Deno•3y ago

Outgoing connection over TLS (port 465) from the deno deployment is failing

I am trying to send an email via Gmail SMTP. The code is trying to connect to smtp.gmail.com on port 465. The connection fails with the error below. Locally, from my mac, the code works as expected.

Is it the limitation of the edge platform?

The error:

    at async Object.connectTls (ext:deno_net/02_tls.js:36:51)
    at async https://raw.githubusercontent.com/begoon/denomailer/main/client/basic/client.ts:25:16
    at async SMTPClient.send (https://raw.githubusercontent.com/begoon/denomailer/main/client/basic/client.ts:57:5)
    at async Module.send (file:///src/bot/emailer.ts:23:5)
    at async file:///src/main.ts:232:5
    at async dispatch (https://deno.land/x/oak@v12.6.0/middleware.ts:80:7)
    at async dispatch (https://deno.land/x/oak@v12.6.0/middleware.ts:80:7)
    at async dispatch (https://deno.land/x/oak@v12.6.0/middleware.ts:80:7)
    at async Application.#handleRequest (https://deno.land/x/oak@v12.6.0/application.ts:470:9)
8/31/2023, 6:40:49 PM
gcp-europe-southwest1
response: { status: 404, type: undefined, hasBody: false, writable: true }
8/31/2023, 6:40:49 PM
gcp-europe-southwest1

[uncaught application error]: ConnectionRefused - Connection refused (os error 111)

    at async Object.connectTls (ext:deno_net/02_tls.js:36:51)
    at async https://raw.githubusercontent.com/begoon/denomailer/main/client/basic/client.ts:25:16
    at async SMTPClient.send (https://raw.githubusercontent.com/begoon/denomailer/main/client/basic/client.ts:57:5)
    at async Module.send (file:///src/bot/emailer.ts:23:5)
    at async file:///src/main.ts:232:5
    at async dispatch (https://deno.land/x/oak@v12.6.0/middleware.ts:80:7)
    at async dispatch (https://deno.land/x/oak@v12.6.0/middleware.ts:80:7)
    at async dispatch (https://deno.land/x/oak@v12.6.0/middleware.ts:80:7)
    at async Application.#handleRequest (https://deno.land/x/oak@v12.6.0/application.ts:470:9)
8/31/2023, 6:40:49 PM
gcp-europe-southwest1
response: { status: 404, type: undefined, hasBody: false, writable: true }
8/31/2023, 6:40:49 PM
gcp-europe-southwest1

[uncaught application error]: ConnectionRefused - Connection refused (os error 111)

keving•8/31/23, 6:40 PM

I don’t have a reference, but I believe email ports are specifically blocked outgoing from Deno deploy (if that’s what you’re using)

Bairdy•8/31/23, 7:40 PM

It is very likely Deno Deploy has implemented Spam Guard for folks with similar goals as yours. Also, Deno Mailer - GitHub Issue #72 describes the developer having issues implementing "STARTTLS is currently broken..." and recommends using version 1.4.0. Most recently version 1.6.0 - STARTTLS fix was released, that being 7 months ago.

begoonOP•9/1/23, 1:15 AM

@suchislife801 I use 1.6.0. The code when running from my local development computer works normally. I even discovered the issue only when I deployed.

In theory, the edge runtime, which Deno Deploy hosting implements, should not allow socket connectivity at all. Only fetch-based network calls are allowed in edge functions. But in this case the code should fail with a missing function error or something. But here the error seems to come from the OS network layer, when the socket connection had in fact been attempted.

begoonOP•9/1/23, 6:47 AM

So far, I removed the email-sending part from my Deno Deploy deployment and instead created an endpoint at Vercel, which allows sending emails. That endpoint is in SvelteKit/TS, facilitating the "nodemailer" library. Now, my application at Deno Deploy calls that endpoint to send email instead of doing directly.

begoonOP•9/1/23, 6:49 AM

I'm tempted to just go with Vercel for the whole app. Vercel is great. But I would like to stick to Deno Deploy for a while because Deno Deploy is also great

mo.hasan•10/8/23, 11:35 AM

TBH, i don't get this... okay my app needs to send emails to customers, so what should i do? switch my entire cloud to be able to send an email?

lcasdev•10/9/23, 4:37 AM

You can use an email sender service like Postmark.

mo.hasan•10/9/23, 8:04 AM

@lucacasonato Thanks, i still rather not to pay for a service since i have it already working on my server. I'm moving to another cloud provider which is a shame because i really like Deno cloud!

mo.hasan•10/9/23, 8:06 AM

I would recommend looking into not blocking the ports by default for everyone, and instead have a better strategy that detects abuse in the run time and blocks the account if so.