Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSL/TLS connection #142

Open
sagikazarmark opened this issue Jun 12, 2014 · 13 comments · May be fixed by #494
Open

SSL/TLS connection #142

sagikazarmark opened this issue Jun 12, 2014 · 13 comments · May be fixed by #494
Assignees
Labels

Comments

@sagikazarmark
Copy link

It would be great if secure connections could also be tested.

@sj26
Copy link
Owner

sj26 commented Jul 30, 2014

Agreed, this is going on the list.

@sj26 sj26 added this to the v0.6.0 milestone Jul 30, 2014
@ghuntley
Copy link

+1 would love to see this.

@chrispappas
Copy link

+1 would be very useful!

@styks1987
Copy link

+1 Yes, this would be very helpful.

@arosenhagen
Copy link

👍

@sj26 sj26 added the feature label Aug 10, 2016
@dominh
Copy link

dominh commented Jan 4, 2017

I'm not sure if I understand.
Consider a case:

  1. Someone sniffing SSL connection. HTTP content is encrypted so he see nothing.
  2. However he has access to TCP/IP so he can get address and port of the packet destination
  3. he go this address and this port and get all data which was hidden by SSL
    So isn't SSL pointless in mailcatcher?

@djmaze
Copy link

djmaze commented Jan 4, 2017

@dominh Mostly. It would be a little more difficult for the man-in-the-middle if he had to guess the right hostname, in case of a SNI configuration.

This feature makes sense in combination with an additional (basic) auth protection. That could be implemented in mailcatcher as well.

But why not just run a reverse proxy (e.g. nginx) in front of it? That can be configured to do both the SSL termination and basic auth.

@sj26
Copy link
Owner

sj26 commented Jan 5, 2017

This is not for HTTP, but for SMTP over TLS and STARTTLS, for testing your mail settings and libraries.

I agree that reverse proxying from nginx is better for HTTPS, and I wouldn't recommend exposing mailcatcher itself outside a development environment without something else acting as a proxy with authentication. :-)

@sj26 sj26 self-assigned this Apr 4, 2017
@sj26 sj26 modified the milestone: v0.7.0 Apr 4, 2017
@kajmagnus
Copy link

kajmagnus commented May 28, 2018

@dominh: TLS for MailCatcher is about testing only, in ones' dev env, not about real usage (to me at least).

In a prod env, TLS is required. And then it's good to be able to test, in one's dev/test env, that one's app server does work with TLS. For example, with Apache Commons Email, there're config values related to TLS, STARTTLS and SSL and port numbers, and nice to be able to verify that one's config is correct — e.g. by connecting to MailCatcher over TLS.

@TomFreudenberg
Copy link

Hello all,

I have added a new PR #386 tonight using the MidiSmtpServer gem. It will work as expected and allows STARTTLS as well as AUTH on SMTP. All checks have been passed.

Maybe you find this helpful.

Cheers
Tom

@tfactor2
Copy link

Hi,

So isn't this issue a duplicate of #386?

@TomFreudenberg
Copy link

TomFreudenberg commented Apr 5, 2021

Hi @tfactor2

It is not a duplicate because Samuel @sj26 won't accept the PR #386 from my side (check comment: #386 (comment))

So the issue for mailcatcher is stil open even when the PR had solved that and some other issues as well.

Nothing to wonder about - I am a bit sad about that - but it's Samuels project.

Cheers
Tom

@tfactor2
Copy link

Clear, thanks @TomFreudenberg,

BTW1: We decided to keep using mailcatcher despite the fact that on prod we are using TLS. To really test communication the mail server used for testing should be the same as the prod one. Out of TLS itself, there could be other things that may break, e.g. mismatch of TLS versions/ciphers. So, overcomplicating development configuration is kind of useless.

BTW2: For docker environments, I'd rather go towards standard linux smtp servers (e.g. exim4) and integrate simple webmail, see https://github.com/hauptmedia/docker-mailcatcher. It's quite trivial to add TLS there. IMHO and with all respect to the author of the project as without docker the sj26/mailcatcher it's indeed a very useful tool.

akostadinov added a commit to akostadinov/mailcatcher that referenced this issue Jan 4, 2022
@akostadinov akostadinov linked a pull request Jan 4, 2022 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.