Email works on 465 but not on 587

rikrdo89 · 2 March 2023 16:05

This is more of a comment than a question, in case anyone encounters a similar issue. I was getting an error sending a test email when I used mailer port 587, but I was able to successfully get it to work when I switched to port 465, as in the config below.

      VIKUNJA_MAILER_ENABLED: 1
      VIKUNJA_MAILER_FORCESSL: 1
      VIKUNJA_MAILER_HOST: smtp.gmail.com
      VIKUNJA_MAILER_PORT: 465
      VIKUNJA_MAILER_USERNAME: myacct@gmail.com
      VIKUNJA_MAILER_PASSWORD: secretapppass

Not sure why this is. I have postfix server enabled in the same machine where I have a Vikunja container, and it also uses gmail on port 587 without issues… I wonder if there is a way to enable vikunya to use the postfix server already installed in the machine…

to test the email, I run:

sudo docker exec vikunja-api-1 /app/vikunja/vikunja testmail recipientemail@gmail.com

The error I got on port 587 was:

Error sending test mail: dial failed: tls: first record does not look like a TLS handshake

kolaente · 2 March 2023 16:33

Did you check if the forcessl option makes any difference?

rikrdo89 · 2 March 2023 16:51

I just did, so port 587 works as long as forcessl is set to 0. I don’t understand the implication of having forcessl set to zero and whether that is a security concern…

So the following combinations work for email:

VIKUNJA_MAILER_PORT: 587
VIKUNJA_MAILER_FORCESSL: 0

OR

VIKUNJA_MAILER_PORT: 465
VIKUNJA_MAILER_FORCESSL: 1

kolaente · 2 March 2023 19:49

If forcessl is set to true, Vikunja will require to get a connection via STARTTLS. If it’s not set, it will still try to establish a connection via STARTTLS, but fall back to an unencrypted connection when that does not work.

rikrdo89 · 2 March 2023 20:14

Thanks for the explanation. However shouldn’t STARTTLS be able to establish a secure encrypted connection via port 587? Isn’t that the point of using port 587 for SMTPS?.. I guess I don’t understand why that would not work.

kolaente · 3 March 2023 14:19

Not 100% sure either. I think 587 requires establishing an unencrypted connection and then upgrading that with STARTTLS to a secure one. That won’t work if you configure Vikunja to talk tls direclty.