Using perl to send mail [SOLVED]

[audiodef]

I've been working on getting a perl script to send mail for the past few days. This is the closest I've gotten and I could use some advice. I have a working mail server set up with postfix and dovecot. Using sendmail isn't an option, since sendmail doesn't coexist with postfix on Gentoo.

There are some extra bits in there that I added to try to see what's going on - ignore those. I just want the mail part to work.

Code: Select all

#!/usr/bin/perl -w

use feature qw(say);
use strict;
use warnings;
use Net::SMTPS;
use LWP::UserAgent 6;
use Data::Dumper;
use utf8;
use Authen::SASL qw(Perl);

  my $ua = LWP::UserAgent->new;
  $ua->ssl_opts( SSL_hostname => '' );
  my $x = $ua->get("https://(servername)/");
  print Dumper($x);

my $smtp = Net::SMTPS->new(
    'smtp.(servername)',
    Port    => 587,
    Timeout => 20,
    Debug   => 1,
    doSSL   => 'starttls',
    SSL => 1,
    SSL_version=>'TLSv1',
);
die "Initialization failed: $!" if !defined $smtp;

my $sender = my $user = '(emailaddress)';
my $password = '(pw)';
say "Trying to authenticate..";
$smtp->auth( $user, $password, 'LOGIN'  ) or die "could not authenticate\n";

my $receiver = '(emailaddress)';
$smtp->mail( $sender );
$smtp->to( $receiver );
$smtp->data();
$smtp->datasend( "To: $receiver\n" );
$smtp->datasend( "From: $sender\n" );
$smtp->datasend( "Content-Type: text/html\n" );
$smtp->datasend( "Subject: Testing Net::SMTPS" );
$smtp->datasend( "\n" );
$smtp->datasend( 'The body of the email' );
$smtp->dataend();
$smtp->quit();
say "Done.";

Results in:

Code: Select all

Net::SMTPS>>> Net::SMTPS(0.09)
Net::SMTPS>>>   IO::Socket::IP(0.37)
Net::SMTPS>>>     IO::Socket(1.38)
Net::SMTPS>>>       IO::Handle(1.36)
Net::SMTPS>>>         Exporter(5.72)
Net::SMTPS>>>   Net::SMTP(3.08_01)
Net::SMTPS>>>     Net::Cmd(3.08_01)
Net::SMTPS=GLOB(0x1676198)<<< 220 serverdef.(servername)
Net::SMTPS=GLOB(0x1676198)>>> EHLO localhost.localdomain
Net::SMTPS=GLOB(0x1676198)<<< 250-serverdef.(servername)
Net::SMTPS=GLOB(0x1676198)<<< 250-PIPELINING
Net::SMTPS=GLOB(0x1676198)<<< 250-SIZE 10240000
Net::SMTPS=GLOB(0x1676198)<<< 250-VRFY
Net::SMTPS=GLOB(0x1676198)<<< 250-ETRN
Net::SMTPS=GLOB(0x1676198)<<< 250-STARTTLS
Net::SMTPS=GLOB(0x1676198)<<< 250-ENHANCEDSTATUSCODES
Net::SMTPS=GLOB(0x1676198)<<< 250-8BITMIME
Net::SMTPS=GLOB(0x1676198)<<< 250-DSN
Net::SMTPS=GLOB(0x1676198)<<< 250 SMTPUTF8
Net::SMTPS=GLOB(0x1676198)>>> STARTTLS
Net::SMTPS=GLOB(0x1676198)<<< 220 2.0.0 Ready to start TLS
DEBUG: .../IO/Socket/SSL.pm:792: local error: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
DEBUG: .../IO/Socket/SSL.pm:795: fatal SSL error: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

[mike155]

Your client wants to verify the server certificate which it received from the server. It can't do that, because you didn't specify the CA certificate.

Either specify the CA certificate or disable server certificate verification. See: https://metacpan.org/pod/IO::Socket::SSL.

[audiodef]

Thanks for the link. I don't know what I'm missing, but I've tried

Code: Select all

    SSL_hostname => '',

and

Code: Select all

    SSL_cert_file => '/etc/postfix/(servername).crt',
    SSL_key_file => '/etc/postfix/(servername).key',

which is the same path that postfix uses in main.cf. I'm still getting the same errmsg either way.

EDIT:

If I try

Code: Select all

SSL_ca_path => '/etc/postfix/',
SSL_cert_file => {
   "(tld)" => '(servername).(tld).crt',
   # used when nothing matches or client does not support SNI
   '' => 'default-cert.pem',
},
SSL_key_file => {
   "(tld)" => '(servername).(tld).key',
   # used when nothing matches or client does not support SNI
   '' => 'default-key.pem',
},

Code: Select all

SSL_cert_file (servername).(tld).crt can't be used: No such file or directory at /usr/lib64/perl5/vendor_perl/5.24.3/IO/Socket/SSL.pm line 2240.

[mike155]

No, it should be either:

Code: Select all

SSL_verify_mode => SSL_VERIFY_NONE

to disable server certificate validation or

Code: Select all

SSL_ca_path => '...', # typical CA path on Linux
SSL_ca_file => '...', # typical CA file on BSD

to specify the CA certificate file. Please note that CA certificate and server certificate are two different certificates.

You will find more details in section 'Common Usage Errors' of https://metacpan.org/pod/IO::Socket::SSL.

[audiodef]

SSL_verify_mode => 0 worked. I'm ok with this as the script is on the same machine as the mail server, so there should be no traffic to sniff.

Thanks!

[szatox]

I've been working on getting a perl script to send mail for the past few days. This is the closest I've gotten and I could use some advice. I have a working mail server set up with postfix and dovecot. Using sendmail isn't an option, since sendmail doesn't coexist with postfix on Gentoo.

I disagree. Postfix comes with some compatibility tools:

Code: Select all

# equery b $(which sendmail)
 * Searching for /usr/sbin/sendmail ... 
mail-mta/postfix-3.2.4 (/usr/sbin/sendmail)

Other tricks:
Adding localhost or even your server's own public address to mynetworks would let you send email without authentication (and encryption) without compromising security, at least as long as you're the only one allowed on that machine.
If you like simplicity of "mail" more than sendmail, it can be installed too. Also, there is a better alternative called "nail": makes sending attachments easy. The original mail couldn't do that without your help.
Bonus: this is a snippet from a working SSL configuration. Fullchain - provided by certbot - contains server's certificate followed by intermediate CA certificate. Root CA is redundant, since the client must already know it anyway.

Code: Select all

smtpd_tls_cert_file=/etc/letsencrypt/live/***/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/***/privkey.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtpd_tls_security_level = may

[audiodef]

Thanks, szatox. I only just noticed I have mynetworks commented out, and I don't remember why I did that. I am the only one allowed on this machine, so maybe I was troubleshooting at the time. Wish I'd thought to uncomment that line, might have saved me some legwork, but I did learn a few things, so it's all good.

I also noticed I have mailx installed. equery depends returns nothing, so it must have been something I was messing with at some time. I could unmerge it and emerge nail instead, and this might simplify my script. All I need to do is insert a simple mail fn at certain points to say "at this point something failed, go check it out."

I have self-signed certs for my mail server, but I did that before I learned about letsencrypt. It's only me on this machine, so not sure I'll fix what ain't broken, but certbot sure is handy. I use it to SSL all my sites.

Anyway, thanks, good tips.