***UPDATES - Office365 SSL EMail Issue

JoseSalviati · Post by **JoseSalviati** » 23 Aug 2013, 16:28

Using OTRS/ITSM 3.2.7
Windows7 & mySQL

Mail is configured:
SMTPTLS
/usr/sbin/sendmail -i -f
smtp.office365.com
Port: 587
username: (email addresses)

Sender email address: (as above)

Incoming Mail
Type: IMAPS
outlook.office365.com
Inbox
Trusted: No

PerlEx-Err log shows the following:

*** 'C:\otrs\OTRS\bin\cgi-bin\index.pl' log message at: 2013/08/23 07:23:19
[Fri Aug 23 07:23:13 2013] -e: *******************************************************************
[Fri Aug 23 07:23:13 2013] -e: Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
[Fri Aug 23 07:23:13 2013] -e: is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
[Fri Aug 23 07:23:13 2013] -e: together with SSL_ca_file|SSL_ca_path for verification.
[Fri Aug 23 07:23:13 2013] -e: If you really don't want to verify the certificate and keep the
[Fri Aug 23 07:23:13 2013] -e: connection open to Man-In-The-Middle attacks please set
[Fri Aug 23 07:23:13 2013] -e: SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
[Fri Aug 23 07:23:13 2013] -e: *******************************************************************
[Fri Aug 23 07:23:13 2013] -e: at C:/otrs/OTRS/bin/cgi-bin/../../Kernel/cpan-lib/Net/SMTP/TLS/ButMaintained.pm line 113.

My question: How do I get Office365 which requires SSL to work with OTRS? Thank you!

***UPDATE

I found this - tried it - but nothing changed. I was unable to downgrade my version of IO-SOCKET-SSL - just not a simple and intuitive option using ActivePerl

Error: Default SSL_verify_mode deprecated
Email test fails with the following error:
>>>> FAILURE Sending e-mail to some@address -
*******************************************************************
Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
is depreciated! Please set SSL_verify_mode to SSL_VERIFY_PEER
together with SSL_ca_file|SSL_ca_path for verification.
If you really don't want to verify the certificate and keep the
connection open to Man-In-The-Middle attacks please set
SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
*******************************************************************
This is an issue introduced in a version 1.79 of CPAN:IO::Socket::SSL. In order to prevent "Man-In-The-Middle" attacks, it's important that a client verify the certificate presented by the server. The authors of IO::Socket::SSL have made this change to force a conscious decision to not verify the server's certificate rather than defaulting to an insecure solution. Unfortunately Net::SMTP and Net::SMTP::SSL don't support these options.
The following solutions are possible:
Downgrade IO::Socket::SSL to 1.78
Ex. using App::cpanminus, run the following: cpanm http://cpan.metacpan.org/authors/id/S/S ... .78.tar.gz
OR Find and edit your local copy of Net::SMTP and insert an option:
...
LocalPort => $arg{LocalPort},
Proto => 'tcp',
SSL_verify_mode => 0, <======== INSERT THIS LINE
Timeout => defined $arg{Timeout}
? $arg{Timeout}
...

*** SECOND UPDATE

I was able to install 1.78 but oddly enough, it stayed along with version 1.84 and the error remains. One thing I noticed is that the listed area is different for each package. 1.84 has an area listed as "perl" where 1.78 is "site".