Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Set up Nodemailer to secure email with a STARTLS handshake?

I need to send e-mail through my remote Postfix/Dovecot SASL service from Node.js on my desktop.

When I send email using Thunderbird, it works and the Postfix server logs show

Anonymous TLS connection established from unknown[dh.cp.ip.ip]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)

But not through nodemailer, where the Postfix server logs:

Nov 26 22:02:31 servicelabel postfix/submission/smtpd[27019]: connect from unknown[dh.cp.ip.ip]                                                         
Nov 26 22:02:31 servicelabel postfix/submission/smtpd[27019]: lost connection after CONNECT from unknown[dh.cp.ip.ip]                                   
Nov 26 22:02:31 servicelabel postfix/submission/smtpd[27019]: disconnect from unknown[dh.cp.ip.ip] commands=0/0        

These same settings are used for Nodemailer transport and Thunderbird

  let transporter = nodemailer.createTransport(
    {
        host: "mx.example.com",
        port: 587,
        secure: false, // use TLS
        // requireTLS:true,        
        auth: {
            user: "emailuser",
            pass: "password"
        },
        tls: { rejectUnauthorized: false },
        // logger: true,
         debug: true 
    },
    {      
        from: '[email protected]',
    }
);

But Nodemailer won't connect to Dovecot with TLS the same way Thunderbird does ??

when I change secure to true to force TLS a SSL routines:ssl3_get_record:wrong version number error (below); it appears when verifying the transport.

transporter.verify(function(error, success) {
  if (error) {
    console.log(error);
  } else {
    console.log("Server is ready to take our messages");
    return false;
  }
});
Error: 140185182082944:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:
code:"ECONNECTION"
command:"CONN"
function:"ssl3_get_record"
library:"SSL routines"
message:"140185182082944:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:\n"
reason:"wrong version number"
stack:"Error: 140185182082944:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:\n"

When I test with this command:

openssl s_client -starttls smtp -connect mx.example.com:587

depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = mx.example.com
verify return:1
---
Certificate chain
 0 s:CN = mx. ...
...
...

... the SSL/STARTTLS handshake succeeds and certificates

But if I use this command:

openssl s_client -connect mx.example.com:587 -crlf -ign_eof

I get the same error as with Nodemailer

CONNECTED(00000005) 140508975112640:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332:

I've tried a number of option configurations and am at a loss...

How do I send secure email through my Dovecot/Postfix server via Nodemailer? Do I need to configure some certs in Nodemailer? Should I use something different to send secure email from node.js? Any help appreciated.

like image 890
Kickaha Avatar asked Nov 26 '19 23:11

Kickaha


People also ask

How can I send email with my company domain using Nodemailer?

In short, what you need to do to send messages, would be the following: Create a Nodemailer transporter using either SMTP or some other transport mechanism. Set up message options (who sends what to whom) Deliver the message object using the sendMail() method of your previously created transporter.

Is Nodemailer secure?

No known vulnerabilities in nodemailer Security wise, nodemailer seems to be a safe package to use. Over time, new vulnerabilities may be disclosed on nodemailer and other packages.

What is the difference between SendGrid and Nodemailer?

Nodemailer and SendGrid can be primarily classified as "Transactional Email" tools. Airbnb, Uber Technologies, and Spotify are some of the popular companies that use SendGrid, whereas Nodemailer is used by OVLMBP Inc, KOACHR, and Yooniks co.

What can I use instead of Nodemailer?

Twilio SendGrid, Mailgun, Amazon SES, EmailJS, and Mailchimp are the most popular alternatives and competitors to Nodemailer.


1 Answers

My unit testing context in Mocha does not have the ciphersuites of Node.js available.

The Nodemailer has no problem initiating TLS handshake from STARTLS when running in a Node.js context.

like image 162
Kickaha Avatar answered Sep 20 '22 11:09

Kickaha