Rocket.chat: SSL Verification SMTP Server since 0.56.0

Go to Administation->E-Mail->SMTP and try Protocol and Pool settings.

same problem here, in Protocol i only have the choice between smtp and smtps.

@sscholl already changed it to "smtp" and it checks the certificate...

@TheReal1604 in fact, the protocol should be smtps if you have self signed certs. maybe you could use letsencrypt to get valid ssl certs. I dont expect, that you will get support from the Rocket.Chat team for self signed certificates.

@sscholl dont want support exactly for this - but support for a function to disable this check.

We resolved it by changing the certificate. 👍

That means, this is a feature request for:
Adding posibility for disabling SMTPS Certificate Check

If the mail server is running on the same host and just listening on localhost, SSL might not make sense in all cases. SSL and smtp_auth should be optional. It should be possible to send mails just through localhost without smtp_auth and SSL.

And what does "pool" setting mean? I don't find any docs about this option.

In my setup I use a mail server running on localhost, which uses a smart relay to send out emails using TLS. If the smart relay is down or doesn't answer all emails a spooled locally, which I think is better option then sending directly to the smart host, because I'm not sure how RC handles such a situation. And in this setup I don't need SSL nor a certificate from a proper CA.

We have an unencrypted local SMTP server. With protocol set to 'smtp" and on port 25 we get "Error trying to send email: self-signed certificate"

Thanks Rocket.chat team for your hard work.

@sscholl , it shouldn't be a feature request, since AFAIK, unencypted SMTP isn't deprecated nor forbiden. Can you tell us the reason why you chose to force encrypted SMTP?

@colin-campbell you need a certificate signed from a proper CA. I my case I used the certificate from the webserver, which is not self signed. To my mind this is a little bit overkill for a locally running smtp, so there should be a way to send out emails without forcing TLS.

And what about an reply-to option for sending out emails. If an user answers and offline messages, I'd like to send that emails to a different address e.g. rocketchat-norelay, so one can just drop such emails and send out an autoresond email.

@localguru Why one earth would I need a certificate for SMTP on port 25 without STARTTLS? anyway I have a patch to fix it. I'll submit shortly.

thanks @colin-campbell !

@colin-campbell if your smtp really doesn't offer TLS your don't need a cert, right.

@localguru that is correct, but the [email protected]/node4mailer will starttls automatically even with 'smtp' selected then complain about "self-signed" certificate. My patch will add a setting in the interface and to process.env.MAIL_URL: "IgnoreTLS"

I'll close this issue, please test the next RC version and reopen it if necessary.