On Sat, 18 Mar 2023 17:06:08 +0100 Dominique Dumont <d...@debian.org> wrote:
On Tue, 14 Feb 2023 22:21:26 +0100 Lee Garrett <deb...@rocketjump.eu> wrote:
> Bumped severity as this makes bts currently unusable, and probably
> breaks for quite a few DDs their workflow.
This does not break on my system where bts is connected to local sendmail
(which is the default setup).
Which hints at a workaround: have bts connect to local sendmail and have
sendmail forward the mail to the SMTPS server.
While this setup might work for some people, this has IMHO quite a few hefty
drawbacks and requires me to maintain a MTA on my local machine. I could
elaborate, but I don't think it's on-topic for this bug report.
The change mentioned by Daniel affects only a setup where the host if
configured via its IP address, not via a host name:
See the change in SSL.pm in commit
https://github.com/noxxi/p5-io-socket-ssl/commit/c0a063b70f0a3ad033da0a51923c65bd2ff118a0
While Daniel did mention this commit (which might or might not be related to the
issue), bts fails on a configured SMTPS hostname which otherwise correctly
validates with other MUA.
Which is not the case here:
$ perl -S -MDevel::SimpleTrace bts --smtp-host smtps://mail.wgdd.de usertag
1029588 + dod-test-with-tls
bts: failed to open SMTPS connection to smtps://mail.wgdd.de
(hostname verification failed)
at main::send_mail(mail.wgdd.de)
at main::mailbtsall(/usr/bin/bts:2839)
at main::(/usr/bin/bts:825)
Unfortunately, I can no longer investigate this issue as it looks like that my
IP address is now blacklisted on Daniel's server:
$ perl -MDevel::SimpleTrace scripts/bts.pl --smtp-host smtps://mail.wgdd.de
usertag 1029588 + dod-test-with-tls
bts.pl: failed to open SMTPS connection to smtps://mail.wgdd.de
(Connection refused)
at main::send_mail(mail.wgdd.de)
at main::mailbtsall(scripts/bts.pl:2849)
at main::(scripts/bts.pl:834)
On a hunch, I would guess that Daniel's server is configured to handle STARTTLS, which is not supported by bts. But I cannot verify this.
In any case this does not explain why Daniel sees bts working with libio-socket-ssl-perl 2.077 but not with 2.078.
I'm sure that bts supports STARTTLS. I am using bts with my MTA on 587/tcp,
which enforces STARTTLS and requires credentials (I just double-checked via
swaks). With the old libio-socket-ssl-perl 2.069-1 this works, so it's clearly a
regression.
All the best
Greetings,
Lee