Mattermost, Inc.

Secure SMTP on port 587 not working

Summary

Unable to enable secure SMTP connection.

Steps to reproduce

We are using Mattermost 5.18, until recently we were using non-secure SMTP on port 25, however starting in 2020 IT has disabled that option and we are only allowed to use SMTP with TLS 1.2 on port 587.

Expected behavior

I expect the SMTP “Test Connection” to be Successful.

Observed behavior

Instead what I see is the following error message:
Connection unsuccessful: Connection unsuccessful: SendMail: Failed to open TLS connection, tls: first record does not look like a TLS handshake

Here is what is in our config.json:

 "EmailSettings": {
        "EnableSignUpWithEmail": false,
        "EnableSignInWithEmail": false,
        "EnableSignInWithUsername": true,
        "SendEmailNotifications": true,
        "UseChannelInEmailNotifications": false,
        "RequireEmailVerification": false,
        "FeedbackName": "TechTalk",
        "FeedbackEmail": "techtalk@example.com",
        "ReplyToAddress": "test@example.com",
        "FeedbackOrganization": "",
        "EnableSMTPAuth": true,
        "SMTPUsername": "correct_username",
        "SMTPPassword": "correct_password",
        "SMTPServer": "correct_server_address",
        "SMTPPort": "587",
        "ConnectionSecurity": "TLS",
        "SendPushNotifications": false,
        "PushNotificationServer": "",
        "PushNotificationContents": "generic_no_channel",
        "EnableEmailBatching": false,
        "EmailBatchingBufferSize": 256,
        "EmailBatchingInterval": 30,
        "SkipServerCertificateVerification": true,
        "EmailNotificationContentsType": "full",
    },

faced the same issue but 465 and TLS works, so it is save to use 465.

Actually using port 587 is our only option. I I did manage to get it working.
There were a couple of configuration issues on our end, I had to change from TLS to STARTTLS. I figured that out by using telnet to connect to the SMTP server and it mentioned STARTTLS, so I changed the setting in the Mattermost UI.

What ended up being the second problem was the username. Back when we were using non-secure SMTP server on port 25, the login included the domain (e.g. domain/username) for some reason I discovered that with the secure server on port 587, I had to remove the domain from the username to get the authentication to work.

1 Like

did you do this in the mattermost container or in the host?

Actually our instance is not currently running in a container, so to answer your question, I used telnet on the host to debug, and then once I figured it out, I changed the SMTP settings via the Mattermost UI.

1 Like