Since upgrading to this version, sending emails regardless of port, regarless of the “Do Not Verify TLS Certificate”.
We Get : An error occurred while attempting to establish an SSL or TLS connection. The server’s SSL certificate could not be validated for the following reasons: • The server certificate has the following errors: • unable to get certificate CRL • unable to get certificate CRL • An intermediate certificate has the following errors: • unable to get certificate CRL • unable to get certificate CRL
Have tried port 25 etc still tries TLS.
Prior to the upgrade Emails were working perfectly.
Can someone just also remove the Drop Down for the Port Selection and have it as an editable item, and also remove the “requirement” for authentication and make it “optional” so we can send it to an internal relay server with IP Authentication.
That’s my thoughts to, I would like the option to just be able to select whether to have authentication or not, and use different port numbers I would just dump Mailjet and use our internal Relays.
This is a very specific request that may only benefit few and may even cause more issues with people setting up SMTP as is so this is unlikely to happen. The error most likely relates to the SMTP server responding with different certificates on 465 and 587 ports. As you use Linux Server Edition (only learned that from another post by you, but next time better to explain here) you should ensure that CA and SubCA certificates are added to the trusted root CA store. Your request to bypass probably is related to this but you are advised to fix it on your server.
Cant fix it on the server when the server is run by https://app.mailjet.com/. I want to be able to bypass the settings so I can run it on my own postfix server and remove the requirement all together for using mailjet.
As we dont use GMail or Office 365 we need more ability to tweak SMTP settings, considering we all still need to use this massively outdated method of sending invoices.
Hi @eko Yes we are aware that Mailjet uses SMTP it has been working for the past 3 years with manager.io.
Latest update breaks TLS / SSL with it that’s the point. As I said earlier if I had the options to disable auth, set other port numbers and even disable TLS / SSL. I would “Dump Mailjet”
Pointing me to a document that describes how to setup SMTP with Mailjet is pointless in this instance as we have been using it for 3 years, using Port 587 TLS / SSL. Now the latest update breaks it.
Seems to be common with this software even when you pay for it that when updates occur there are regressions that dont get resolved / tested or thrown in the too hard pile.
If I were to have a guess, this would have had it’s regression in
26 JulyAdded option to use SMTP port 465 in “Email Settings”
Respective Forum Post - SMTP Server and Port - HELP
I also see port 26 being mentioned there, we use that Internally for Non TLS / Non SSL SMTP Services, it’s easier with postfix to use a seperate port to allow relay on. I see Tut’s comment it’s never been recognised as a port, perhaps not, but giving people the option for the following would massively reduce these complaints.
I suggest the following changes:
Allow people to edit port number, dont lock it.
Allow people to select either TLS / SSL or Non Encrypted
Ability to also check “Ignore Certificate Errors / Validation” also that actually works.
If you now have the correct libraries in the software to deal with SSL / TLS and Non Encrypted then I CANNOT see a single issue with these MINOR changes.
In the end I would rather more configurable options in the SMTP settings so I can point it at our own servers, with No Authentication (Using Relay IP) and also the ability to set a Non Standard Port.
I mean heck I know people have been moaning about Multifactor also and I have been too.
In this day and age, username and passwords just DO NOT CUT IT.
To even get some form of modern authentication, i’ve had to use a NGinX Reverse proxy and Authentik to be able to get any form of simplistic 2 factor working to protect the instance. Perhaps SAML coupled with oAuth might be a good idea to implement.
Are you sure that you recently did not activate 2FA on your email account with Mailjet? Despite your comments, most of the time when users report SMTP problems it deals with changes either on the user’s system (ports closed by a new Antivirus app on their system) or by the email provider (such as 2FA with a special to generate password for/or restricting pass-through). As you already indicated SMTP is an antiquated protocol but not outdated. It is simple and still by far the most used protocol. Because it is so simple it requires few entries and handshakes.
Manager does not distinguish features between Cloud and Server editions. And both types of users pay for their licenses but that does not mean they get exclusive treatment from those using the free Desktop versions.
More importantly if the Cloud edition would allow people to apply any or all of these suggestions the support requests would be numerous because to be secure the Cloud server should be hardened and therefore the replies are that:
Manager should not allow for any other ports than the common SMTP ones because it potentially compromises the security of the Cloud Server.
selection of encryption is already possible through the port selection. Port 25 is Unencrypted and Port 587 is in Manager implemented as STARTTLS command and Encrypted.
it should be sufficient, as currently possible, to enable “…Do not verify TLS certificate…” but not for production but for trouble shooting.
Looks like @bdallen wants to go straight to using their SMTP server and stop using mailjet as a relay. it would be wiser for him to set up his server to work with the Manager than to ask the Manager to accommodate his server settings
Thankyou for your input but it doesn’t actually solve the issue, this is the findings so far.
We dont upgrade the manager instance on regular intervals.
We run them as Virtual Machines
@eko we have had 2FA on mailjet for the past god knows how long, this error “An error occurred while attempting to establish an SSL or TLS connection. The server’s SSL certificate could not be validated for the following reasons: • The server certificate has the following errors: • unable to get certificate CRL • unable to get certificate CRL • An intermediate certificate has the following errors: • unable to get certificate CRL • unable to get certificate CRL” Is not related to authentication, it is related to Manager not being able to validate the certificate, to which validation is turned off and receive the same error. (Also there is no antivirus on the servers, and they are behind fortinet firewalls to which NO CHANGES had been made, only an upgrade to manager.io version.)
We rollback the server to the snapshot which has the previous version everything works fine.
Why bother paying for this software if you cannot get Priority for Support requests, or even lodge a support ticket. The forum should be for free users and there should be a support ticketing system for paying users.
If the developer feels overwhelmed etc, they should just make the project OSS and make it available on github and then have other developers such as myself perform pull requests to help out for features etc.
You cannot use the whole argument for Non standard SMTP ports, many other software projects out there allow you to specify arbitrary ports, to use RFC and IANA standards is a joke really. If they want to complain about standards then perhaps implement some proper SDLC / Agile into this project.
To use the potentially compromose the security of the cloud server, the solution is simple for the cloud service, you implement your own SMTP gateway services and hard code that to that service and then supply people with the correct SPF records to add to their existing DNS for manager in the cloud to be able to send out.
I agree it should be sufficient to enable “Do Not Verify TLS Certificate” if it actually worked
At the moment I have other things to work on, and the updates dont seem to add anything super extra for us so will just leave the version where it is for now. Let’s see if anything get’s fixed or added (the last guy who requested something it took 3 years for devs to do anything about it). Again starting to wonder why I pay for this software now.
Although you would say nothing changed, servers get upgraded, settings changed, etc. This is actually dealing with your Server and the way you setup the Certificate and has nothing to do with Manager. This is similar to SSL error after installing Manager Server edition on VPS server
