Can new discourse install not require smtp server certificate validation?


(Stephen) #1

I’ve just installed discourse and am trying to find a particular setting so I can overcome a problem I’m having.

I have a local SMTP relay, which is a UTM with spam and virus protection. It accepts relay on port 25, then authenticates to sendgrid via port 587 for mail that is not destined for our internal domains.

I want to get my discourse server to also relay to port 25 in the same manner as every other service on our network that uses email relay. This server is protected by another UTM so that only known hosts can get to it and there are no opportunities for MITM attacks due to the way the network is configured.

I am having this error in /var/discourse/shared/standalong/log/rails/production.log

Sent mail to email@server.com (203.5ms)
Job exception: hostname "mailrelay.network.lan" does not match the server certificate

Question: How can I configure discourse to not require certificate validation of the SMTP relay it is configured with?

I am aware of the security implications, but in my network, unencrypted SMTP does not travel outside our server VLAN, which is protected by various security means. Once SMTP traffic needs to leave that VLAN, it gets encrypted.


(Stephen) #2

Sounds like you need two line changes in your app.yml. Assuming you already have ssh access and are using the standard path and filename (/var/discourse/containers/app.yml):

DISCOURSE_SMTP_PORT: 587

to:

DISCOURSE_SMTP_PORT: 25

(which you’ve done by the sounds)

And uncomment:

#DISCOURSE_SMTP_ENABLE_START_TLS: true

and change to

DISCOURSE_SMTP_ENABLE_START_TLS: **false**

(Stephen) #3

Thanks @stephen, that worked perfectly