Anvil standalone server STARTTLS SMTP

Anvil Q&A
1

Hi All,

I’d appreciate it if anyone confirm that Anvil standalone server works fine with starttls connection to custom Mail server in your environment.

I can’t set up Anvil standalone app server to authorize on email server (MS Exchange 2019) with starttls.
Anvil standalone server does not initialize starttls session, It sends anonymous request (see logs).
As result Anvil error:

anvil.email.SendFailure: 530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM
 (SMTPSendFailedException). You have enabled Custom SMTP for email sending - did you configure it correctly? You may need to provide a valid from_address.

Respond from Mail server:

'530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM'
  • Credentials are correct. Anvil Cloud works fine.
  • I`ve tried to start Anvil app with config file (–config-file FILENAME )
smtp-host: %Mail server FQDN%
smtp-port: 587
smtp-encryption: starttls
smtp_user: % USERNAME %
smtp_password: % PASSWORD %
smtp-server-port: 25

%%- real date has been removed from logs\config file

  • I’ve tried with “–smtp-encryption starttls” as option for starting Anvil app.

  • Versions:
    anvil-app-server 1.10.1
    anvil-uplink 0.4.2
    Python: 3.10

Email server logs:
Connection from Anvil Cloud (works fine):

2023-11-21T01:22:47.784Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,0,10.168.1.100:587,18.135.76.16:46930,+,,
2023-11-21T01:22:47.785Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,1,10.168.1.100:587,18.135.76.16:46930,>,"220 %Mail server FQDN% Microsoft ESMTP MAIL Service ready at Tue, 21 Nov 2023 04:22:46 +0300",
2023-11-21T01:22:47.838Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,2,10.168.1.100:587,18.135.76.16:46930,<,EHLO 4bc7df1a7bae,
2023-11-21T01:22:47.839Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,3,10.168.1.100:587,18.135.76.16:46930,>,250  %Mail server FQDN% Hello [18.135.76.16] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS AUTH GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING,
2023-11-21T01:22:47.892Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,4,10.168.1.100:587,18.135.76.16:46930,<,STARTTLS,
2023-11-21T01:22:47.892Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,5,10.168.1.100:587,18.135.76.16:46930,>,220 2.0.0 SMTP server ready,
2023-11-21T01:22:47.892Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,6,10.168.1.100:587,18.135.76.16:46930,*," CN=%Mail server FQDN% CN=R3, O=Let's Encrypt, C=US 038B6AC48877EEA89451542CFE4FC80FA2CA A316DD786E7F38CAFD49EB0E3A8ECCAAB449DCE1 2023-10-02T11:48:20.000Z 2023-12-31T11:48:19.000Z %Mail server FQDN%;autodiscover.%Mail server FQDN%",Sending certificate Subject Issuer name Serial number Thumbprint Not before Not after Subject alternate names
2023-11-21T01:22:48.074Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,7,10.168.1.100:587,18.135.76.16:46930,*,,"TLS protocol SP_PROT_TLS1_2_SERVER negotiation succeeded using bulk encryption algorithm CALG_AES_128 with strength 128 bits, MAC hash algorithm CALG_SHA_256 with strength 0 bits and key exchange algorithm CALG_ECDH_EPHEM with strength 256 bits"
2023-11-21T01:22:48.074Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,8,10.168.1.100:587,18.135.76.16:46930,<,EHLO 4bc7df1a7bae,
2023-11-21T01:22:48.074Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,9,10.168.1.100:587,18.135.76.16:46930,*,,Client certificate chain validation status: 'EmptyCertificate'
2023-11-21T01:22:48.074Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,10,10.168.1.100:587,18.135.76.16:46930,*,,TlsDomainCapabilities='None'; Status='NoRemoteCertificate'
2023-11-21T01:22:48.075Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,11,10.168.1.100:587,18.135.76.16:46930,>,250  %Mail server FQDN% Hello [18.135.76.16] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES AUTH GSSAPI NTLM LOGIN 8BITMIME BINARYMIME CHUNKING,
2023-11-21T01:22:48.128Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,12,10.168.1.100:587,18.135.76.16:46930,<,AUTH LOGIN,
2023-11-21T01:22:48.128Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,13,10.168.1.100:587,18.135.76.16:46930,>,334 <authentication response>,
2023-11-21T01:22:48.183Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,14,10.168.1.100:587,18.135.76.16:46930,>,334 <authentication response>,
2023-11-21T01:22:48.350Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,15,10.168.1.100:587,18.135.76.16:46930,*,SMTPSubmit SMTPAcceptAnyRecipient BypassAntiSpam AcceptRoutingHeaders,Set Session Permissions
2023-11-21T01:22:48.350Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,16,10.168.1.100:587,18.135.76.16:46930,*,hrsystem,authenticated
2023-11-21T01:22:48.350Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,17,10.168.1.100:587,18.135.76.16:46930,*,,ASyncBackendLocator.BeginGetDatabaseToServerMappingInfo for user % USERNAME %.
2023-11-21T01:22:48.365Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,18,10.168.1.100:587,18.135.76.16:46930,*,,AsyncBackendLocator.EndGetDatabaseToServerMappingInfo for user % USERNAME %
2023-11-21T01:22:48.365Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,19,10.168.1.100:587,18.135.76.16:46930,*,,Setting up client proxy session to destination(s): %internal Mail server FQDN%
2023-11-21T01:22:48.457Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,20,10.168.1.100:587,18.135.76.16:46930,*,,Proxy session was successfully set up. Session forhrsystem will now be proxied
2023-11-21T01:22:48.458Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,21,10.168.1.100:587,18.135.76.16:46930,>,235 2.7.0 Authentication successful,
2023-11-21T01:22:48.623Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C7B,22,10.168.1.100:587,18.135.76.16:46930,-,,Local

Connection from Anvil standalone server:

2023-11-21T01:26:40.073Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C87,0,10.168.1.100:587,139.138.209.213:17541,+,,
2023-11-21T01:26:40.074Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C87,1,10.168.1.100:587,139.138.209.213:17541,>,"220 %Mail server FQDN% Microsoft ESMTP MAIL Service ready at Tue, 21 Nov 2023 04:26:40 +0300",
2023-11-21T01:26:40.191Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C87,2,10.168.1.100:587,139.138.209.213:17541,<,EHLO AnvilSRV.local,
2023-11-21T01:26:40.192Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C87,3,10.168.1.100:587,139.138.209.213:17541,>,250  %Mail server FQDN% Hello [139.138.209.213] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS AUTH GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING,
2023-11-21T01:26:42.311Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C87,4,10.168.1.100:587,139.138.209.213:17541,<,MAIL FROM:<% USERNAME %>,
2023-11-21T01:26:42.311Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C87,5,10.168.1.100:587,139.138.209.213:17541,*,Tarpit for '0.00:00:05' due to '530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM',
2023-11-21T01:26:47.322Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C87,6,10.168.1.100:587,139.138.209.213:17541,>,530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM,
2023-11-21T01:26:47.322Z,MAIL001\Client Frontend MAIL001,08DB56AE7A8E6C87,7,10.168.1.100:587,139.138.209.213:17541,-,,Local

PS.
Anvil Cloud. Custom EMail server Encryption settings.
Interface doesn`t show saved encryption settings if reopen the page.
It shows - Encryption :None

Thank you.