Stuck setting up SMTP, TLS issues

Hi,

Likely a noob issue, apologies! I’ve been trying to migrate from a simple SendGrid Swoosh adaptor to an SMTP one, as I’ve switched over to Zoho mail. I can’t get an email to fire, but I can get it to work using a simple Python script, so I know the account setup and auth stuff is fine, I just can’t get Phoenix working with me. I’m deep in the rabbit hole of trying things I’m finding through AI or this forum and GitHub, without knowing what I’m really doing (never configured SMTP before)

I continue to get the following error, I’m using the register account email generated by phx auth.

{:error, {:retries_exceeded, {:temporary_failure, ~c"185.230.214.164", :tls_failed}}}

I’ve got this in my dev.exs

config :swoosh, :api_client, false

config :embernotes, Embernotes.Mailer,
  adapter: Swoosh.Adapters.SMTP,
  relay: "smtp.zoho.eu",
  username: "username",
  password: "password",
  port: 587,
  ssl: false,
  tls: :always,
  auth: :always,
  tls_options: [
    verify: :verify_peer,
    versions: ["tlsv1.3"],
    cacerts: :public_key.cacerts_get(),
    depth: 99
  ]

Those tls options are things I’ve found online. Even without them I get the same issue. I hope releasing to Prod isn’t much more difficult than getting this done on dev

From the Zoho docs

SMTP Configuration settings for Zoho Mail - TLS
Outgoing Server Settings: (Personal users with an email address as username@zohomail.com and and Free Organization users):

Outgoing Server Name: smtp.zoho.eu
Port: 587
Security Type: TLS 

Require Authentication: Yes. The email address should match the email address/ email aliases of the account, for which the authentication details are provided. 

Any help or direction is appreciated. Thanks!

@stefannovak

Do you get any warnings from Erlang before this :retries_exceeded error?

The options don‘t do well separating starttls from fully tls connections.

But Zoho seems to be “normal” STARTTLS

# doesn't work
$ openssl s_client -connect smtp.zoho.eu:587

# works
$ openssl s_client -starttls smtp -crlf -connect smtp.zoho.eu:587

So I would try this config:

config :embernotes, Embernotes.Mailer,
  adapter: Swoosh.Adapters.SMTP,
  relay: "smtp.zoho.eu",
  username: "username",
  password: "password",
  port: 587,
  ssl: false,
  tls: :always,
  auth: :always,
  tls_options: [
    versions: [:"tlsv1.3"],
    verify: :verify_peer,
    cacerts: :public_key.cacerts_get(),
    server_name_indication: ~c"smtp.zoho.eu", # this is new
    customize_hostname_check: [ # and this is new
      match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
    ],
    depth: 99
  ]

And if it doesn’t work, maybe middlebox_comp_mode: false could be added:

config :embernotes, Embernotes.Mailer,
  adapter: Swoosh.Adapters.SMTP,
  relay: "smtp.zoho.eu",
  username: "username",
  password: "password",
  port: 587,
  ssl: false,
  tls: :always,
  auth: :always,
  tls_options: [
    versions: [:"tlsv1.3"],
    verify: :verify_peer,
    cacerts: :public_key.cacerts_get(),
    server_name_indication: ~c"smtp.zoho.eu",
    customize_hostname_check: [
      match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
    ],
    middlebox_comp_mode: false, # this is new
    depth: 99
  ]

EDIT: added customize_hostname_check

Yeah, providers do just as badly in differenciating it seems.

Hey guys thanks for the responses!

No Erlang error before this error, it’s just a GenServer crashing when it occurs after trying to send an email.

[error] GenServer #PID<0.1442.0> terminating
** (MatchError) no match of right hand side value: {:error, {:retries_exceeded, {:missing_requirement, ~c"185.230.214.164", :auth}}}```

EDIT: Wrong result pasted, it was the same error as in the original post.

Adding those two tls_options, server_name_indication and middlebox_comp_mode still result in the same error.

If it’s any interest, the Python setup for SMTP looked like this

# SMTP Config
smtp_server = "smtp.zoho.eu"
smtp_port = 587
smtp_user = "username"
smtp_password = "password"

try:
    with smtplib.SMTP(smtp_server, smtp_port) as server:
        server.starttls()
        server.login(smtp_user, smtp_password)
        server.send_message(msg)
        print("✅ Email sent successfully!")
except Exception as e:
    print(f"❌ Failed to send email: {e}")

I wrote that after failing to get an elixir script going, just wanted to see if any other language/framework could get it working, which made me believe it’s a Phoenix specific issue.

I wonder if you could try Mua adapter, in the very least it would show the actual error message: Swoosh.Adapters.Mua — Swoosh v1.18.3 (note the extra deps)

config :embernotes, Embernotes.Mailer,
  adapter: Swoosh.Adapters.Mua
  relay: "smtp.zoho.eu",
  auth: [username: "username", password: "password"],
  port: 587

Highly unlikely, most probably the option for authentication you are trying to use is invalid or unsupported by the server. If python allows it, have it run in debug mode so it shows the full logs that happen when talking with the server.

Oh, actually the new error is different, so one of the tls_options worked

The error now is {:missing_requirement, ~c"185.230.214.164", :auth} and before it was {:temporary_failure, ~c"185.230.214.164", :tls_failed}, so now it’s about :username and :password options.

Mua worked!

But WHY haha

Sorry, i didn’t mean Phoenix itself, just my configuration with it

Apologies, I pasted the wrong thing. I was experimenting with turning TLS off (frustration i guess haha) and pasted that result in, instead of the usual :tls_failed error

You most probably got temporarily banned after many failed attempts to connect.

Trimming it down to

config :embernotes, Embernotes.Mailer,
  adapter: Swoosh.Adapters.Mua,
  relay: "smtp.zoho.eu",
  auth: [username: "username", password: "password"],
  port: 587,
  ssl: false,
  tls: :always,
  auth: :always

works for me now. Bit annoying though.

Mua doesn’t support the extra options you added

And I am a bit surprised ssl: false and auth: :always worked …

I am totally baffled lol, happy to dig into why at another date. Thanks for all the help!

I remember it was a pain for me as well at one point, but I got it to work in one of my projects with the following config:

  config :my_app, MyApp.Mailer,
    adapter: Swoosh.Adapters.SMTP,
    relay: System.fetch_env!("SMTP_SERVER"),
    username: System.fetch_env!("SMTP_USERNAME"),
    password: System.fetch_env!("SMTP_PASSWORD"),
    ssl: false,
    tls: :always,
    tls_options: [verify: :verify_none],
    auth: :always,
    port: System.fetch_env!("SMTP_PORT"),
    retries: 2,
    no_mx_lookups: false

That’s not validating TLS though, which is not a great idea.

Yeah I forget the whole reason why it ended up like this, it might have been something with the provider perhaps. It is a small hobby project anyways – good enough for me

My config for iCloud looks like this:

config :myapp, MyApp.Mailer,
    adapter: Swoosh.Adapters.SMTP,
    relay: relay,
    port: 587,
    username: systemd_read_cred.("stmp_username"),
    password: systemd_read_cred.("stmp_password"),
    tls: :always,
    tls_options: [
      versions: [:"tlsv1.3"],
      verify: :verify_peer,
      cacerts: :public_key.cacerts_get(),
      server_name_indication: ~c"#{relay}",
      depth: 99
    ]