config sending email via SSL

Added by Mike S. over 9 years ago

Hello,
I just installed redmine and everything seems to be working except for delivery of email. (I don't need to receive email.) This is an intranet environment, so I have no access or control over the mail server (i.e., I can't change how it's configured nor see server logfiles).

The mail server requires SSL on port 465, using login via username/password (alternate settings do not work: i.e, can't use TLS or simple SMTP).

So, now I am trying to configure redmine to use SSL and port 465; but I can't find an actual example for this configuration. Any guidance would be very appreciated.

My current email.yml:

production:
  delivery_method: :smtp
  smtp_settings:
    address: 'mail.foo.com'
    port: 465
    domain: 'foo.com'
    authentication: :login
    user_name: 'me@foo.com'
    password: 'my.pass'

(Btw, I've also tried with any combination of the following, which unsurprisingly do not help...)

    tls: true
    enable_starttls_auto: :true

When clicking "send test email" via the admin "settings", the page hangs for a while and then reports:

An error occurred while sending mail (execution expired)

After enabling logging (config/environments/production.rb => commented out "config.action_mailer.logger = nil"), the log shows that my "to:" email address is correct, but I don't see any other errors or tips about what might be going wrong:

 Processing AdminController#test_email (for 10.148.126.22 at 2010-05-06 23:15:23) [GET]
 Parameters: {"action"=>"test_email", "controller"=>"admin"}
 Sending email notification to: me@foo.com
 Sent mail to 
 Redirected to http://redmine.foo.com:3000/settings/edit?tab=notifications
 Completed in 60247ms (DB: 2) | 302 Found [http://redmine.foo.com/admin/test_email]

(nb: Of course, I've done a little bit of string replacement in the snippets above: "me @ foo.com" replaces my valid email address, my redmine server is replaced by "redmine.foo.com", and the mail server is replaced by "mail.foo.com". These settings do work for me when sending email via thunderbird -- though, I should note that the email client is running on a different host -- the redmine server is headless).

Any additional trouble-shooting steps would be appreciated.

Btw, (and really, this is a separate question) -- I did try to configure redmine to use my gmail account instead of my intranet mail server; but my remine server is running behind a proxy. (I get a "connection refused" when attempting to send a test email.) Are there any docs on how to configure redmine to go through a proxy -- specifically, for email? I'd prefer to get email working with my intranet mail server, though. But some kind of email notification is necessary.

Many thanks in advance,
Mike

===========
Version info: I've checked-out the source (trunk), current as of r3733. CentOS 5.3 / 32-bit (a VM); mysql 5.0.77.

$ RAILS_ENV=production script/about 
About your application's environment
Ruby version              1.8.6 (i686-linux)
RubyGems version          1.3.6
Rack version              1.0
Rails version             2.3.5
Active Record version     2.3.5
Active Resource version   2.3.5
Action Mailer version     2.3.5
Active Support version    2.3.5
Application root          /home/web/redmine/source-co/redmine
Environment               production
Database adapter          mysql
Database schema version   20100313171051

Replies (10)

RE: config sending email via SSL - Added by Felix Schäfer over 9 years ago

I think you will need ruby 1.8.7, the ActionMailer (rails Mail sending framework) documentation states:

:enable_starttls_auto - When set to true, detects if STARTTLS is enabled in your SMTP server and starts to use it. It works only on Ruby >= 1.8.7 and Ruby >= 1.9. Default is true.

That should make it work with SSL (TLS is just the new name for it), and I think newer versions of ActionMailer don't even understand a tls option in the config, it seems to have been replaced with enable_starttls_auto.

A thing I also just noticed: the config should say enable_starttls_auto: true, not enable_starttls_auto: :true.

RE: config sending email via SSL - Added by Mike S. over 9 years ago

Thanks for the suggestions. I did try them, but still with no luck.

...Has anyone had success using SSL with email & Redmine, and have sample settings to post (from email.yml, and any other gem's or software that needs to be installed)?

A few notes / observations:
  • when testing with Thunderbird, I have observed the following (note this is from my Ubuntu laptop -- not the same server as running redmine (CentOS 5.4). But I'm using this to discover my mail server settings):
    • If I configure Thunderbird to use "SSL" and username/password on port 465, I can send mail from Thunderbird.
    • However, if I configure Thunderbird to use port 465 using "TLS" or "TLS, if available", I can not send email to the server. I know that "TLS" is the "new, improved" SSL, but as far as redmine & Thunderbird are concerned, I don't know what the difference might be. (The protocols are in fact slightly different: TLS initiates the conversation differently.)
  • My mail server is zimbra: and I can't actually check its settings other than by sending emails to it & see what works. (It's an intranet mail server.)
  • I also have Hudson ( http://hudson-ci.org , implemented in Java) running on the same server as redmine. From Hudson, I can send emails to this mail server. The Hudson settings are simple: username/password, smtp_authentication=yes, SSL=yes (that's it). No settings for domain or TLS or "startTLS", etc. So, network connectivity doesn't appear to be the issue... It must just be configuration of redmine.
  • There is a proxy required to access the internet, but the mail server is on the same side of the proxy as my redmine server. So I have checked that no proxy is enabled for redmine. (I.e., no env variables "*_proxy" are set.) But when updating/installing gem's online, I set the env var (and run as root): http_proxy=http://my-www.proxy.foo.com. When I run redmine, I'm running as a normal user, without the proxy setting.

Here's my current environment after installing ruby 1.8.7 and updating the gems...

$ RAILS_ENV=production script/about 
/usr/local/lib/ruby/gems/1.8/gems/rails-2.3.5/lib/rails/gem_dependency.rb:119:Warning: Gem::Dependency#version_requirements is deprecated and will be removed on or after August 2010.  Use #requirement
About your application's environment
Ruby version              1.8.7 (i686-linux)
RubyGems version          1.3.6
Rack version              1.0
Rails version             2.3.5
Active Record version     2.3.5
Active Resource version   2.3.5
Action Mailer version     2.3.5
Active Support version    2.3.5
Application root          /home/web/redmine/source-co/redmine
Environment               production
Database adapter          mysql
Database schema version   20100313171051

My config/email.yml,

production:
  delivery_method: :smtp
  smtp_settings:
    address: "mail.foo.com" 
    port: 465
    domain: "foo.com" 
    user_name: "me@foo.com" 
    password: "mypasswd" 
    authentication: :login
    enable_starttls_auto: true

Depending on the settings, I get:

An error occurred while sending mail (Connection reset by peer)

The output log is still as previously posted (very minimal... can this be made more verbose?)

I've tried with/without domain, enable_starttls_auto, tls.... no luck. Are there any other trouble-shooting tips someone can offer? Perhaps a small test script/program to test the mailer, sending email via the command line?

Thanks for any & all guidance you may be able to offer,
-Mike

RE: config sending email via SSL - Added by Mike S. over 9 years ago

...Does ruby+rails+ActionMailer use the Unix "sendmail" utility? Do I need to configure sendmail locally? My mail server (zimbra) is actually on a different host than where redmine is running. Nothing should be using sendmail locally -- I basically just get email updates to "root" about packages that have been updated, etc.

Just a thought. I'm really trying to figure this out...

Thanks again,
-m

RE: config sending email via SSL - Added by Alexey Kiryanov over 9 years ago

I don't know if that of any help, but it says in here http://redmineblog.com/articles/setup-redmine-to-send-email-using-gmail/:

1. Install the action_mailer_optional_tls plugin

The action_mailer_optional_tls_plugin adds a TLS option to Redmine's emailing library, ActionMailer. TLS is a version of SSL which is required by GMail in order to send email.

To install this plugin, use the script/plugin command in your Redmine directory:

ruby script/plugin install git://github.com/collectiveidea/action_mailer_optional_tls.git

2. Configure your email.yml

Redmine uses email.yml to store all the configuration for the email servers. This is used instead of config/environment.rb to setup a connection to a SMTP server. Each Redmine environment (development, test, production) can have it's own configuration section. If you are configuring Redmine to be used on a production server, I'd recommend just configuring the production mode like below:

# File: config/email.yml
production:
  delivery_method: :smtp
  smtp_settings:
    tls: true
    address: "smtp.gmail.com" 
    port: '587'
    domain: "smtp.gmail.com" 
    authentication: :plain
    user_name: "your_email@gmail.com" 
    password: "your_password" 

As far as I can see, you used authentication: :login when it says authentication: :plain
And you probably didn't complete the first step.

I may be wrong, and that post may be outdated, but still)

RE: config sending email via SSL - Added by Felix Schäfer over 9 years ago

Mike . wrote:

...Does ruby+rails+ActionMailer use the Unix "sendmail" utility? Do I need to configure sendmail locally?

You can use a local sendmail if it's configured and working, but you'd need to change delivery_method to :sendmail. For the :smtp scheme, it uses ruby libraries and makes direct SMTP connections to the mail server.

Concerning the SSL/TLS difference: yes, they are not the same, but I'd expect an up-to-date server supporting SSL to also support TLS (and consequently, I even more expect clients supporting TLS to also support SSL).

Ok, let's get down to the basics. Open a ruby console (irb) and try require 'openssl'. If it doesn't work, try everything anew after having installed the openssl and openssl-devel packages (or whatever they are called on CentOS).

RE: config sending email via SSL - Added by Mike S. over 9 years ago

Just a quick update and note of thanks for the suggestions offered. I finally got this working...

Alexey Kiryanov wrote:
I don't know if that of any help, but it says in
here http://redmineblog.com/articles/setup-redmine-to-send-email-using-gmail/:

Thanks, I did see that, but note that the first comment on that post states:

redmine 0.9, using ruby >= 1.8.7, rails >= 2.2.2 it appears TLS is supported in ruby now, so no plugin is required,
just use this new option :
production:
delivery_method: :smtp
smtp_settings:
enable_starttls_auto: true

I'm using ruby 1.8.7 , rails 2.3.5, and redmine "trunk" (i.e., > 0.9.4). So this particular post (as many others on the net) are in fact outdated on this issue. And, for my mail server, I can't use ":plain", but rather must use ":login" (trust me, though, I tried every permutation that I could find).

For an experiment, I did try using gmail smtp, but I think being behind a firewall prevented me from getting very far with that. Although I can install gems by setting my "http_proxy" env var, setting this doesn't seem to work for redmine. ...I'd be curious to know if there's another work-around for that.

Also, to get a little more info in the logs, I added to "config/environments/production.rb" the following:

config.log_level = :debug

At least this shows the "to:", "bcc:", mail headers, msg body, etc.

Felix Schäfer wrote:
Open a ruby console (irb) and try require 'openssl'

$ irb
irb(main):001:0> require 'openssl'
=> true

$ yum list openssl openssl-devel | grep installed
openssl.i686                        0.9.8e-12.el5_4.6                  installed
openssl-devel.i386                  0.9.8e-12.el5_4.6                  installed

Concerning the SSL/TLS difference: yes, they are not the same, but I'd expect an up-to-date
server supporting SSL to also support TLS

Hey, don't shoot the messenger! (Blame the mail server...! :-) But indeed, I think we're on to something here:

(and consequently, I even more expect clients supporting TLS to also support SSL).

Yeah, as it turns out the mail client was the problem: Redmine / ActionMailer doesn't correctly handle SSL. See this: https://rails.lighthouseapp.com/projects/8994/tickets/1731-make-enable_starttls_auto-opt-in-in-actionmailer#ticket-1731-18

Once I dropped the patch in that entry (mailer_ext.rb) into config/initializers, and set my configuration to the following, I was able to send mail to the server...

production:
  delivery_method: :smtp
  smtp_settings:
    ssl: true
    address: "zimbra.foo.com" 
    port: 465
    domain: "zimbra.foo.com" 
    user_name: "my.user@foo.com" 
    password: "my.pass" 
    authentication: :login

Success!

Thanks again,
-Mike

RE: config sending email via SSL - Added by Felix Schäfer over 9 years ago

Oh well, you learn something new everyday it seems :-) I'll try to remember this SSL/TLS thingie/patch when the next one having this problem show up ;-)

Regarding the proxy: as you have written, it is an http proxy that probably only allows outbound http connection to ports 80 and 443, so you won't be able to get smtp out on whatever port.

RE: config sending email via SSL - Added by Charles Canato over 9 years ago

To everyone who participated in this thread, and specially Mike for having shared the solution: a huge THANK YOU!

Here I also use Zimbra, and it's basically the same need I was having: SMTP with SSL. Well, now I have to figure a workaround on the expired certificate, but that's another search. :-(

Thanks a lot for sharing, Mike, it worked like a charm!

RE: config sending email via SSL - Added by Charles Canato over 9 years ago

Charles Canato wrote:

Well, now I have to figure a workaround on the expired certificate, but that's another search. :-(

Sorry, although the thread isn't about this subject, just wanted to give back an update: my problem with the expired certificate was easily circumvented with a very easy patch disabling (commenting) the certificate checking on ssl.rb.

Once again, thanks everyone!

RE: config sending email via SSL - Added by hongbo yang over 5 years ago

currently actionmailer has a ssl option to the configuration.yml,set it to true, it works

smtp_settings:
    ssl: true
    ...

(1-10/10)