Not logged in. · Lost password · Register
Forum: General Help and Support Installation and Configuration RSS
[RESOLVED] Using ProtonMail Bridge as the SMTP server
Avatar
druexmachina #1
Member for a month · 1 post
Group memberships: Members
Show profile · Link to this post
Subject: [RESOLVED] Using ProtonMail Bridge as the SMTP server
I'm documenting this for longevity as I didn't see anything relevant in the forum to this niche case.

Setup:
- DokuWiki on RaspberryPi (Raspbian Buster)
- ProtonMail Bridge on Windows PC (winpc-hostname, winpc-ipaddr)

NOTE: Ensure the password set in the DokuWiki SMTP Plugin config (auth_pass) is the one generated by ProtonMail Bridge, not the ProtonMail account password (similar to the setup for other clients).

NOTE: There are some security ramifications from disabling SSL peer name verification in the SMTP Plugin as shown below.

504 Gateway Timeout

Solution: Bridge only listens on localhost:1025 so winpc-ipaddr:1025 needs to be proxied to localhost:1025:

netsh interface portproxy add v4tov4 listenaddress=winpc-ipaddr listenport=1025 connectaddress=127.0.0.1 connectport=1025

Also, an incoming rule for port 1025 needs to be added to Windows Firewall.

DokuWiki error: 'There was an unexpected problem communicating with SMTP: Start TLS failed to enable crypto'

Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

Warning: stream_socket_enable_crypto(): Peer certificate CN='127.0.0.1' did not match expected CN='winpc-hostname'


Solution: The ProtonMail certificate needs to be imported to the certificate store. Also PHPMailer needs to be modified to use stream contexts so that peer name verification can be disabled for winpc-hostname

1. To troubleshoot, run:

openssl s_client -connect winpc-hostname:1025 -starttls smtp

2. Install package ca-certificates if not installed already.

3. Create a certificate in the certificate store (/usr/share/ca-certificates/) and paste in the server certificate obtained from the output of Step 1.

4. Reconfigure the ca-certificates package:

dpkg-reconfigure ca-certificates

Choose 'Ask' when prompted and activate the new certificate in the list that then pops up.

5. Edit [dokuwiki dir]/lib/plugins/smtp/subtree/txtthinking/Mailer/src/Mailer/SMTP.php

Find this line:

        $this->smtp = @fsockopen($host, $this->port);

Replace it with:

        $context = stream_context_create();
        stream_context_set_option($context, 'ssl', 'verify_peer_name', ($this->host == 'winpc-hostname') ? false : true);
        $this->smtp = stream_socket_client($host, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context);
This post was edited 2 times, last on 2020-02-03, 23:21 by druexmachina.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2020-02-17, 08:34:44 (UTC +01:00)