我尝试使用自己的仅发送服务器来发送邮件。我正在运行此 SMTP 网关以使用 TLS,因此我用来发送邮件的客户端需要证书。我使用的是自签名证书,如果使用 postfix/ssmtp 发送邮件,这很容易配置,但我不确定如何在 Discourse 邮件客户端中使用自定义证书。
为了简要说明情况:
简单场景:
Discourse —发送—邮件—> Mailgun —发送—邮件—> 用户
我的场景:
Discourse —发送—邮件—> 运行 SMTP 网关的我的服务器 —使用 AWS SES API 中继邮件—> 用户
谢谢。
I would like to correct my question. So I really don’t need to add any certs for this to work but still its failing to communicate on TLS. If I am testing it with swaks its working fine. Example command:
swaks --to user@example.com --from me@example.com --auth PLAIN --auth-user myusername -tls -s smtp.somehost.com:2525
You can directly use the AWS SES SMTP to achieve this why do you want to have a local relay?
@itsbhanusharma AWS ses provides 60k emails per month free and as far as I know these email calls should be requested from ec2 instance to work otherwise they are charged as normal. My discourse instance is hosted on a digital ocean droplet. I could be wrong but this is my understanding and the reasoning behind it.
So even if Your SES API is receiving emails from a DigitalOcean IP, it would make it chargeable, You may decide to use another service or spin up exim on an ec2 instance to be a bridge between your DO droplet and AWS SES. I don’t think it’ll work but You can try.
It should (in theory anyway) be like:
I have already solved the relaying problem by running a local smtp server in ec2 which eventually forwards the smtp request to ses. The problem is discourse is failing on TLS handshake with this smtp server where as postfix/swaks and similar applications are working just fine.
Solving that should be as simple as using port 25 (without encryption)
Is there a way I can see where this SMTP handshake is handled? Like any library discourse is using in ruby behind the scenes? I don’t want to disable TLS here.
Then use a Valid SSL certificate (even letsencrypt should work fine)
Using valid cert from letsencrypt didn’t help for some reason. Don’t know why.
But after setting this in app.yaml, emails are working now.
DISCOURSE_SMTP_OPENSSL_VERIFY_MODE: none
Someone with more knowledge about SMTP might provide why this is working but I am good for now I guess.
Does this end up being cheaper than simply moving the discourse instance into S3?
I have a $ 5 ec2 instance running on aws which I am using for relaying multiple domains. Moving discourse to ec2 would be a little costly from digital ocean, not much to be honest(few dollars over all).
But the point is even if I move discourse to ec2, I would still need that relay service to support rest of the droplets that I have on DO for other domains that I own. So why not just fix discourse 
Well, by your own admission Discourse isn’t broken, it interfaces with SES perfectly fine.
You’re doing this to circumvent an SES restriction to relay emails for free.
That is true, but discourse has nothing to do with SES here. Discourse is communicating with a SMTP server, which could be anything(right now its a relay service). I was wondering how does postfix/swaks and all are working just fine with this SMTP server(from same DO vpc) and not discourse. After setting that var, it is working though. Still I would like to know what library we are using in discourse for SMTP handshake so that I can personally verify if there is anything we can do to improve in discourse.