doucang2831
2014-09-22 17:29
浏览 295
已采纳

Go smtp.SendMail的X509证书问题

When using Go's smtp.SendMail to send an email to support@groupsio.zendesk.com, I get the following error:

x509: certificate is valid for mx.zendesk.com, www.mx.zendesk.com, not mail.pod-4.int.zendesk.com

Before calling SendMail, I do an MX lookup on groupsio.zendesk.com, which returns mail.pod-4.int.zendesk.com. So, the address I pass into SendMail is mail.pod-4.int.zendesk.com:25.

This used to work, but something broke and I can't figure out what's wrong. If I send a message to support@groupsio.zendesk.com from Gmail, it works fine.

图片转代码服务由CSDN问答提供 功能建议

在使用Go的smtp.SendMail将电子邮件发送到support@groupsio.zendesk.com时,出现以下错误 :

x509:证书对mx.zendesk.com,www.mx.zendesk.com有效,而不对mail.pod-4.int.zendesk.com 有效

在调用SendMail之前,我在groupsio.zendesk.com上进行了MX查找,该查询返回了mail.pod-4.int.zendesk.com。 因此,我传递给SendMail的地址是mail.pod-4.int.zendesk.com:25。

这曾经有用,但是出现了问题,我不知道是什么 错误。 如果我从Gmail发送邮件到support@groupsio.zendesk.com,则可以正常工作。

  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongwen7187 2014-09-22 20:01
    已采纳

    Using http://www.checktls.com/, it's clear that the Zendesk TLS cert is incorrect in that it doesn't specify that mail.pod-4 host. But, you can still use the cert to encrypt the message; you just may be susceptible to man-in-the-middle attacks.

    The Go TLS library has a config flag, InsecureSkipVerify, that when set to true, will go ahead with this certificate/host combo. There's no way to specify that flag at the smtp.SendMail level. If you wish to go ahead and send the email anyways, you need to clone the smtp library, and within smtp.SendMail, on line 283, set the InsecureSkipVerify flag to true.

    It's unclear to me if Gmail is functionally doing this, or if I'm missing a detail somewhere.

    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题