Cant send mails per SMTP cause of "Wrong version number"

TigerdieKatze · October 8, 2024, 7:17pm

Problem to solve

If I want to send a mail per test command I get the following error:

My smtp server is a mailcow container that supports tls v1.2 and v1.3

Steps to reproduce

I did refer to the documentation for smtp using a mailcow server but that did also not work.

Configuration

TZ=Europe/Berlin
GITLAB_SMTP_PORT=587
GITLAB_SMTP_ENABLE=true
GITLAB_TIMEZONE=Europe/Berlin
GITLAB_STARTTLS_AUTO=false
GITLAB_SMTP_TLS=true
GITLAB_SMTP_AUTH=login
GITLAB_SMTP_SSL_VERFIY=none
GITLAB_SMTP_DOMAIN=mail.***
GITLAB_SMTP_USER_NAME=noreply@***
GITLAB_SMTP_PASSWORD=*******
GITLAB_EMAIL_FROM=noreply@***
GITLAB_EMAIL_REPLY_TO=noreply@***
GITLAB_SMTP_ADDRESS=mail.***

Versions

Please add an x whether options apply, and add the version information.

Self-managed
GitLab.com SaaS
Dedicated

Versions

17.4.1

dnsmichi · October 8, 2024, 7:51pm

What happens if you manually connect via TLS to the mailcow domain?

openssl s_client -showcerts -connect mail.mydomain.com:587

The wrong version number error can hide the real causes, sometimes this can be a self-signed certificate, or a missing CA certificate in the chain, or something else. I’d suggest isolating the problem – if the error is reproducible with other TLS clients, debug the mailcow container and refer to their community for help. If it is only GitLab, research the issue tracker for potential TLS or smtp bugs.

TigerdieKatze · October 8, 2024, 8:23pm

ah yea
then it probably is an error with my mailserver

CONNECTED(00000003)
40F764BA247F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:354:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 319 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

dnsmichi · October 8, 2024, 8:59pm

Ah. Another use case is that the client requests TLS, but the server does not support it and returns “empty” or “wrong version”.

Port 587 is used for implicit TLS with SMTP.

If that container network for GitLab and Mailcow containers uses a local bridge (i.e. in docker-compose), you could use the trusted port 25 for SMTP as well.

TigerdieKatze · October 8, 2024, 9:15pm

it was never a certificate error
i had special characters in my smtp password and it worked but gitlab couldnt use this password
and I could escape them because if I did the env assignment would fail

Topic		Replies	Views
SMTP fail to send email due to SSL wrong version number How to Use GitLab	1	32221	January 2, 2020
(OpenSSL::SSL::SSLError) SMTP Mails without TLS (Port 25) Infrastructure as Code & Cloud Native ssl , smtp	6	1903	May 4, 2023
GitLab Docker Compose SMTP Config not working Self-managed docker , smtp	3	3875	April 12, 2021
SSL error when sending mail via SMTP Self-managed configure , e-mail	3	4606	May 30, 2023
SMTP Issues Self-managed	5	186	July 15, 2024

Cant send mails per SMTP cause of "Wrong version number"

Problem to solve

Steps to reproduce

Configuration

Versions

Related topics