Without authentication email alerts work when sent in cleartext, but authentication is required by policy. The combination of no authentication but with STARTTLS does not work.
When using MTA_AUTH=on or MTA_STARTTLS=on I get: Testing the alert alert-task-done failed. Internal error.
In the logs:
The alert alert-task-done was triggered (Event: Task status changed to 'Done', Condition: Always)
md manage:WARNING:2023-08-03 09h12.30 UTC:86: email: system failed with ret 17664, 69, read FROM TO < /tmp/gvmd-args-lSzTuJ; /usr/sbin/sendmail -f "$FROM" "$TO" < /tmp/gvmd-content-xQ1cfJ > /dev/null 2>&1
I can see that greenbone sends EHLO and the mail server responds, but then greenbone closes the connection.
Note: I disabled STARTTLS to be able to see what is exchanged between greenbone and the mail server. I also tried with MTA_STARTTLS=on and the TLS tunnel is successfully established after EHLO, but the mail sending also does not work - like without STARTTLS.
“Greenbone” doesn’t send any mail requests commands like EHLO. This is done by a 3rdparty msmtp SMTP client so additional support from msmtp - about might be required as well (e.g. there could be an incompatibility with msmtp and the mail server used)
Hello, @trike !
MTA inside container is being configured with simple echoing config lines to config file. Your environment variables are converted to such a config:
host mail.mynet.org
port 25
tls off
tls_starttls off
auth on
user me
from me@mynet.org
password redacted
You can try install MSTMP package locally, put config above to /etc/msmtprc and send messages via sendmail pipe like it is done inside a GVMD container:
echo -e "Subject: this is the subject\n\nthis is the body" > /tmp/gvmd-content-uNIuIC
/usr/sbin/sendmail -f "me@mynet.org" some-target-mail@some.domain < /tmp/gvmd-content-uNIuIC
I tested it within the gvmd container with the config shown above and it throws:
sendmail: cannot use a secure authentication method
sendmail: could not send mail (account default from /etc/msmtprc)
when using STARTTLS and no authentication:
sendmail: TLS certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.
The reason is that I am using my own internal CA. with postfix that has necer been a problem, but MSTMP seems to want to verify the certificate chain of the postfix certificate. Is there a way to diable this check or can you create a way to bring the root CA certificate into the container and make STMP use it?