Can't send email with certificate issue

Installation
1

Tried to setup discourse and have issue with email setup.
I have mail.mydomain.com connected to a mail server configured in NAS with host name
smtp.myquickid.synology.me
I can send/receive mail whatever@domain.com from thunderbird

So I setup discourse app.yml as below

  DISCOURSE_SMTP_ADDRESS: smtp.myquickid.synology.me
  DISCOURSE_SMTP_PORT: 587
  DISCOURSE_SMTP_USER_NAME: admin@mydomain.com
  DISCOURSE_SMTP_PASSWORD: "plainpassword!"
  DISCOURSE_SMTP_ENABLE_START_TLS: false           # (optional, default true)
  #DISCOURSE_SMTP_OPENSSL_VERIFY_MODE: none

Since I have issue with certificate, I set TLS to false however mail can’t be sent

$ tail /var/discourse/shared/standalone/log/rails/production.log shows
....
Sent mail to admin@mydomain.com (30.1ms)
Job exception: 530 5.7.0 Must issue a STARTTLS command first

I think this is caused by setting TLS to false.
Also setting the port 25 gives same thing.

I did check both

$ telnet smtp.myquickid.synology.me 25
$ telnet smtp.myquickid.synology.me 587

all work fine.

How to solve this problem?

2

I managed to figure this out myself.
Settings below works for my situation.

  DISCOURSE_SMTP_ADDRESS: smtp.myquickid.synology.me
  DISCOURSE_SMTP_PORT: 25
  #DISCOURSE_SMTP_USER_NAME: admin@mydomain.com
  #DISCOURSE_SMTP_PASSWORD: "plainpass"
  DISCOURSE_SMTP_ENABLE_START_TLS: false           # (optional, default true)
  #DISCOURSE_SMTP_OPENSSL_VERIFY_MODE: none
  #DISCOURSE_SMTP_AUTHENTICATION: none
  DISCOURSE_SMTP_OPENSSL_VERIFY_MODE: none

Ignoring user name and password is weird though.

3

This isn’t a certificate problem, this is the other end telling you “I won’t accept credentials over a plaintext connection, you need to use STARTTLS to connect to me and authenticate so you can send mail.”

You should enable STARTTLS and either set up Let’s Encrypt for SMTP, or just disable certificate verification.

That’s because now you’re sending to the SMTP port which is used for mail delivery not submission. Unless that mailserver is configured to relay mail for your IP, it will only accept mail for the email domains for which it is configured to accept mail.

2 Likes