Sending email through SendGrid fails
-
I use SendGrid to process notification emails for my devices. I've configured it to work with other devices (i.e. FreeNAS). I configured System | Advanced | Notifications | Email as follows:
E-Mail server: smtp.sendgrid.com
SMTP Port of E-Mail server: 465
Secure SMTP Connection: X
Validate SSL/TLS: X
From e-mail address: firewall
Notification E-Mail address: <my full email address>
Notification E-Mail auth username (optional): apikey
Notification E-Mail auth password: <api key as password>
Notification E-Mail auth mechanism: LOGINWhen I test SMTP settings, I get this notification error in the GUI:
Could not send the message to nick@demarcohome.com -- Error: Failed to connect to ssl://smtp.sendgrid.com:465 [SMTP: Failed to connect socket: fsockopen(): unable to connect to ssl://smtp.sendgrid.com:465 (Unknown error) (code: -1, response: )]
This topic discusses the same error. I'm using SendGrid, so their certificate should be trusted by root CAs (I think). Some of the example text seems to be missing from user posts, but I'm pretty sure the examples wouldn't help me.
I'm not sure where to go from here.
-
Looks more like you just could not connect vs a ssl not trusted.. simple test from pfsense sure looks like cert is fine.
[2.4.4-RELEASE][admin@sg4860.local.lan]/root: openssl s_client -connect smtp.sendgrid.com:465 CONNECTED(00000003) depth=3 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority verify return:1 depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2 verify return:1 depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2 verify return:1 depth=0 OU = Domain Control Validated, CN = *.smtp.sendgrid.net verify return:1 --- Certificate chain 0 s:/OU=Domain Control Validated/CN=*.smtp.sendgrid.net i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2 i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2 2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2 i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIGvzCCBaegAwIBAgIIR8KHdm5J8J0wDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1 cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTgxMjI4MjAyMjIwWhcN MjAxMjI4MjAyMjIwWjBBMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0 ZWQxHDAaBgNVBAMMEyouc210cC5zZW5kZ3JpZC5uZXQwggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQC/xYdx1oyPHcE6EdH61RXJK9JYA9p9GOrYhJ6rVq2c zpGR3/4EHwaZO/daZxvTn5p3LRBBW5KBBBNCLa0Vl84dLt6skUg3oWo17mim2ly1 AegTwN15/wxqq8Hf2G4Sr9g00zlBAEs2HeOyr3SxEvLCLscYtIKG7cD+CsUi0JT6 EeDXCVL04nJIheFh4h9TRcCook97yuqt7muySrarzekatOnpv4kuU8bk0uq4ym5K NO4zRUiCRy7JXAC2KZ4+0qhSlPFACRvygdPxK5ICvQq8/ZPlRWVn3yrWnQ4kEekp jDT4ucOpv8V/SxYmsBRqFD35ASDj6PZLYmJFb9XdzGCzAgMBAAGjggNFMIIDQTAM BgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNV HQ8BAf8EBAMCBaAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5nb2RhZGR5 LmNvbS9nZGlnMnMxLTkwMS5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5 MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3Jl cG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGG GGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2Nl cnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNV HSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAxBgNVHREEKjAoghMqLnNtdHAu c2VuZGdyaWQubmV0ghFzbXRwLnNlbmRncmlkLm5ldDAdBgNVHQ4EFgQUqLajl4xR pZ1YZD2l6KsTfcmd8t4wggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AKS5CZC0 GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZ/Z7aIYAAAQDAEcwRQIhAOhF 95cuap1qIlSVtRzNkaUbNHxpgj+RoBfxcSFgqlBZAiBNsRnVaIwWMBoR9s+a9YwC neLWWN777jRjew5mv2DVbwB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6 qP3LAAABZ/Z7bY8AAAQDAEcwRQIgJZMibCSMJDwTwEp64XSQQXCuYtKJDvhT7FwK rxoyH6oCIQCz1HVQbPLwMOXQPBRQFtpYEb18JCVdzlh8+f0hITgC5gB1AF6nc/nf VsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABZ/Z7cugAAAQDAEYwRAIgQoxF Fak6Aq9tVDo5BjaSl+90pZ8928SmDpA3XrQ7BrQCIHdOuigFbYK96gJ/GPaVNGqc w5FKxw9Z8TnpjZH1GEC/MA0GCSqGSIb3DQEBCwUAA4IBAQBbBTL603nJ9H7ClsKR g/XmFpGwQ4C5OftGmZ/Z/CG9iqOkLB2TPqdJ9NZRruMpWjnOnvDFoQ3NMSfDYdsn 25fzh30fx2+zIWW2IdKa1yO4A9tr3cxn4iINy/+dcNmF6tciGJtdBhZZgpyqhymu kjuMCQRL17uVkLyrYA/+Ti5N02fzRchprOydiasnhHSdDM3HVZQOqjOvoB5omtuf D1aldjrgW+TcILlnZxYvaqDPeMvUIZxQPzealRniQ7tmMOAgJfjZXxzuXatqXqw0 zbvQOiY2pSDn7WPxLbGafLAOFWIWhHtkEZMRC2n3WpupiZuC0pacmQeUgVY6Vabs KU8W -----END CERTIFICATE----- subject=/OU=Domain Control Validated/CN=*.smtp.sendgrid.net issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2 --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 4785 bytes and written 433 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: DE92BB35A6B24AAE55159AD906448E4844606291B7668347162789BB5C963029 Session-ID-ctx: Master-Key: 548DB14B6DF768C62A1E5160C64BFCFEA430207AABBA7FAAF0E03BF25A78240EB640F422206D85FF305E8644AC216B90 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - de 4f 91 5d 77 7a b3 2f-d0 96 47 44 15 bb e1 07 .O.]wz./..GD.... 0010 - 26 22 32 b6 1a 4f cd 02-a0 77 94 4b 14 2d c5 6f &"2..O...w.K.-.o 0020 - b4 85 a0 db 3b 01 af 61-8d d2 9f e9 a1 50 86 39 ....;..a.....P.9 0030 - e1 76 17 29 db 1c 40 43-de 58 13 1c 6a f1 12 45 .v.)..@C.X..j..E 0040 - d4 f9 c1 91 e5 f8 a0 46-ee 5d bb f5 6b eb 1a c9 .......F.]..k... 0050 - 67 7a 7b c4 dc a9 20 8a-50 c7 0a 0b 05 2e 51 27 gz{... .P.....Q' 0060 - c8 73 9a 00 34 e6 66 33-1c ed 36 a5 de 52 5f 49 .s..4.f3..6..R_I 0070 - 86 dd d4 52 b8 8c 78 25-f7 6f 92 e9 f5 3e 1e c5 ...R..x%.o...>.. 0080 - 44 11 9f 45 64 6c 50 e5-fe 8e f5 43 58 fb 7e bc D..EdlP....CX.~. 0090 - e1 25 d4 d3 7e 78 a6 bc-57 bc d7 f3 71 9e 10 ad .%..~x..W...q... Start Time: 1575468725 Timeout : 300 (sec) Verify return code: 0 (ok) --- 220 SG ESMTP service ready at ismtpd0129p1mdw1.sendgrid.net
-
@johnpoz said in Sending email through SendGrid fails:
openssl s_client -connect smtp.sendgrid.com:465
I ran the same test as you did, and I can connect also.
FYI, the SMTP password is a 69 character long string, if the length causes authentication issues. An example:
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
[2.4.4-RELEASE][nick@firewall.demarcohome.com]/tmp: cat sendgridtest.log CONNECTED(00000003) --- Certificate chain 0 s:/OU=Domain Control Validated/CN=*.smtp.sendgrid.net i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2 i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2 2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2 i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIGvzCCBaegAwIBAgIIR8KHdm5J8J0wDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1 cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTgxMjI4MjAyMjIwWhcN MjAxMjI4MjAyMjIwWjBBMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0 ZWQxHDAaBgNVBAMMEyouc210cC5zZW5kZ3JpZC5uZXQwggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQC/xYdx1oyPHcE6EdH61RXJK9JYA9p9GOrYhJ6rVq2c zpGR3/4EHwaZO/daZxvTn5p3LRBBW5KBBBNCLa0Vl84dLt6skUg3oWo17mim2ly1 AegTwN15/wxqq8Hf2G4Sr9g00zlBAEs2HeOyr3SxEvLCLscYtIKG7cD+CsUi0JT6 EeDXCVL04nJIheFh4h9TRcCook97yuqt7muySrarzekatOnpv4kuU8bk0uq4ym5K NO4zRUiCRy7JXAC2KZ4+0qhSlPFACRvygdPxK5ICvQq8/ZPlRWVn3yrWnQ4kEekp jDT4ucOpv8V/SxYmsBRqFD35ASDj6PZLYmJFb9XdzGCzAgMBAAGjggNFMIIDQTAM BgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNV HQ8BAf8EBAMCBaAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5nb2RhZGR5 LmNvbS9nZGlnMnMxLTkwMS5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5 MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3Jl cG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGG GGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2Nl cnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNV HSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAxBgNVHREEKjAoghMqLnNtdHAu c2VuZGdyaWQubmV0ghFzbXRwLnNlbmRncmlkLm5ldDAdBgNVHQ4EFgQUqLajl4xR pZ1YZD2l6KsTfcmd8t4wggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AKS5CZC0 GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZ/Z7aIYAAAQDAEcwRQIhAOhF 95cuap1qIlSVtRzNkaUbNHxpgj+RoBfxcSFgqlBZAiBNsRnVaIwWMBoR9s+a9YwC neLWWN777jRjew5mv2DVbwB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6 qP3LAAABZ/Z7bY8AAAQDAEcwRQIgJZMibCSMJDwTwEp64XSQQXCuYtKJDvhT7FwK rxoyH6oCIQCz1HVQbPLwMOXQPBRQFtpYEb18JCVdzlh8+f0hITgC5gB1AF6nc/nf VsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABZ/Z7cugAAAQDAEYwRAIgQoxF Fak6Aq9tVDo5BjaSl+90pZ8928SmDpA3XrQ7BrQCIHdOuigFbYK96gJ/GPaVNGqc w5FKxw9Z8TnpjZH1GEC/MA0GCSqGSIb3DQEBCwUAA4IBAQBbBTL603nJ9H7ClsKR g/XmFpGwQ4C5OftGmZ/Z/CG9iqOkLB2TPqdJ9NZRruMpWjnOnvDFoQ3NMSfDYdsn 25fzh30fx2+zIWW2IdKa1yO4A9tr3cxn4iINy/+dcNmF6tciGJtdBhZZgpyqhymu kjuMCQRL17uVkLyrYA/+Ti5N02fzRchprOydiasnhHSdDM3HVZQOqjOvoB5omtuf D1aldjrgW+TcILlnZxYvaqDPeMvUIZxQPzealRniQ7tmMOAgJfjZXxzuXatqXqw0 zbvQOiY2pSDn7WPxLbGafLAOFWIWhHtkEZMRC2n3WpupiZuC0pacmQeUgVY6Vabs KU8W -----END CERTIFICATE----- subject=/OU=Domain Control Validated/CN=*.smtp.sendgrid.net issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2 --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 4785 bytes and written 433 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 75B8055B16B17B8D1125E6BBD9AB2FBA5E7F8E82E03BE80F33884C4AEA887585 Session-ID-ctx: Master-Key: A48487A26B8DE701F574F006C1A2E20589D5BD23D1641DAE832E0C1A33017D1EE5C27490559604E32D5A291F75421855 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 49 fd ab 92 6f 3e e8 d4-13 45 92 cd f8 f2 64 10 I...o>...E....d. 0010 - 02 4e d3 50 ab ee 2a 6b-26 06 b5 81 e3 3a 5b a1 .N.P..*k&....:[. 0020 - 2b 34 a7 18 bf 53 52 71-ae 5c e8 b4 a1 e9 36 0c +4...SRq.\....6. 0030 - 1c 09 c5 28 41 31 3e 03-7e e3 29 89 d9 fb ca 2c ...(A1>.~.)...., 0040 - f6 4f 5f dc 52 74 90 e8-4c ad e4 55 e6 04 59 90 .O_.Rt..L..U..Y. 0050 - 64 55 2b 8d 62 01 70 6a-a9 f7 07 46 88 b0 43 7d dU+.b.pj...F..C} 0060 - fd e7 5d a9 6b 90 b5 b0-b3 ee 78 b6 57 3d e5 fa ..].k.....x.W=.. 0070 - c0 c2 17 5f ec 56 00 0c-e5 88 19 76 01 0b 17 2d ..._.V.....v...- 0080 - 73 57 d5 28 0b dc c7 20-4b e3 13 60 a9 f6 a5 69 sW.(... K..`...i 0090 - 1f 1c 4d 2b db 85 ed fe-99 3b 6b 75 39 c5 6f 21 ..M+.....;ku9.o! Start Time: 1575473240 Timeout : 300 (sec) Verify return code: 0 (ok) --- 220 SG ESMTP service ready at ismtpd0063p1mdw1.sendgrid.net
-
I'm still facing this issue. Authentication fails, though I've double checked my configuration. I've also used the same authentication and similar parameters to send emails through FreeNAS.
I've looked in the system logs. The notification error text is duplicated in the logs. What's a good next step for troubleshooting? I imagine going to the command line, and manually connecting would be next. Any guidance is appreciated.
-
Hi, I'm bumping to attract attention. I'm not seeing any log messages.
Any next step to troubleshoot?
-
I tested with this one deactivated
@ndemarco said in Sending email through SendGrid fails:
Validate SSL/TLS: X
Logging shows that I managed to connect.
Identification failed of course.
-
-
Any thoughts on a work around on this issue?
-
@Mr_AJ I haven't given the matter thought since. Turning off the TLS check solved the problem. The risk of a bad actor causing an attack, presumably through man in the middle, doesn't concern me. If there's a reason I should be concerned, I'd appreciate learning of it.