Ghost Debugging 6: Dealing with SMTP

Previously in Ghost Debugging 5: Capturing Network Packets, we saw how to collect packets remotely and process them locally with Wireshark. We were able to capture SMTP packets but, because the our mail server's certificates are private, we cannot add them to Wireshark.

We have two choices:

  1. Use a mock SMTP service that allows you to control certificates and use those certs in Wireshark to decode encrypted packets.
  2. Disable encryption and capture packets in the clear.

Let's disable encryption.

The mechanism to do so is in the Ghost source code, version 5.47.1, line 107 of this file:  file:// /var/www/ghost/versions/5.47.1/node_modules/ nodemailer/lib/smtp-connection/index.js:

Code that determines TLS or clear SMTP connection

Load the file into the debugger using Chrome DevTools cmd+P and typing the full path. Set a break point on line 107: this.secure = !!this.secureConnection;

Attempt to subscribe. When the debugger hits it and breaks, use the editor to change this to true. This will cause nodemailer to send SMTP packets in the clear.

Code to trick Nodemailer to send SMTP in the clear

Capturing in Wireshark we see all SMTP packets unencrypted, including what we are looking for: the MAIL FROM field the SMTP server uses to validate a legit request. We are sending <noreply@localhost> but it should be the email address specified in the config.production.json.

Drilling down on packet 12768 we see we are sending MAIL FROM: <noreply@localhost> which was set erroneously by Ghost. It should be the address given in ghost.production.json but in is instead noreply@localhost. We have confirmed that the email credentials stated in config.{development,production}.json are not being used by the SMTP code in Ghost.

See Mock SMTP Resources for a list of options for dealing with SMTP in a development pipeline.