By: Pawel Pietrzynski named 16 Apr 2019 at 11:01 a.m. CDT

9 Responses
Pawel Pietrzynski gravatar
The tested use-case is the forgot password flow with a valid user that works with a mail server that requires credentials. The issue is around mail servers/relays that do not require authentication. ## Expected behaviour In Organization Coniguration -> SMTP Server Configuration an SMTP server "smtp.mylocalserver" is set without authentication or TLS/SSL and using port 25. The use case is a local SMTP relay that goes to the mail server. When an email is sent from GLUU, it connects over port 25 to the "smtp.mylocalserver" email server address to send the email. ## Actual behaviour In Organization Coniguration -> SMTP Server Configuration I setup the mail server or relay. When sending an email (Forget my password use-case) it looks like GLUU asks the DNS for an MX record of the target email domain (so if I have a gluu_user@gmail.com address it will look for GOOGLE.COM MX record) and try to send directly there, acting as the mail server. The network traffic never hits "smtp.mylocalserver" but instead "google .com" when trying to send. When authentication is turned on, GLUU instead goes to "smtp.mylocalserver" to send like it should, instead of acting like a mail server and trying to send directly to the email target domain.

By Mohib Zico staff 17 Apr 2019 at 11:38 a.m. CDT

Mohib Zico gravatar
Seems like need to do a quick QA...

By Sahil Arora user 22 Apr 2019 at 6:39 p.m. CDT

Sahil Arora gravatar
I am working on it, setting up 3.1.6 locally to reproduce this.

By Mohib Zico staff 30 May 2019 at 9:58 a.m. CDT

Mohib Zico gravatar
@Sahil.Arora: what's the status?

By Mohib Zico staff 06 Jun 2019 at 12:31 p.m. CDT

Mohib Zico gravatar
Hi Pawel, Unfortunately, we don't have any setup like the environment you mentioned ( SMTP server without authentication requirement ) and it seems like testing this scenario will burn too much oil, IMHO... we have to setup SMTP server. Do you think you can give access to your SMTP server which require no authentication? We will be able to connect our 3.1.6 to that and test.

By Pawel Pietrzynski named 06 Jun 2019 at 1:37 p.m. CDT

Pawel Pietrzynski gravatar
Unfortunately it is an internal client, however I can send you any logs or update binaries with debug versions since there is a development environment that is affected.

By Mohib Zico staff 06 Jun 2019 at 1:44 p.m. CDT

Mohib Zico gravatar
Yes, DEBUG oxTrust log would be a good starting point as well...

By Pawel Pietrzynski named 18 Jun 2019 at 3:34 p.m. CDT

Pawel Pietrzynski gravatar
Will get back to this issue soon, since we have a workaround this is lower priority atm, sorry

By Julien Chezeaux user 29 Jun 2020 at 3:36 p.m. CDT

Julien Chezeaux gravatar
Hello, I think I'm facing the same issue than Pawel. With authentication disabled, I can see in oxtrust log that it tries to connect to localhost instead of the host provided. Here a log excerpt: ``` 2020-06-29 20:10:41,046 ERROR [qtp1818402158-15] [org.gluu.service.MailService] (MailService.java:141) - Failed to send message javax.mail.MessagingException: Could not connect to SMTP host: localhost, port: 25 ``` However, there is an additional issue. When I enable the authentication, I get another error: ``` 2020-06-29 20:11:23,624 ERROR [qtp1818402158-2460] [org.gluu.service.MailService] (MailService.java:141) - Failed to send message javax.mail.SendFailedException: Invalid Addresses ``` I get this error in 2 cases: - Using an IP address instead of a host name - Using a not-qualified hostname (i.e. "postifx"), reachable from the local network I don't have this error when setting a valid FQDN. I am using docker to dynamically resolve the names, so I don't have a valid FQDN as reachable SMTP server. I am using oxtrust docker image version 4.1.1_04. I can provide full log if needed.

By Julien Chezeaux user 30 Jun 2020 at 12:24 p.m. CDT

Julien Chezeaux gravatar
Quick update: today I am able to use a hostname like "postfix" without problem (when enabling authentication). Also, I had to use "implicite TLS" on port 465 instead of STARTTLS on port 587 (my email server is configured to only accept encrypted connection). So I'll keep it this way. Thanks.