Anon5b743
Accepted
SMTP Connection
I've just installed a docker based instance and am encountering issues configuring SMTP. This instance is from the latest docker containers ( ghcr.io/clearflask/clearflask-server:latest ) or rather a copy from yesterday.
My configuration:
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpStrategy=SMTP_TLS com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpHost=smtp.sparkpostmail.com com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpPort=587 com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpUser=SMTP_Injection com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.smtpPassword=redacted com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.emailDisplayName=displayname com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.fromEmailLocalPart=noreply com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.fromEmailDomainOverride=redacted.com
the container itself (clearflask-server) can connect (have tested with nmap) on the cli. However when the web app tries to connect I see logs such as:
Caused by: javax.mail.MessagingException: Could not connect to SMTP host: smtp.sparkpostmail.com, port: 587 Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
The server requires TLSv1.2 which is not mentioned as disabled in the java.security file and it seems likely this is the correct configuration and a "workable" situation.
openssl s_client -connect smtp.sparkpostmail.com:587 -starttls smtp
Server response snippit:
-----END CERTIFICATE----- subject=CN = *.sparkpostmail.comissuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bitsSSL handshake has read 4579 bytes and written 473 bytes Verification: OKNew, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384
An item I see that may be an issue is the wildcard certificate?
I have followed a suggestion from a previous query on this topic and added the following env var to the server container, however am not seeing any related logs.
`JAVA_OPTS="-Djavax.net.debug=ssl"`
I have also followed the email providers suggestions, no joy: https://support.sparkpost.com/docs/faq/smtp-connection-problems
Can anyone provide some additional suggestions for debugging?