This question already has answers here:
How do I set the SSL protocol needed for ActionMailer to use a TLS connection?
(2 answers)
Closed 2 years ago.
I'm using Sendgrid on a Rails 5.2 application and was getting a
Net::ReadTimeout error when trying to send an email. The post here
https://github.com/mikel/mail/issues/639#issuecomment-29016055 suggested adding :tls => true to the SMTP settings. That worked, but it seems like an old solution and I'd like to understand what it's doing and why it worked.
This is my SMTP setup that gave the Net::ReadTimeout error:
ActionMailer::Base.smtp_settings = {
:user_name => 'username',
:password => 'password',
:domain => 'mydomain.com',
:address => 'smtp.sendgrid.net',
:port => 465,
:authentication => :plain,
:enable_starttls_auto => true
}
This is the update that's working.
ActionMailer::Base.smtp_settings = {
:user_name => 'username',
:password => 'password',
:domain => 'mydomain.com',
:address => 'smtp.sendgrid.net',
:port => 465,
:authentication => :plain,
:enable_starttls_auto => true,
# this line added
:tls => true
}
Email is effectively a plaintext communication sent from email clients to receiving email servers or from one server to another. This design limitation leaves the content of a message in transit open for anyone to eavesdrop; from a wireless hotspot at the airport or coffee shop to your ISP and internet backbone providers that carry your messages throughout the world.
Transport Layer Security (TLS) helps solve this issue by offering encryption technology for your message while it is “in transit” from one secure email server to another. That is, TLS helps prevent eavesdropping on email as it is carried between email servers that have enabled TLS protections for email. Just as TLS can be used to secure web communications (HTTPS), it can secure email transport. In both applications, TLS has similar strengths and weaknesses. To maximize the content security and privacy, TLS is required between all the servers that handle the message including hops between internal and external servers.
Key features of TLS includes:
Encrypted messages: TLS uses Public Key Infrastructure (PKI) to encrypt messages from mail server to mail server. This encryption makes it more difficult for hackers to intercept and read messages.
Authentication: TLS supports the use of digital certificates to authenticate the receiving servers. Authentication of sending servers is optional. This process verifies that the receivers (or senders) are who they say they are, which helps to prevent spoofing.
For reference
Related
I used G-suite email setting for sending emails from Rails application. This is my client G-suite email. Generally I used my gmail settings and it's work but G-suite email settings not work. Below code:
config.action_mailer.smtp_settings = {
:address => "smtp-relay.gmail.com",
:port => 587,
:user_name => "info#XXXX.com",
:password => "XXXXXX",
:authentication => "plain",
:domain => "gmail.com",
:enable_starttls_auto => true
}
I used address: "smtp.gmail.com" as well but not working.
I got error: SMTP: authentication failed and sometimes nothing but not received email.
Anyone have idea or same experience solutions.
Thanks
there is this configuration in gmail that COULD be the cause of the problem. I am not sure it would result with an error: SMTP: authentication failed
this is the guide to allow the unsafe apps
Change your settings to allow less secure apps into your account.
We don't recommend this option because it can make it easier for someone to break into your account. If you want to allow access anyway, follow these steps:
Go to the "Less secure apps" section of my Account.
Turn on Allow less secure apps. (Note: If your administrator has locked less secure app account access, this setting is hidden.)
also I found similar post for this problem, for example a similar issue was solved in this so question
These settings worked for me:
config.action_mailer.default_url_options = { :host => 'localhost:3000' }
config.action_mailer.perform_caching = false
config.action_mailer.delivery_method = :smtp
# SMTP settings for gmail
config.action_mailer.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:user_name => 'info#example.com', # Change this to the email you're sending from
:password => 'your_password_goes_here', # Change this to your password
:authentication => "plain",
:enable_starttls_auto => true
}
One extra tip. By default: config.action_mailer.raise_delivery_errors = false set to true so you can see any error messages in your browser/console
NOTE: in order for the mailer to work with any google email account you must have 'Allow less secure apps' turned on.
To do this, first go to the G-Suite admin console and turn on Security -> Advanced Security Settings and check the radio button: "Allow users to manage their access to less secure apps"
Now login to your G-Suite user account, go to My Account -> Sign-in & security. At the bottom you'll see Allow less secure apps. Turn that on.
You're good to go!
I would like to ask what I missed why my email was flagged as unencrypted by Gmail. My project uses Hostmonster.com no-reply account to send email.
Rails smtp settings:
config.action_mailer.default_url_options = { host: APP_CONFIG[:host], port: APP_CONFIG[:port], protocol: "https" }
config.action_mailer.perform_deliveries = true
config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
:address => "host289.hostmonster.com",
:port => 465,
:domain => APP_CONFIG[:smtp][:domain],
:user_name => APP_CONFIG[:smtp][:user_name],
:password => APP_CONFIG[:smtp][:password],
:authentication => "plain",
:enable_starttls_auto => true,
:ssl => true
}
Hostmonster cpanel:
enter image description here
The project is already in HTTPS. I don't know if it's in my end causing the Gmail unencrypted issues or on hostmonster.
enter image description here
I believe this is rather about the configuration of the hosting SMTP server when talking to GMail servers. You are sending your email to the hostmonster SMTP server via encrypted SMTP connection, which is correct. But it's the hostmonster's responsibility to also send the mail encrypted further on, which they probably don't do.
I would contact the hostmonster's support about this issue, i.e. ask them if they use encrypted communication when sending outgoing emails from their servers.
trying to set up my own ActionMailer::Base in RubyRails -> This works:
ActionMailer::Base.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:domain => "anythingworks",
:user_name => "mygmailaddress#gmail.com",
:password => "somePW",
:authentication => "plain",
:enable_starttls_auto => true
}
fine.. but it would be nice if I could use my mail server. but when i am trying this:
ActionMailer::Base.smtp_settings = {
:address => "smtp.myowndomain.de",
:port => 25, (tried 587) also
:domain => "triedanything",
:user_name => "mycorrectuser",
:password => "yesitisthecorretpw",
:authentication => "plain",
:enable_starttls_auto => true
}
Tried lot of different settings / changes. But no E-Mail is sent. Is there any logs avaiable to this ? Think its something because authentication... "login" instead of "plain" doesnt help...
Had some tests with telnet sending some E-mails from command line.
gmail doesnt work from command line (saying STARTTTLS or something). My own domain mails server (which is hosted from some provider) says "relay access denied" (from commandline).
Webmail both working..
Any ideads ? Thanks!
The answer is the "relay access denied" message. Your smtp server needs to be configured to relay emails for this to work. I suspect that your smtp server is configured to accept connections for delivery TO your domain, not to relay emails elsewhere.
The same error message will probably be found in the smtp server's log files. Try sending an email to yourself (which would just be an accept, rather than a relay, for your smtp server). If emails to yourself are delivered, but emails to other domains are not, you will have confirmation that that is the problem.
Your ISP probably has an smtp server you can use for outgoing emails. If you want to use your own email server, it will need to be configured to relay emails.
I am reading up on actionmailer for rails. My question is about the default settings as described here:
config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:domain => 'baci.lindsaar.net',
:user_name => '<username>',
:password => '<password>',
:authentication => 'plain',
:enable_starttls_auto => true }
now reading from the API here it says that:
":authentication - If your mail server requires authentication, you need to specify the authentication type here. This is a symbol and one of :plain (will send the password in the clear)"
so my question is, does this send the password as plaintext? I find it hard to believe that it does but I can't see in the documentation where it says it encrypts it, is it something to do with the line: :enable_starttls_auto => true ? let me know where my mistake is, also how does the enablestarttls guarantee a secure connection (if this is where the encryption comes in)?
as always links to documentation/references are appreciated and encouraged :)
thanks in advance.
Derek Hill wrote a nice response to this question here: What is the "plain" authentication_type in mailer?
But I found this question more easily on google, so reposting.
"According to this article 'although the keyword PLAIN is used, the username and password are not sent as plain text over the Internet - they are always BASE64 encoded'
However 'One drawback using the PLAIN authentication mechanism is that the username and password can be decoded quite easy if somebody monitors the SMTP communication. To obtain higher security an authentication mechanism with the name CRAM-MD5 can be used instead.'"
When ever time i try sending notifications in my rails app i get the following error
Net::SMTPAuthenticationError (535-5.7.1 Username and Password not accepted. Learn more at
):
app/models/friendship.rb:6:in `send_request'
app/controllers/friends_controller.rb:21:in `make_friendship'
my development.rb mail config settings is
# Don't care if the mailer can't send
config.action_mailer.raise_delivery_errors = true
config.action_mailer.delivery_method = :smtp
# Gmail SMTP server setup
config.action_mailer.smtp_settings = {
:address => "smtp.gmail.com",
:enable_starttls_auto => true,
:port => 587,
:domain => '#example.com',
:authentication => :plain,
:user_name => 'user#gmail.com',
:password => 'secret'
}
I have this and it works for me:
ActionMailer::Base.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:user_name => "name#example.com",
:password => 'password',
:authentication => "plain",
:enable_starttls_auto => true
}
Login to the account you're using in your browser then visit this page:
http://www.google.com/accounts/DisplayUnlockCaptcha
This gives you a 10 minute window to login with the app you want to let access your account. Go back to your Rails app and make it send an email, after that everything should work.
I have a similar configuration that works fine but once in a while I get this error and I suspect that it is because Google mark the account as potentially abusive for some reason, too fast logins etc (each time a mail is sent).
You can make it work again by manually login via web interface and type the CAPTCHA. If this happens often I would probably think about using some other solution, like using an own MTA or at least an local MTA between Rails and gmail capable of sending multiple mails without relogin. In that case you may even deliver the mail yourself without going thru gmail, just make sure to setup proper SPF records etc.
you are missing the link in the error message! :)
Net::SMTPAuthenticationError (535-5.7.1 Username and Password not accepted. Learn more at https://support.google.com/mail/bin/answer.py?hl=en&answer=14257
Thus for details see: https://support.google.com/mail/bin/answer.py?hl=en&answer=14257
Make sure that you've entered your full email address (e.g. username#gmail.com)
Make sure your mail client isn't set to check for new mail too often. If your mail client checks for new messages more than once every 10 minutes, your client might repeatedly request your username and password.
I had the same problem: it worked from my desktop (in development environment), but it failed from production environment (a server in Sweden...).
You have to login into your gmail account and check the emails if Google has prevented the sign-in attempt.