trying to get e-mail notifications to work with the following config:
version: '3'
services:
watchtower:
container_name: watchtower
restart: always
image: containrrr/watchtower
environment:
- WATCHTOWER_NOTIFICATIONS=email
- [email protected]
- [email protected]
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER=host.domain.tld
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=email_username
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=email_password
- WATCHTOWER_NOTIFICATION_EMAIL_DELAY=2
- TZ=America/New_York
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command: --debug --interval 300 --cleanup --label-enable
However I'm getting the following error:
Failed to send notification email: 504 5.7.4 Unrecognized authentication type
I'm guessing this is a smtp auth TLS type of issue. I didn't see an option to set TLS or SSL in watchtower.
I would appreciate some help.
Hi there! 馃憢馃徏 As you're new to this repo, we'd like to suggest that you read our code of conduct as well as our contribution guidelines. Thanks a bunch for opening your first issue! 馃檹
Out of curiosity: Does it work if you skip the TLS verification? --notification-email-server-tls-skip-verify
In docker-compose.yml file I added the following:
WATCHTOWER_NOTIFICATION_EMAIL_SERVER_TLS_SKIP_VERIFY=yes
but I'm still having the same problem
As @piksel stated in https://github.com/containrrr/watchtower/issues/492#issuecomment-608553364, watchtower uses the go smtp library, which does not allow plain auth over unsecure connections, unless to localhost.
Is the email provider you're trying to integrate with actually serving tls/ssl connections on the port you specified?
It certainly is:
$ openssl s_client -starttls smtp -connect host.domain.tld:587
CONNECTED(00000005)
...
---
No client certificate CA names sent
Peer signing digest: SHA1
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5863 bytes and written 529 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-SHA256
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-SHA256
Session-ID: 781E000041ABDA51D0859E1E5503BBA6FD3B58A874465541E0AC319EFA81657B
Session-ID-ctx:
Master-Key: A46C9C59ACE7DE5BE098E18AE2A3DDB62F5F48A32882E8EB622A2E798F7D6171CEA785A1144653DAAAA0DA2F98400D35
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1585997102
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
250 CHUNKING
I'm not sure which provider @deeztek is using but this same issue occurs with Office365 / outlook.com's smtp mail server.
O365 is my provider also
Yep, it turns out that O365 doesn't support PLAIN authentication (which is what net/smtp supports):
250 SMTPUTF8
EHLO fnizhej
250-LO2P265CA0068.outlook.office365.com Hello [RE.DA.CT.ED]
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-AUTH LOGIN XOAUTH2
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8
Found the following statement.
Not sure why they think that sending USER\r\nPASS\r\n is so much more secure than sending \0USER\0PASS\0
Since #470 was merged, this will be fixed when shoutrrr gains Office365 support.
Not clear on this, but does watchtower support smtp relay with no authentication over 25?
I think that should work, it's the PLAIN authentication method that refuses to send the credentials over an unencrypted channel. I have not tried it though.
Yep the following docker-compose config works for unauthenticated SMTP relay over 25:
environment:
- WATCHTOWER_NOTIFICATIONS=email
- [email protected]
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER=smtp.domain.tld
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=25
- WATCHTOWER_NOTIFICATION_EMAIL_DELAY=2
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Most helpful comment
Yep the following docker-compose config works for unauthenticated SMTP relay over 25: