Greasy Fork

For some reason I'm not receiving any emails when someone posts comment/feedback on my scripts.

Some email providers have a tough time accepting Greasy Fork's emails. You can try to see if this is the case by making it send you an email (by e.g. sending a password reset).

If you can get those emails but not script feedback emails, then I'll have to look into it more.

It seems the client (GF) requests unsupported protocol:

Sun 2023-10-01 03:13:55: [6144:1] Session 6144; child 1; thread 0
Sun 2023-10-01 03:13:55: [6144:1] Accepting SMTP connection from [xx.xx.xx.xx:34306] to [xx.xx.xx.xx:25]
Sun 2023-10-01 03:13:55: [6144:1] --> 220 xxx.xxx.xxx ESMTP MDaemon 11.0.2; Sun, 01 Oct 2023 03:13:55 -0400
Sun 2023-10-01 03:13:55: [6144:1] <-- EHLO mail.greasyfork.org
Sun 2023-10-01 03:13:55: [6144:1] EHLO/HELO response delayed 1 seconds
Sun 2023-10-01 03:13:56: [6144:1] --> 250-xxx.xxx.xxx Hello mail.greasyfork.org, pleased to meet you
Sun 2023-10-01 03:13:56: [6144:1] --> 250-ETRN
Sun 2023-10-01 03:13:56: [6144:1] --> 250-AUTH=LOGIN
Sun 2023-10-01 03:13:56: [6144:1] --> 250-AUTH LOGIN CRAM-MD5
Sun 2023-10-01 03:13:56: [6144:1] --> 250-8BITMIME
Sun 2023-10-01 03:13:56: [6144:1] --> 250-STARTTLS
Sun 2023-10-01 03:13:56: [6144:1] --> 250 SIZE
Sun 2023-10-01 03:13:56: [6144:1] <-- STARTTLS
Sun 2023-10-01 03:13:56: [6144:1] --> 220 Begin TLS negotiation
Sun 2023-10-01 03:13:56: [6144:1] * SSL error 0x80090302 The function requested is not supported
Sun 2023-10-01 03:13:56: [6144:1] SMTP session terminated (Bytes in/out: 332/3527)

What did you run/do to get that output?

It's my server's log

The errorcode (SSL error 0x80090302) just means that the GreasyFork SMTP library doesn't support certain features that the SMTP server TLS certificate requires. E.g. see this SAS support article. Upgrading the SSL library (OpenSSL) should fix this.

The server is fully up-to-date, including OpenSSL. It has strict security policy, but GF however requires older TLS1.0 protocol, which was depreciated 2 years ago.

GF however requires older TLS1.0 protocol

When I look at the headers of the emails the site send to my Gmail address, it shows that the connection was made with TLS 1.3:

Received: from mail.greasyfork.org (mail.greasyfork.org. [2600:3c01:e000:8f7::1])
        by mx.google.com with ESMTPS id e12-20020a65678c000000b00563d9ff5157si2065193pgr.547.2023.11.17.07.34.55
        for <jason.barnabe@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 17 Nov 2023 07:34:55 -0800 (PST)

What makes you think that Greasy Fork is using TLS 1.0? Just a guess?

I tried manually sending an email to your address. It seems to have worked.

Nov 22 03:05:56 mail postfix/pickup[3306053]: 784A6A8B31: uid=1001 from=<jason@greasyfork.org>
Nov 22 03:05:56 mail postfix/cleanup[3404368]: 784A6A8B31: message-id=<20231122030556.784A6A8B31@mail.greasyfork.org>
Nov 22 03:05:56 mail opendkim[679]: 784A6A8B31: DKIM-Signature field added (s=default, d=greasyfork.org)
Nov 22 03:05:56 mail postfix/qmgr[1993837]: 784A6A8B31: from=<jason@greasyfork.org>, size=306, nrcpt=1 (queue active)
Nov 22 03:06:01 mail postfix/smtp[3404371]: 784A6A8B31: to=<YOURUSER@YOURDOMAIN.EXAMPLE>, relay=YOURDOMAIN.EXAMPLE[YOURSERVERIP]:25, delay=4.6, delays=0.05/0.01/1.7/2.9, dsn=2.0.0, status=sent (250 Ok, message saved <Message-ID: 20231122030556.784A6A8B31@mail.greasyfork.org>)
Nov 22 03:06:01 mail postfix/bounce[3404472]: 784A6A8B31: sender delivery status notification: 1947AA8B33
Nov 22 03:06:01 mail postfix/qmgr[1993837]: 784A6A8B31: removed

Yes, it works now, after I relaxed server's requirements by enabling TLS1.0 (that's how I figured GF is using TLS1.0)

However, what's puzzling me now, is in my server's logs I see successful connections before changing any requirements:

Tue 2023-11-21 22:03:23: [1833:1] SSL negotiation successful (TLS 1.0, 384 bit key exchange, 256 bit  encryption)

TLS1.3 is not supported on my server, so it must be falling back to TLS1.0

But the weirdest thing is I couldn't find any entries in email server logs in past 5 years where any other TLS versions were used...huh?

I'm using postfix and it's configured with the default setting for smtp_tls_protocols of >=TLSv1. So it seems possible that it could use 1.3 and 1.0 but not sure why it would try just those and not 1.1 or 1.2.

It must be something on my end, since even gmail uses TLS1.0

When I test yourdomain:25 at https://www.immuniweb.com/ one of the results is "The TLS engine does not support a TLS version newer than TLSv1.0 and is outdated.".