Starttls issues with postfix

yoko · May 23, 2023, 9:38am

Hi, I have two containers, one with postfix and another one with a backend (web app). I would like to send email to the postfix container using starttls but I have issues

If I use the container IP :

from backend => library: “SSL routines”, function: “tls_process_server_certificate”, reason: “certificate verify failed”, file: “ssl/statem/statem_clnt.c”, line: 1919 }]))) }, X509VerifyResult { code: 64, error: “IP address mismatch”

Postfix log

warning: TLS library problem: error:0A000412:SSL routines::sslv3 alert bad certificate:…/ssl/record/rec_layer_s3.c:1605:SSL alert number 42

I think the ssl error is quite obvious, that’s why I use the server domain name to contact the mail server, but I have the following error that I don’t fully understand :

from backend => source: “5.5.2 Error: command not recognized”

Postfix log

improper command pipelining after EHLO from postfix.lxd[10.202.193.100]: QUIT\r\n

I’m able to send email to the postfix server from my backend in a local dev environment (not containerized), this issue only occurs while inside the container.

Thanks

pgoetz · May 24, 2023, 11:41am

How are you trying to send mail from the backend container?

yoko · May 24, 2023, 12:00pm

I use the lib lettre
Looks like this :

let email = Message::builder()
        .from("nobody@domain.tld".parse().unwrap())
        .reply_to("yuin@domain.tld".parse().unwrap())
        .to("hei@domain.tld".parse().unwrap())
        .subject("Hello test")
        .header(ContentType::TEXT_HTML)
        .body(String::from("Hello world!"))
        .unwrap();

let creds = Credentials::new("smtp_username".to_owned(), "smtp_password".to_owned());
let mailer = SmtpTransport::starttls_relay("mailer.domain.tld")
        .unwrap()
        .credentials(creds)
        .build();

    // Send the email
    match mailer.send(&email) {
        Ok(_) => println!("Email sent successfully!"),
        Err(e) => panic!("Could not send email: {e:?}"),
    }

the postfix server works with no issues, except with my containerized backend app. I suspect it has to do with the communication between containers, maybe firewall issue… I tried many things with no results.

yoko · May 24, 2023, 2:23pm

Ok I tried with a small python script using smtplib and I’m able to connect with starttls to my postfix server using the container ip mailtest.lxd[10.202.193.250], so the issue might be related to the lettre lib.

reply: b’220 2.0.0 Ready to start TLS\r\n’
reply: b’235 2.7.0 Authentication successful\r\n’