Description of problem: When sending an email using a test button or automation, an ssl error is raised. The smtp service doesn't use ssl. Version-Release number of selected component (if applicable): 5.11.7 How reproducible: customer environment Steps to Reproduce: 1. set up email to a smtp on port 25 with no ssl or tls 2. attempt to send an email 3. Actual results: error raised : automation_notification delivery-error: SSL_connect returned=1 errno=0 state=error: unsupported protocol attempting to resend Expected results: email is sent Additional info: this problem was not observed on 4.7
Felix, Sorry, I meant ask the customer to set tls (the enable_starttls_auto) setting to false. Thanks Billy
confirmed : the customer's using the same smtp with 4.7 with no issues.
I diff'd the rpms and Gemfile.lock, limited it to just things "I think are relevant" and grouped related changes from their 5.10.14.0 to 5.11.7.3 setups: $ git diff --minimal | grep -E "\b(cfme|mail|ruby|actionmailer|rails|openssl|smtp|postfix)\b" -cfme-5.10.14.0-1.el7cf.x86_64 -cfme-appliance-5.10.14.0-2.el7cf.x86_64 -cfme-appliance-common-5.10.14.0-2.el7cf.x86_64 -cfme-appliance-tools-5.10.14.0-2.el7cf.x86_64 -cfme-gemset-5.10.14.0-1.el7cf.x86_64 +cfme-5.11.7.3-1.el8cf.x86_64 +cfme-appliance-5.11.7.3-1.el8cf.x86_64 +cfme-appliance-common-5.11.7.3-1.el8cf.x86_64 +cfme-appliance-tools-5.11.7.3-1.el8cf.x86_64 +cfme-gemset-5.11.7.3-1.el8cf.x86_64 -openssl-1.0.2k-19.el7.x86_64 -openssl-libs-1.0.2k-19.el7.x86_64 +openssl-1.1.1c-15.el8.x86_64 +openssl-libs-1.1.1c-15.el8.x86_64 +openssl-pkcs11-0.4.10-2.el8.x86_64 -postfix-2.10.1-7.el7.x86_64 +postfix-3.3.1-12.el8.x86_64 -rh-ruby23-ruby-2.3.8-70.el7.x86_64 -rh-ruby23-ruby-irb-2.3.8-70.el7.noarch -rh-ruby23-ruby-libs-2.3.8-70.el7.x86_64 -ruby-2.4.9-93.el7cf.x86_64 -rubygem-openssl-2.0.9-93.el7cf.x86_64 -ruby-irb-2.4.9-93.el7cf.noarch -ruby-libs-2.4.9-93.el7cf.x86_64 +ruby-2.5.5-105.module+el8.1.0+3656+f80bfa1d.x86_64 +rubygem-openssl-2.1.2-105.module+el8.1.0+3656+f80bfa1d.x86_64 +ruby-irb-2.5.5-105.module+el8.1.0+3656+f80bfa1d.noarch +ruby-libs-2.5.5-105.module+el8.1.0+3656+f80bfa1d.x86_64 -xmlsec1-openssl-1.2.20-7.el7_4.x86_64 +xmlsec1-openssl-1.2.25-4.el8.x86_64 - actionmailer (5.0.7.2) + actionmailer (5.1.7) - rails (5.0.7.2) + rails (5.1.7)
Note, rhel changed from 7.7 to 8.2 so any docs that show changes to OS defaults for SSL or smtp could be in play too -redhat-release-server-7.7-10.el7.x86_64 +redhat-release-8.2-1.0.el8.x86_64 +redhat-release-eula-8.2-1.0.el8.x86_64
Created attachment 1713799 [details] email_test.rb
Hi Felix, Could you replace Step 2 above with this? 2. Once the test email has failed, would you reach out to your mail server sysadmin for information logged by the server for the failed request, e.g. request data specifics, any server logged info on the rejection, etc. Thanks, Tina
@mheppler, Can you enable port 587 as well on that host please? I want to see if enable_starttls_auto + port 587 will work.
@Daniel, done, and removed auth, so you can really send e-mail to cf@bug1872358.
465 port is opened and working...
Given the instructions regarding setting the desired security level (in comment #70) have shown to allow email at the customer site and the associated BZ (https://bugzilla.redhat.com/show_bug.cgi?id=1881201) to ensure TLS is only started is SSL is specified, this BZ its being closed.
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days