I am trying to set up SMTP for my RC instance. To do this, I have entered the credentials for a mail account. RC needs to log in at port 587. When I try to send a test email, I get the error message from the topic of this thread.
So how do I get RC to issue a STARTTLS command when it logs in to the mail account? (I am running various other servers and they all log in fine - just RC is acting up.
I use it successfully for gitlab, onlyoffice, bitwarden, friendica and nextcloud.
They all allow to turn off checking the counterparty’s ssl certificate - which is necessary in my case, as they connect directly to the mail server (on its local IP) instead of via the reverse proxy (which terminates SSL for web access). (I do copy over the reverse proxy’s SSL certificate into the mail server.)
Not sure, if “IgnoreTLS” is supposed to do the same. In any case, it doesn’t work for me.
Happy to try, but before I start I want to make sure I understand exactly what you want me to do here:
Should I do what the poster in this other thread did (and what did not work for him)? That is install ca-certificates and copy the self sign certificate authority certificate into the rocket chat docker container?
The certificate I am using is not a self signed certificate. It is a proper certificate that my reverse proxy obtains from let’s encrypt (but which, therefore, resides on the proxy and which I then copy over to my mail server).
So, it shouldn’t be necessary to save the let’s encrypt (intermediate) certificate in rocket chat, as it should already be trusted system-wide, right?
Or did I misunderstand and it is something else you want me to try?
So, I just tried and copied the cert file to /usr/share/ca-certificates and ran update-ca-certificates (just to be clear: I set up Rocket.Chat under Docker (via docker-compose) and I copied the certificate to the path mentioned on the host (not into the Rocket.Chat container).
Unfortunately, no change in outcome:
Without “IgnoreTLS”: Can’t verify the first certificate
With “IgnoreTLS”: Musst issue a STARTTLS command first
So it seems the only solution for me would be to have the option to skip verifying the SSL certificate. Any chance to get this implemented (or is it maybe even there, undocumented)?
ah, I see. So the setting is there, just not accessible through the settings page.
Unfortunately, it did not work: I used OVERWRITE_SETTINGS_MAIL_URL=smtp://user:password@smtp_server:smtp_port&secure= false &ignoreTLS=false (because I need TLS, just not the verification of the certificate) and restarted everything.
But the outcome is the same as before: unable to verfiy the first certificate
How can I be sure the settings override went through? On the settings page it is not reflected. Can I check somewhere which settings are actually employed?
Just to be sure: “user:password@smpt_server” I translated to “firstname.lastname@example.org:password@smtp_server” which looks odd to me due to the two “@”. Is that the correct way? And the password ends on a “#” - might that cause a problem?
And when I create the issue, I am supposed to describe the expected outcome. Is part of the expected outcome that the settings supplied via the environment be reflected on the settings page or is it okay that they don’t show up there (and the expected outcome would only be that the mail gets sent out?
I had copied the “OVERWRITE_SETTINGS_…” from another setting in my environment (that is associated with another feature that does not work yet - and this might explain why).
However, also with “OVERWRITE_SETTING_…” the settings do not propagate to the admin page (I stopped and removed the rocketchat container and created a new one but when navigating to the admin page I still find the old settings that do not reflect the OVERWRITE-SETTINGS…
I just set up Rocket.Chat completely new (wanted to do this for a while anyway).
So completely fresh install (with docker-compose).
I put the MAIL_URL in the environment section (this time without OVERWRITE_SETTINGS, as this is the first start). No part of the smtp setting showed up in the admin page… It’s all empty.
So now I am wondering whether there might be a problem with the environment variables (not) getting translated into actual settings (which would also explain why I can’t switch off certificate checking).
I am not familiar with JS, but the code above does not seem to contain a switch for disabling the verification of certificates. “secure” seems to be set to “false”, if I choose “smtp” as my protocol (and I assume that if I choose “smpts”, some other code would set “secure” to “true”). But that would seem to be unrelated to the verification of SSL certificates (but I may be mistaken).
And no, I was not able to get this thing to work (the way I want it to).
As a workaround I installed msmtp on the docker host and configured it to talk to my mail server and to not verify my mail server’s certificate. Then I configured RC to send emails via localhost (so that it talks to msmtp). That works but I would much rather get RC to directly talk to my mail server…