My mail server runs with a self signed certificate. So bts
, configured like this ...
BTS_SMTP_HOST=mail.wgdd.de:587 BTS_SMTP_AUTH_USERNAME='user' BTS_SMTP_AUTH_PASSWORD='pass'
...lately refused to send mails with this error:
bts: failed to open SMTP connection to mail.wgdd.de:587 (SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed)
After searching a bit, I found a way to fix this locally without turning off the server certificate verification. The fix belongs into the send_mail()
function. When calling the Net::SMTPS->new()
constructor, it is possible to add the fingerprint of my self signed certificate like this (bold):
if (have_smtps) { $smtp = Net::SMTPS->new($host, Port => $port, Hello => $smtphelo, doSSL => 'starttls', SSL_fingerprint => 'sha1$hex-fingerprint') or die "$progname: failed to open SMTP connection to $smtphost\n($@)\n"; } else { $smtp = Net::SMTP->new($host, Port => $port, Hello => $smtphelo) or die "$progname: failed to open SMTP connection to $smtphost\n($@)\n"; }
Pretty happy to being able to use the bts
command again.
I solved the same issue by just making my MTA use Let’s Encrypt, and that’s something I recommend you do too ;)
ReplyDelete