0

When I run the following command to send email through an SMTP server, it works fine as root but does not as any other user. Domains, emails and password have been redacted.

curl -v -u noreply@XXXXXX.com:PASSWORD --url 'smtp://SMPT.SERVER.COM:587' --ssl-reqd \
  --mail-from 'noreply@XXXXXX.com:PASSWORD' \
  --mail-rcpt 'user@example.com' \
  --upload-file email.txt

The output I'm seeing from the failed request is:

> STARTTLS
< 220 TLS go ahead
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Server certificate:
*       subject: CN=server.MYSERVERDOMAIN.com,OU=PositiveSSL,OU=Domain Control Validated
*       start date: Oct 11 00:00:00 2019 GMT
*       expire date: Oct 10 23:59:59 2020 GMT
*       common name: server.MYSERVERDOMAIN.com
*       issuer: CN="cPanel, Inc. Certification Authority",O="cPanel, Inc.",L=Houston,ST=TX,C=US
* NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN)
* Unable to communicate securely with peer: requested domain name does not match the server's certificate.
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.

I've tried searching high and low but nothing has worked to fix this. What's going on and how do I fix this?

Scott
  • 13
  • 3
  • is the host name proper for the cert? – Daniel A. White Jun 01 '20 at 23:58
  • Are you asking if there is a valid cert at server.MYSERVERDOMAIN.com? If so, yes and it comes back clean from online ssl checkers. – Scott Jun 02 '20 at 00:00
  • well it looks like possibly the `SMPT.SERVER.COM` is returning the cert for server.MYSERVERDOMAIN.com – Daniel A. White Jun 02 '20 at 00:12
  • I'm not sure what to do with that. Either way, why would the command work as root but not as a normal (not jailed) account user? – Scott Jun 02 '20 at 00:15
  • its a misconfiguration on the server, not locally. – Daniel A. White Jun 02 '20 at 00:16
  • I just tested that by logging into a completely different server and running the command, not as root, and it runs fine. The issue is definitely something local. – Scott Jun 02 '20 at 00:18
  • perhaps you should check out your local certifcate store and check for any updates to curl. – Daniel A. White Jun 02 '20 at 00:19
  • This ended up being a WHM/cPanel restriction. Fixed by following https://stackoverflow.com/questions/14297264/password-not-accepted-from-server-535-incorrect-authentication-data-when-send/44564332#44564332 – Scott Jun 02 '20 at 02:44

0 Answers0