SES smtp not working

Hello,

I’m having trouble setting up AWS SES SMTP server in Octopus, see screenshot below for settings:

when I try to run a test with “Save and Test” the task runs indefinitely.

What I tested so far:
- ran a mail sending script on the Octopus server with the same settings and it worked,
- ran the same script from the Octopus Script Console and it ran successfully.

Going forward with the investigation, I’ve checked the raw logs and found out that I get the error below:

An error occurred while attempting to establish an SSL or TLS connection.

The SSL certificate presented by the server is not trusted by the system for one or more of the following reasons:

  1. The server is using a self-signed certificate which cannot be verified.
  2. The local system is missing a Root or Intermediate certificate needed to verify the server’s certificate.
  3. The certificate presented by the server is expired or invalid.

See MailKit/FAQ.md at master · jstedfast/MailKit · GitHub for possible solutions.
MailKit.Security.SslHandshakeException
at MailKit.Net.Smtp.SmtpClient.ConnectAsync(String host, Int32 port, SecureSocketOptions options, Boolean doAsync, CancellationToken cancellationToken)
at MailKit.Net.Smtp.SmtpClient.Connect(String host, Int32 port, SecureSocketOptions options, CancellationToken cancellationToken)
at Octopus.Core.Util.SmtpClient.SmtpClientWrapper.TryConnectToSMTPHost(SmtpConfiguration configuration, SmtpClient client, CancellationToken token) in SmtpClientWrapper.cs:line 101
at Nevermore.Transient.RetryPolicy.<>c__DisplayClass26_0.b__0()
at Nevermore.Transient.RetryPolicy.ExecuteAction[TResult](Func`1 func)
at Nevermore.Transient.RetryPolicy.ExecuteAction(Action action)
at Octopus.Core.Util.SmtpClient.SmtpClientWrapper.CreateSmtpClient(SmtpConfiguration configuration, CancellationToken token) in SmtpClientWrapper.cs:line 60
at Octopus.Core.Util.SmtpClient.SmtpClientWrapper.Send(SmtpConfiguration configuration, MailMessage message, CancellationToken token) in SmtpClientWrapper.cs:line 21
at Octopus.Server.Orchestration.ServerTasks.TestEmail.TestEmailTaskController.Execute() in TestEmailTaskController.cs:line 53
at Octopus.Server.Orchestration.ServerTasks.RunningTask.RunMainThread() in RunningTask.cs:line 129

–Inner Exception–
The remote certificate is invalid according to the validation procedure.
System.Security.Authentication.AuthenticationException
at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
at MailKit.Net.Smtp.SmtpClient.ConnectAsync(String host, Int32 port, SecureSocketOptions options, Boolean doAsync, CancellationToken cancellationToken)

Having this error I suspect that the CRL, OCSP servers are not reachable via a missing URL whitelist, do you happen to know where to look which CRL/OCSP servers are being used during this process?

Thanks!

Géza

Hey Géza,

Thanks for reaching out and all of the information.

I did a simple test on my end to see if I could replicate the behavior and each test worked with ports 25/465/587 as well as SSL/TLS in Yes and No. Screenshots of my setup and the test below:

One thing that might be allowing your script to work but not the SMTP test is that we use MailKit for sending mail, so it’s possible MailKit is triggering something in your network and that’s causing an issue. Is there anything in between your Octopus Server and the AWS server that might be intercepting the packets and causing an issue?

Please let me know what you think.

Best,
Jeremy

Hi @jeremy.miller,

actually I’ve managed to solve this one, so I’m sharing the info if someone else had the same issue:

Now it’s working.

Thanks for your time anyway :slight_smile:

Géza

1 Like

Hi Géza,

Thanks for letting me know and sharing your solution for others. You never know when someone else will run into the exact same issue.

I hope you have a great weekend and please let us know if you run into anything else you need help with.

Best,
Jeremy