transport it locally.
You need to create multiple instances of Postfix where one instance will relay all mails to Mailgun without local delivery and second instance will listen 25 port for income mail and will deliver it to virtual boxes.
Explanation of this solution You can find there: http://www.postfix.org/MULTI_INSTANCE_README.html

Mailgun is one of many Mail Relay service mostly used to relay mails to outside networks. Mail relay is the process of transferring an email from one server to another for delivery. For example, if you work for Company A and send an email to someone at Company B, you connect to your company's SMTP server which then relays your email to the server owned by Company B.
To send mail on same network you do not need a relayhost. Mails here are deliver locally by postfix to other user's account. Local mails depend on "myorigin" "mydestination" mynetworks" settings in main.cf. The following mailhost configuration is an example which will make things clear to you.
/etc/postfix/main.cf:
myorigin = $mydomain
mydestination = $myhostname localhost.$mydomain localhost $mydomain
mynetworks = 127.0.0.0/8 10.0.0.0/24
relayhost = [smtp.mailgun.org]:587
# Optional: forward all non-local mail to firewall
#relayhost = [firewall.example.com]
You can find more information in following link
Postfix Standard Configuration Examples

Betfair API'ing Certificate login using C++ boost SSL Sockets

Firstly, thanks for coming here. I'm trying to login with betfair using a certificate login using boost's ssl sockets however, once I send my http login POST, I receive the message CERT_AUTH_REQUIRED. On the betfair website it says this means "Certificate required or certificate present but could not authenticate with it".
I am able to connect, handshake and send/receive data. However, I just can't seem to login with my code. I've tested the exact certificates using curl without any problems.
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=IE; ST=Leinster; L=Dublin; O=Paddy Power Betfair Public Limi
ted Company; OU=IT Networks; CN=betfair.com
* start date: Sep 11 05:50:38 2018 GMT
* expire date: Sep 11 05:59:00 2020 GMT
* issuer: C=US; O=HydrantID (Avalanche Cloud Corporation); CN=HydrantID S
SL ICA G2
* SSL certificate verify result: self signed certificate in certificate c
hain (19), continuing anyway.
> POST /api/certlogin HTTP/1.1
> Host: identitysso-cert.betfair.com
> User-Agent: curl/7.46.0
> Accept: */*
> X-Application: AOxcQMZwVN3jOsLZ4
> Content-Length: 41
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 41 out of 41 bytes
< HTTP/1.1 200 OK
< Content-Type: text/plain;charset=ISO-8859-1
< Content-Length: 87
< Date: Wed, 06 Mar 2019 11:09:35 GMT
<
{"sessionToken":"ZFbyo3HeAh07UFTHzhhGjOyQFeX2MKdHHHHtAm2S7FXw=","loginStatus":"SU
CCESS"}* Connection #0 to host identitysso-cert.betfair.com left intact
I have further tested these certificates with python code that also works.
My C++ code is below. I've tried sending incorrect passwords which result in the status from server INVALID_USERNAME_OR_PASSWORD instead.
boost::asio::ssl::context ctx(boost::asio::ssl::context::tlsv12);
// load certificates
ctx.load_verify_file(cert_filename.c_str());
// ctx.use_private_key_file(private_filename.c_str(), boost::asio::ssl::context::pem);
ctx.use_rsa_private_key_file(private_filename.c_str(), boost::asio::ssl::context::pem);
mSocket.reset(new boost::asio::ssl::stream<tcp::socket>(mIoService, ctx));
mSocket->set_verify_mode(boost::asio::ssl::verify_peer);
mSocket->set_verify_callback(
boost::bind(&BetfairSession::VerifyCertificate, this, _1, _2));
tcp::resolver resolver(mIoService);
tcp::resolver::query query("identitysso-cert.betfair.com", port);
tcp::resolver::iterator endpointIter = resolver.resolve(query);
Many thanks in advance :)

I think you are confusing the client certificate and the CA List.
This:
ctx.load_verify_file(cert_filename.c_str());
Is loading a list of CA certificates to verify the server certificate against.
You can find a example of this list here:
http://curl.haxx.se/ca/cacert.pem
You also need to setup the certificate to use for the SSL connection, you do this with the "use_certificate_chain_file" method.
e.g.
ctx.use_certificate_chain_file(cert_filename.c_str());

using wsock32 to send email with gmail and startTLS

Hello and good evening to you,
This topic has been sort of a trouble to me and to many, suppose i want to send EMail in a C++ program to use smtp and StartTLS , what do i do, i culled a simple source code from google and i saw this code from here
http://www.drdobbs.com/sending-e-mail-using-smtp-and-winsock/184416591
now i want to use google mail and it uses authentication for smtp and also startTLS how do i do this
the sourcecode i saw looks like this
#pragma comment(lib, "wsock32.lib")
#include <windows.h>
#include "MailMessage.h"
int main(int argc, char **argv)
{
MailMessage mail("A Sender",
"someone#someplace.com",
"mail.someplace.com");
mail.To("A Recipient",
"you#yourplace.com");
mail.Subject("Sample message");
mail.Body("Plain text body",
"<HTML><BODY>\r\n"
" <H2>HTML Body</H2>\r\n"
"</BODY></HTML>""\r\n");
mail.Attach("C:\\Attach.txt");
const char *result =
mail.Send().data();
if (result[0] == '\0')
result = "Success";
MessageBox(NULL, result, "Result",
MB_ICONINFORMATION|MB_OK);
return 0;
}

After connecting to the server and issuing a EHLO (not HELO) command, if the server's reply includes the STARTTLS capability then you can issue a STARTTLS command at any time to create a secure session with the server. Upon receiving a successful STARTTLS reply, you need to send and complete an SSL/TLS handshake. Once the session has been created, you can continue sending your SMTP commands and receiving SMTP replies, starting with a new EHLO command (as the server's capabilities can change after the connection is secured). You have to encrypt your commands and decrypt the replies as you go. The communication would look like this (this example assumes an Application-Specific password has been configured in GMail if two-step verification is enabled):
S: 220 smtp.gmail.com ESMTP dg12sm55710335pac.47 - gsmtp
C: EHLO <hostname>
S: 250-smtp.gmail.com at your service, [<ip address>]
S: 250-SIZE 35882577
S: 250-8BITMIME
S: 250-STARTTLS
S: 250-ENHANCEDSTATUSCODES
S: 250-PIPELINING
S: 250-CHUNKING
S: 250 SMTPUTF8
C: STARTTLS
S: 220 2.0.0 Ready to start TLS
C/S: (Exchange SSL/TLS handshake)
C/S: (Everything from here on is now encrypted)
C: EHLO <hostname>
S: 250-smtp.gmail.com at your service, [<ip address>]
S: 250-SIZE 35882577
S: 250-8BITMIME
S: 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
S: 250-ENHANCEDSTATUSCODES
S: 250-PIPELINING
S: 250-CHUNKING
S: 250 SMTPUTF8
C: AUTH LOGIN
S: 334 VXNlcm5hbWU6
C: (Send base64 encoded username)
S: 334 UGFzc3dvcmQ6
C: (Send base64 encoded password)
S: 235 2.7.0 Accepted
C: (Send email as needed)
C: QUIT
S: 221 2.0.0 closing connection m1sm91929700pfi.27 - gsmtp
Now, how you actually handle the encryption is up to you. You can use a library like OpenSSL, or you can use Microsoft's Crypto/SChannel API. There are plenty of online tutorials and books on how to use them with sockets.