Unable to send email from mailsend

cliffordanup · September 17, 2020, 4:17pm

Hi,

I'm trying to send an email with the following command and I get an error about some wrong ssl version, not sure what is wrong.

root@OpenWrt_Netgear_R6220:~# mailsend -f "xyz@hotmail.com" -t "xyz@hotmail.com" -ssl -user "xyz@hotmail.com" -pass 'abcdefghijklmnop' -smtp 'smtp-mail.outlook.com' -sub "Test Email from OpenWrt" -msg-body "Test Email from OpenWrt"
Error: turn_on_raw_ssl: SSL connection failed

2012839556:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332:
Error: Expected smtp code 220, got 0

Could not send mail

I installed mailsend with ssl package of course and it has all the necessary dependencies and it still doesn't work.

I believe openssl got installed and configured for use with nginx for the luci web interface for https connections, not sure, if this installation of openssl has somehow messed up something for mailsend, or it's not able to reference it properly.

lleachii · September 17, 2020, 11:22pm

That sounds correct, it seems you've installed 2 encryption packages.

cliffordanup · September 18, 2020, 2:57am

This is what I have installed, I removed nginx, removed all openssl stuff and even removed mailsend and reinstalled just luci-ssl-openssl and reinstalled mailsend, same result.

root@OpenWrt_Netgear_R6220:~# opkg list-installed | egrep "ssl|luci|mailsend"
liblucihttp-lua - 2019-07-05-a34a17d5-1
liblucihttp0 - 2019-07-05-a34a17d5-1
libopenssl-conf - 1.1.1g-1
libopenssl1.1 - 1.1.1g-1
libustream-openssl20150806 - 2020-03-13-40b563b1-1
luci - git-20.247.75781-0d0ab01-1
luci-app-firewall - git-20.247.75781-0d0ab01-1
luci-app-nlbwmon - git-20.260.30581-915a64c-1
luci-app-opkg - git-20.247.75781-0d0ab01-1
luci-base - git-20.247.75781-0d0ab01-1
luci-compat - git-20.247.75781-0d0ab01-1
luci-lib-ip - git-20.247.75781-0d0ab01-1
luci-lib-jsonc - git-20.247.75781-0d0ab01-1
luci-lib-nixio - git-20.247.75781-0d0ab01-1
luci-mod-admin-full - git-20.247.75781-0d0ab01-1
luci-mod-network - git-20.247.75781-0d0ab01-1
luci-mod-status - git-20.247.75781-0d0ab01-1
luci-mod-system - git-20.247.75781-0d0ab01-1
luci-proto-ipv6 - git-20.247.75781-0d0ab01-1
luci-proto-ppp - git-20.247.75781-0d0ab01-1
luci-ssl-openssl - git-20.260.30581-915a64c-1
luci-theme-bootstrap - git-20.247.75781-0d0ab01-1
mailsend - 1.19-2
openssl-util - 1.1.1g-1
rpcd-mod-luci - 20191114
uwsgi-luci-support - 2.0.18-1
root@OpenWrt_Netgear_R6220:~#

hnyman · September 18, 2020, 3:11am

Could it be missing SSL certificates? Have you installed ca-bundle cr ca-certificates?

cliffordanup · September 18, 2020, 3:13am

Maybe, I never saw mailsend generating any self-signed certificate and key for itself. Luci on the other hand did generate it's own certificate and key and is working fine over https.

How do I generate and install one for mailsend?

hnyman · September 18, 2020, 3:28am

No, the certificates are for checking the validity of the opposite side, the server.

SSL certificate is usually validated when the connection is initiated. And some tools like wget refuse connection if you can't verify certificates (unless you override that with --no-check-certificate option)

cliffordanup · September 18, 2020, 4:39am

I just sent as email to the same SMTP server using Powershell on my laptop, works fine, clearly a problem with the client (mailsend) being unable to use SSL for encryption.

Speaking of expired certificates, it appears that forum.openwrt.org SSL certificate from Let's Encrypt has expired today...

lleachii · September 18, 2020, 6:53am

Correct. That has been explained to you already. So did you install the CAs to the fix the problem?

(You do realize all clients, including the ones on your Windows machine, need this installed to work, correct?)

I'm completely lost at your self-signed cert post; and think you missed importation information in the posts about the CA cert bundle.

cliffordanup · September 18, 2020, 7:28am

I followed the instructions in the article to simply install mailsend as per the following KB,

https://openwrt.org/docs/guide-user/services/email/smtp.client

The article didn't mention of installing the ca-bundle and cr-certificates anywhere, so I definitely missed installing those.

Just to be sure, are we talking about the packages in the following links to be installed?

https://openwrt.org/packages/pkgdata/ca-bundle
https://openwrt.org/packages/pkgdata/ca-certificates

hnyman · September 18, 2020, 7:51am

Yes.

You can install one of them or both of them. (Not sure if sendmail itself requires anything, or does openssl lib handle all)

opkg update
opkg install ca-bundle
opkg install ca-certificates

cliffordanup · September 18, 2020, 8:01am

Tried installing both and removed mailsend, rebooted the router and reinstalled mailsend after reboot, still the same error.

root@OpenWrt_Netgear_R6220:~# opkg list-installed | egrep "ca-bundle|ca-certificates|mailsend|ssl"
ca-bundle - 20200601-1
ca-certificates - 20200601-1
libopenssl-conf - 1.1.1g-1
libopenssl1.1 - 1.1.1g-1
libustream-openssl20150806 - 2020-03-13-40b563b1-1
luci-ssl-openssl - git-20.260.30581-915a64c-1
mailsend - 1.19-2
openssl-util - 1.1.1g-1
root@OpenWrt_Netgear_R6220:~#

hnyman · September 18, 2020, 8:06am

cliffordanup:

Error: turn_on_raw_ssl: SSL connection failed

2012839556:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332:
Error: Expected smtp code 220, got 0

Other part is then that something is incompatible with the server.
Wrong SSL&TLS version? server requried SSL1 that has been disabled in openssl?
Or something like that.

You might also google for that error you earlier received:
https://www.google.com/search?q=Error%3A+Expected+smtp+code+220%2C+got+0

cliffordanup · September 18, 2020, 8:11am

If I use -starttls instead of -ssl, then I get the following message:

Error: MAIL FROM failed: '530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM [MAXPR0101CA0011.INDPRD01.PROD.OUTLOOK.COM]'
Could not send mail

The SMTP Server Info is as follows:

root@OpenWrt_Netgear_R6220:~# mailsend -into -smtp 'smtp-mail.outlook.com'
Connecting to SMTP server: smtp-mail.outlook.com at Port: 25
Connection timeout: 5 secs
Will detect IPv4 or IPv6 automatically
[S] 220 SGBP274CA0004.outlook.office365.com Microsoft ESMTP MAIL Service ready at Fri, 18 Sep 2020 08:07:41 +0000
[C] EHLO localhost
[S] 250-SGBP274CA0004.outlook.office365.com Hello [x.x.x.x]
[S] 250-SIZE 157286400
[S] 250-PIPELINING
[S] 250-DSN
[S] 250-ENHANCEDSTATUSCODES
[S] 250-STARTTLS
[S] 250-8BITMIME
[S] 250-BINARYMIME
[S] 250-CHUNKING
[S] 250 SMTPUTF8
[C] STARTTLS
[S] 220 2.0.0 SMTP server ready
Cipher: ECDHE-RSA-AES256-GCM-SHA384
Certificate information:
Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=outlook.com
Issuer: /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G3
[C] EHLO localhost
[S] 250-SGBP274CA0004.outlook.office365.com Hello [x.x.x.x]
[S] 250-SIZE 157286400
[S] 250-PIPELINING
[S] 250-DSN
[S] 250-ENHANCEDSTATUSCODES
[S] 250-AUTH LOGIN XOAUTH2
[S] 250-8BITMIME
[S] 250-BINARYMIME
[S] 250-CHUNKING
[S] 250 SMTPUTF8
[C] QUIT
[S] 221 2.0.0 Service closing transmission channel

cliffordanup · September 18, 2020, 8:19am

I get a similar message when I use Google's SMTP smtp.gmail.com at port 587:

Error: MAIL FROM failed: '530 5.7.0 Authentication Required. Learn more at'
Could not send mail

lleachii · September 18, 2020, 8:27am

Is this a clue to your current issue...?

Have you verified the provider allows such connections; and that you've enabled it for your email account?

I know gmail requires this setting to be enabled for third-party email software...if it's still possible...some other free (older) email providers are discontinuing the ability to use other clients soon; or moving to a one-time password per login session based authentication...

cliffordanup · September 18, 2020, 8:32am

Yes, I'm using an App password which I just got a fresh one from Gmail. I just used the same App Password in PowerShell, and I did receive the email.

lleachii · September 18, 2020, 8:37am

Please show the full command and output please (please obscure the From/To emails and password), as your last post does not show what you entered
Please show the corresponding PowerShell command (again, please obscure the From/To emails and password)
Is the Windows machine and the router using the same ISP connection?

Also, was there more information after this?

cliffordanup · September 18, 2020, 8:44am

Here is the command and output from OpenWrt:

root@OpenWrt_Netgear_R6220:~# mailsend -f "xyz@gmail.com" -t "xyz@gmail.com" -user "xyz@gmail.com" -pass 'abcdefghijklmnop' -smtp 'smtp.gmail.com' -port 587 -ssl -sub "Test Email from OpenWrt" -msg-body "Test E
mail from OpenWrt"
Error: turn_on_raw_ssl: SSL connection failed

2012372612:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332:
Error: Expected smtp code 220, got 0

Could not send mail
root@OpenWrt_Netgear_R6220:~# mailsend -f "xyz@gmail.com" -t "xyz@gmail.com" -user "xyz@gmail.com" -pass 'abcdefghijklmnop' -smtp 'smtp.gmail.com' -port 587 -starttls -sub "Test Email from OpenWrt" -msg-body "T
est Email from OpenWrt"
Error: MAIL FROM failed: '530 5.7.0 Authentication Required. Learn more at'
Could not send mail
root@OpenWrt_Netgear_R6220:~#

Here is the command and output from PowerShell:

PS C:\Users\cliff> Send-MailMessage -Credential (Get-StoredCredential -Target Gmail) -From xyz@gmail.com -To xyz@gmail.com -Subject "PowerShell Test" -Body "PowerShell Test" -SmtpServer smtp.gmail.com -UseSsl
PS C:\Users\cliff>

cliffordanup · September 18, 2020, 8:48am

Got it to work, I need to use an additional parameter -auth-login along with the -user and -pass parameters...

trendy · September 18, 2020, 9:14am

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.