Enabling SMTP defaults enable_start_tls to true

[dgags]

What version of fleet are you using (fleet version --full)?

fleet - version 2.1.0 branch: master revision: ab948beb718230483c12b84995f79034eb3f0777 build date: 2019-04-09T18:31:16Z build user: zwass go version: go1.11.5

What operating system are you using?

[fleet@fleet ~]$ cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [fleet@fleet ~]$

What did you do?

When configuring SMTP Options, I was getting an error: sending mail: startTLS error: x509: certificate signed by unknown authority in spite of unchecking Use SSL/TLS to connect (recommended)

What did you expect to see?

I hoped to see: SMTP Options STATUS:CONFIGURED

What did you see instead?

sending mail: startTLS error: x509: certificate signed by unknown authority

Additional info:

Our environment has a protected open mail relay that listens on port 25. My configuration consisted of: Sender Address: [email protected] SMTP Server: mailrelay.mydomain.com 25 and Use SSL/TLS to connect (recommended) Unchecked.

I moseyed on over to the #kolide channel on osquery.slack.com and got some very pointed help from groob. He quickly identified that enable_start_tls is likely defaulted to true, and is also not being sent from the javascript frontend. He pointed to this to confirm his suspicions and directed me to open the developer tools in my browser (chrome for me) and get the cUrl equivalent and add "enable_start_tls":false in the json payload as a work around, which worked wonderfully.