Kratos: Error sending verification email

larandersson · May 20, 2020, 7:47am

Hi,

I’m trying to use AWS SES as mail courier, and when the email verification is about to be sent, the following error occurs:

time="2020-04-07T09:38:29Z" level=error msg="Unable to send email using SMTP connection." error="tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config" [email protected] smtp_server="email-smtp.eu-central-1.amazonaws.com:587" smtp_ssl_enabled=true

Is there a configuration setting of some kind I can adjust to get around this problem, or is it just simply not possible to use AWS SES service for mail verifications?

Furthermore, where is the message_from coming from? In the config, I specify from_address with a completely different value, but that’s not being used?

Regards

Lars

hackerman · April 7, 2020, 10:15am

That should work, at least on latest master. Since you didn’t provide a version tag I assume you run 0.1.1-alpha.1.

Without your configuration I am not able to help.

Please consider opening a GitHub issue and using the provided issue template to fill out your bug report

larandersson · April 7, 2020, 10:35am

Thanks again for your answer.

Sorry, I should have included the version, of course. The image I’m using is oryd/kratos:v0.1.1, so the alpha is newer I assume, and I will update to that and see what ahappens.

The configuration for smtp is

connection_uri: smtps://<AWS SES USER>:<AWS SES PWD>@email-smtp.eu-central-1.amazonaws.com:587/

hackerman · April 7, 2020, 10:47am

Is the TLS certificate signed by a trusted CA? If not, did you install the CA Root Certificate on the server where Keto runs?

larandersson · April 7, 2020, 11:00am

Don’t know. I’ll have to dig into the AWS SES documentation to find out if there’s anything there that can tell me how to solve the problem.

larandersson · April 7, 2020, 12:04pm

After having done some more research, it appears that the easiest fix is to add skip_ssl_verify=true to the connection_uri config value as a query parameter. However, the from_address config value is still not being picked up.

larandersson · April 7, 2020, 1:58pm

Seems I stumbled upon this bug: https://github.com/ory/kratos/commit/ef95811bb891afe3a0ef3b19514f13a56a32ea3b#diff-2449a6ea083767b149400840c05f41bd

Changing the config key to stmp doesn’t work, because the config is validated against an internal schema called config.schema.json, so no work-around seems to be available, I guess? This is a real show-stopper since it prevents med from verifying identities, unless I a) switch to another mail sending solution and hope for the best, or b) build the project myself. Unfortunately, AWS does not allow sending mails from addresses that hasn’t been verified, but being in AWS it kind of makes more sense to use their service than to run an SMTP server of my own.

When is the next release scheduled?

hackerman · April 7, 2020, 2:23pm

Most likely within this month

larandersson · April 7, 2020, 6:14pm

Unfortunately, I can’t wait, so I built the image from the master branch myself. Took a while to figure out how to do it on Windows, but having modified the makefile and dockerfile a bit it seem to work. Will see tomorrow when I continue if I succeeded or not.

hackerman · April 8, 2020, 1:49pm

Yeah, that’s the other option. If you don’t need SQLite you can omit -tags sqlite and then you don’t need CGO