TLS Connection Error SendMail tls: first record does not look like a TLS handshake

marutinandanpandya · May 14, 2019, 7:16am

I created an IAM User with SES access for SMTP in AWS. Even the test email fails with the following error.

{“level”:“error”,“ts”:1557817125.2576823,“caller”:“web/context.go:52”,“msg”:“Connection unsuccessful: SendMail: Failed to open TLS connection, tls: first record does not look like a TLS handshake”,“path”:“/api/v4/email/test”,“request_id”:“XXXnpxm97ffhzp9cgixiXXXXX”,“ip_addr”:“157.37.133.140”,“user_id”:“”,“method”:“POST”,“err_where”:“testEmail”,“http_code”:500,“err_details”:“”}

Enabled SMTP Auth is set to true
SMTP server: email-smtp.us.east-1.amazonaws.com
SMTP port: 587
SMTP username: User access_key
SMTP Password: secret_key
Connection is TLS

iam policy attached is

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ses:SendEmail",
                "ses:SendRawEmail"
            ],
            "Resource": "*"
        }
    ]
}

Mattermost Versions Test: 5.10, 5.9.1

amy.blais · May 14, 2019, 3:33pm

Hi @marutinandanpandya,

Wondering if this previous thread might help: [solved] TLS Connection Error SendMail Failed to Open TLS - on SES Amazon SMTP credentials in Config/Mattermost JSON?

marutinandanpandya · May 14, 2019, 3:59pm

Nope. Already saw that.
As the person mentioned he was testing with the wrong creds and fixing the creds solved the issue.

Same is not the case here, I created the IAM User specifically with SES access and yet the issue. (Also tried sending emails with user having administrative access, yet the same issue)

amy.blais · May 20, 2019, 2:49pm

Hi @marutinandanpandya, can you try using port 456 or 2456?

djangofan · March 29, 2020, 2:18am

I am having the exact same issue but there is not quite enough information on this thread to resolve me. I’m using AWS SES email service: email-smtp.us-east-1.amazonaws.com. I get 1 of a few errors:

TLS 587: Connection unsuccessful: Connection unsuccessful: SendMail: Failed to open TLS connection, tls: first record does not look like a TLS handshake
TLS 465: Connection unsuccessful: Connection unsuccessful: SendMail: Error setting “From Address”, 501 Invalid MAIL FROM address provided
TLS 25: hangs, and nothing shows up in the log
STARTTLS 465: times out and then says Connection unsuccessful: Connection unsuccessful: SendMail: Failed to open TLS connection, EOF

amy.blais · March 30, 2020, 12:31pm

What are your SMTP settings set to?

ahmaddanial · April 2, 2020, 6:22am

Hi, @djangofan

Let us troubleshoot this based on the information provided in the official SMTP Email Setup:

Set SMTP Username to [YOUR_SMTP_USERNAME]
Set SMTP Password to [YOUR_SMTP_PASSWORD]
Set SMTP Server to email-smtp.us-east-1.amazonaws.com
Set SMTP Port to 465
Set Connection Security to TLS

With reference to the following error that you are getting:

Let us take a look at your Mattermost email settings. Can you please run the following command on the terminal and provide the result with the sensitive information such as password redacted:

cat /opt/mattermost/config/config.json | grep -A29 "EmailSettings"

Also, are you getting those errors you listed when you click on the Test Connection button based on the combination of SMTP Server Port and Connection Security?

djangofan · June 20, 2020, 12:30am

Thank you @ahmaddanial

I finally figured out how to solve it.

My “Route 53” DNS record needed to be re-validated (via the SES settings) so that the corrrect DKIM entries (3 of them) were added to my DNS record. That , in combination with me using a AWS SES validated email was the first half of the trick.
Secondly, I needed to edit /opt/mattermost/config/config.json and add ReplyToAddress , FeedbackEmail, and FeedbackName. values (which my host DigitalOcean forgot to add for me)

Thank you. Happy to have it working.

ahmaddanial · June 21, 2020, 11:06pm

Hi, @djangofan

Excellent. Thank you for sharing the solution you performed on your end!

mksa · May 27, 2024, 10:26am

I’m getting the same error message. Here are the settings:

SMTP Server: smtp.mailersend.net
SMTP Server Port: 587
Enable SMTP Authentication: true
SMTP Server Username: <my username>
SMTP Server Password: <my password>
Connection Security: TLS (Recommended)
Skip Server Certificate Verification: false
Enable Security Alerts: true

Log event:

{
  "caller": "web/context.go:115",
  "err_where": "testEmail",
  "error": "testEmail: Connection unsuccessful: unable to connect to the SMTP server through TLS: tls: first record does not look like a TLS handshake",
  "http_code": 500,
  "ip_addr": "172.18.0.4",
  "level": "error",
  "method": "POST",
  "msg": "Connection unsuccessful: unable to connect to the SMTP server through TLS: tls: first record does not look like a TLS handshake",
  "path": "/api/v4/email/test",
  "request_id": "ziqfkwsfqp8ruxbbg9y6r3hb4e",
  "timestamp": "2024-05-27 10:03:37.666 Z",
  "user_id": "ezhhwcbtdiy13cyktd3qgy5xaa"
}

My SMTP server is okay because I have other services using it and it works fine.
I also checked the ReplyToAddress, FeedbackEmail and FeedbackName values which are set properly.

Topic		Replies	Views
[solved] TLS Connection Error SendMail Failed to Open TLS - on SES Amazon SMTP credentials in Config/Mattermost JSON Troubleshooting	3	3748	April 19, 2024
How to configure Email and TLS Troubleshooting	11	10899	September 3, 2015
SendMail: Failed to open TLS connection., tls: first record does not look like a TLS handshake Troubleshooting	0	1394	February 23, 2022
SMTP configuration with SES Troubleshooting	5	3384	July 18, 2019
Set up SMTP with AWS SES Troubleshooting	3	1903	April 2, 2020

TLS Connection Error SendMail tls: first record does not look like a TLS handshake

Related topics