Self signed certs
samstride opened this issue · comments
Hi,
Thank you for maintaining this repo.
We have an SMTP server that uses a self signed cert.
The previous engineer used a fork of this repo: https://github.com/L11R/mailyak to work around the certificate error.
However that repo isn't actively maintained.
Issue 8 already requested this feature.
Any chance we can get a flag to set InsecureSkipVerify
?
I am thinking something along the lines of:
mail := mailyak.New(
"smtp.company.com:25",
smtp.PlainAuth("", "username", "password", "smtp.company.com", true)
)
Thanks.
Hey @samstride!
Good news, it's already fully supported!
If you import the "v3" module (github.com/domodwyer/mailyak/v3
), there's a NewWithTLS()
constructor that allows you to pass in the *tls.Config
you wish to use - you can set InsecureSkipVerify
here :)
I will leave a note on #8 to point people to this response and hopefully help out others.
Dom
I tried this:
mail, err := mailyak.NewWithTLS(
"smtp.company.com:25",
smtp.PlainAuth("", "username", "password", "smtp.company.com", true),
&tls.Config{ServerName: "smtp.company.com:25", InsecureSkipVerify: true}
)
We have no TLS relays so we end up with this error:
tls: first record does not look like a TLS handshake
Hey @samstride
That looks like you're not taking to a TLS endpoint - port 25 is usually (though not always) plaintext.
Worth double checking your hostname/port combination, that error comes from the standard library's TLS implementation 👍
Dom
@domodwyer , thanks for replying. I have tried 143
and 587
and they don't work either. The problem is we have no TLS relays since all traffic is internal.
I cloned the repo locally and for testing purposes I added InsecureSkipVerify: true,
to func smtpExchange
in sender.go
.
if tryTLSUpgrade {
if ok, _ := c.Extension("STARTTLS"); ok {
//nolint:gosec
config := &tls.Config{
ServerName: serverName,
InsecureSkipVerify: true, // ------> Added this line
}
if err = c.StartTLS(config); err != nil {
return err
}
}
}
Then this works:
mail := mailyak.New(
"smtp.company.com:25",
smtp.PlainAuth("", "username", "password", "smtp.company.com")
)
I believe this is what the fork was allowing to be set: https://github.com/L11R/mailyak/blob/master/mailyak.go#L80