From 7be5410714668c8dbe0dbf847e1846f9969d7567 Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Fri, 12 Apr 2024 14:57:37 +0200 Subject: [PATCH 1/3] Fix TLS connection smtps vs starttls in add-relay-rule/10test-credentials --- imageroot/actions/add-relay-rule/10test-credentials | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/imageroot/actions/add-relay-rule/10test-credentials b/imageroot/actions/add-relay-rule/10test-credentials index d9314855..62768610 100755 --- a/imageroot/actions/add-relay-rule/10test-credentials +++ b/imageroot/actions/add-relay-rule/10test-credentials @@ -57,8 +57,12 @@ ctx.verify_mode = ssl.CERT_NONE try : if tls: - smtp = smtplib.SMTP(host, port=port, timeout=10) - smtp.starttls(context=ctx) + # first we try to connect with starttls if it fails we try with smtps + try: + smtp = smtplib.SMTP(host, port=port, timeout=10) + smtp.starttls(context=ctx) + except : + smtp = smtplib.SMTP_SSL(host, port=port, timeout=10, context=ctx) else: smtp = smtplib.SMTP(host, port=port, timeout=10) From d418100cce2a7838186d59f7619c43e6907d1391 Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Fri, 12 Apr 2024 17:06:35 +0200 Subject: [PATCH 2/3] Fix TLS connection issue in add-relay-rule/10test-credentials --- imageroot/actions/add-relay-rule/10test-credentials | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/imageroot/actions/add-relay-rule/10test-credentials b/imageroot/actions/add-relay-rule/10test-credentials index 62768610..561cf580 100755 --- a/imageroot/actions/add-relay-rule/10test-credentials +++ b/imageroot/actions/add-relay-rule/10test-credentials @@ -61,7 +61,8 @@ try : try: smtp = smtplib.SMTP(host, port=port, timeout=10) smtp.starttls(context=ctx) - except : + # if the server does not support starttls we try with smtps + except smtplib.SMTPNotSupportedError: smtp = smtplib.SMTP_SSL(host, port=port, timeout=10, context=ctx) else: smtp = smtplib.SMTP(host, port=port, timeout=10) From 95d441cd422ad7b5ae86c3021a404bf0a754a21e Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Fri, 12 Apr 2024 18:53:33 +0200 Subject: [PATCH 3/3] Fix TLS connection issue in add-relay-rule/10test-credentials --- imageroot/actions/add-relay-rule/10test-credentials | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/imageroot/actions/add-relay-rule/10test-credentials b/imageroot/actions/add-relay-rule/10test-credentials index 561cf580..b184c12c 100755 --- a/imageroot/actions/add-relay-rule/10test-credentials +++ b/imageroot/actions/add-relay-rule/10test-credentials @@ -23,10 +23,6 @@ password = data['password'] rule_type = data['rule_type'] rule_subject = data['rule_subject'] -# if the username is empty, we do not need to validate -if not username: - sys.exit(0) - def get_password_from_database(rule_subject): # Function to query the database for the password based rule_subject sdb = mail.pcdb_connect() @@ -43,7 +39,7 @@ def get_password_from_database(rule_subject): sys.exit(6) # password not changed, we need to retrieve it from the database -if password == '': +if username and password == '': password = get_password_from_database(rule_subject) port = int(data['port']) @@ -61,14 +57,14 @@ try : try: smtp = smtplib.SMTP(host, port=port, timeout=10) smtp.starttls(context=ctx) - # if the server does not support starttls we try with smtps - except smtplib.SMTPNotSupportedError: + except Exception as ex: + print(agent.SD_WARNING+"STARTTLS seems not supported. Fall back to SMTPS", ex, file=sys.stderr) smtp = smtplib.SMTP_SSL(host, port=port, timeout=10, context=ctx) else: smtp = smtplib.SMTP(host, port=port, timeout=10) # we have a login, we try to authenticate. - if username: + if username and password: smtp.login(username, password) # without authentication, we have now way to test except # to connect to the server. we quit