Go smtp.SendMail的X509证书问题
When using Go's smtp.SendMail to send an email to support@groupsio.zendesk.com, I get the following error:
x509: certificate is valid for mx.zendesk.com, www.mx.zendesk.com, not mail.pod-4.int.zendesk.com
Before calling SendMail, I do an MX lookup on groupsio.zendesk.com, which returns mail.pod-4.int.zendesk.com. So, the address I pass into SendMail is mail.pod-4.int.zendesk.com:25.
This used to work, but something broke and I can't figure out what's wrong. If I send a message to support@groupsio.zendesk.com from Gmail, it works fine.
在使用Go的smtp.SendMail将电子邮件发送到support@groupsio.zendesk.com时,出现以下错误 : p>
x509:证书对mx.zendesk.com,www.mx.zendesk.com有效,而不对mail.pod-4.int.zendesk.com p> 有效
在调用SendMail之前,我在groupsio.zendesk.com上进行了MX查找,该查询返回了mail.pod-4.int.zendesk.com。 因此,我传递给SendMail的地址是mail.pod-4.int.zendesk.com:25。 p>
这曾经有用,但是出现了问题,我不知道是什么 错误。 如果我从Gmail发送邮件到support@groupsio.zendesk.com,则可以正常工作。 p> div>
Using http://www.checktls.com/, it's clear that the Zendesk TLS cert is incorrect in that it doesn't specify that mail.pod-4 host. But, you can still use the cert to encrypt the message; you just may be susceptible to man-in-the-middle attacks.
The Go TLS library has a config flag, InsecureSkipVerify, that when set to true, will go ahead with this certificate/host combo. There's no way to specify that flag at the smtp.SendMail level. If you wish to go ahead and send the email anyways, you need to clone the smtp library, and within smtp.SendMail, on line 283, set the InsecureSkipVerify flag to true.
It's unclear to me if Gmail is functionally doing this, or if I'm missing a detail somewhere.