Anonymous SMTP fails with server mismatch

(Adding spaces in FQDN’s because new users can only put two links)

Hi, new user, trying to switch from Duplicati on Unraid to Duplicacy (Duplicati hangs forever during backup to B2, unable to resolve).
I am using the saspus/duplicity-web docker on Unraid.
I got my fist backup to B2 working, now trying to add SMTP support to the schedule.

I run an anonymous SMTP to GMail relay in a docker container, I use this for many services in my network.
The server is configured as “smtp . home . insanegenius . net : 25”.

When I try to test sending an email I get this error:

Failed to send the email: x509: certificate is valid for afef2623e56c, not smtp . home . insanegenius . net

If I only use “smtp . home . insanegenius . net”, I get this error:

Failed to send the email: dial tcp: address smtp . home . insanegenius . net: missing port in address

If I specify “smtp://smtp . home . insanegenius . net:25”, I get this error:

Failed to send the email: dial tcp: address smtp://smtp . home . insanegenius . net:25: too many colons in address

If I specify “smtp://smtp. home. insanegenius. net”, I get this error:

Failed to send the email: dial tcp: address tcp///smtp. home. insanegenius. net: unknown port

How do I specify the server and use SMTP on port 25 with no authentication required?

Currently the authentication is required. That is, you must provide a username and a password. I think smtp.home.insanegenius.net:25, but not sure if the x509 certificate error was caused by the authentication.

I used smtp.home.insanegenius.net:25, and I added a dummy username and password, and I get:

Failed to send the email: x509: certificate is valid for afef2623e56c, not smtp.home.insanegenius.net

How do I proceed to get email working using anonymous vanilla SMPT?

Version 1.1.0 now supports anonymous SMTP login.

How do I configure?

I still get:
Failed to send the email: x509: certificate is valid for afef2623e56c, not smtp.home.insanegenius.net

That is a certificate issue. As the message says, you’re connecting smtp.home.insanegenius.net, but the SMTP server there returns a certificate granted to afef2623e56c.

I use anonymous SMTP, not SMTPS, there should not be a certificate error.
How do I use SMTP?

As stated before, if I enter “smtp://smtp.home.insanegenius.net:25” I get:
Failed to send the email: dial tcp: address smtp://smtp.home.insanegenius.net:25: too many colons in address

Your SMTP server allows SMTPS connections, so Duplicacy goes for SMTPS. If you disable SMTPS in your SMTP server Duplicacy will try SMTP only.

So are you saying there is no way to specify SMTP on port 25?

Your SMTP server listens on port 25, so it is accepting SMTP connections on port 25. But your SMTP server is also configured to accept the STARTTLS command, and that is why Duplicacy starts upgrading to SSL/TLS. Your SMTP server then returns a certificate issued to afef2623e56c, which is different than the host name smtp.home.insanegenius.net.

Other programs may work with your SMPT by ignoring the certificate error, but I think Duplicacy does the right thing by refusing to connect to it. I do not want to add an option to ignore such certificate error.

3 Likes

The mail relay is only configured for SMTP, it is not configured for SMTPS TLS or SMTPS SSL.
The problem seems to be the code is guessing the protocol, and when STARTTLS fails, it gives up instead of trying vanilla SMTP.

This would be similar to a web server being correctly configured for HTTP, but e.g. the SSL cert for HTTPS points to a different FQDN, and a client is told to use HTTP, but the client ignores the configuration, uses HTTPS, gets a cert error, and fails, when it should have used HTTP as it was told in configuration.

The other clients on my network are not ignoring the error, they are using SMTP as I configured them, they are not ignoring the configuration and trying to use SMTPS when I told them to use SMTP.

Please add support for specifying the protocol and port to use, e.g. SMTP / SMTPS SSL / SMTPS TLS, or a secure option, or anything that looks like like the 99% of mail client configurations out there.
Or keep guessing protocols until one of them work, don’t stop when one fails and there is more to try.

1 Like

The email client in Duplicacy sends EHLO to your SMTP server which responds with STARTTLS. The email client then goes ahead with the TLS handshake but your STMP server sends back a wrong certificate. If you don’t want to start TLS, don’t let your server respond with STARTTLS. Or you can simply fix the wrong certificate.

Or you can simply fix the wrong certificate.

Or you can simply fix the code to work like all the other SMTP clients on my network that has never had any such issues…

The code is not broken. This is from the standard Go library: go/smtp.go at 48c0cef6dc9e7c95edaffb261250f99732686466 · golang/go · GitHub

What you ask for is a new option to avoid the TLS negotiation at all, even when the server indicates a TLS upgrade is acceptable. I may be able to add this, but you’ll have to wait for the next release.

2 Likes

I have been unable to get email working with GSuite SMTP relay (smtp-relay.gmail.com) using IP authentication, anonymous login, and TLS. We probably need an option in the GUI to force TLS (instead of starttls) mode.

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.