Configure Mailgun for email when using Digital Ocean for DNS

I had a little bit of trouble to connect Mailgun and Digital Ocean (espacially the DNS configuration in Digital Ocean), so I’ve decided to create a little guide to help others :

Connecting Mailgun with Digital Ocean

Initial configuration in Mailgun

  1. Sign up on Mailgun
  2. Activate your account (you may have to wait 5-10 minutes to receive your activation mail)
  3. In Mailgun, do to Domains, Add a New domain. In my example I didn’t use a subdomain as they recommended, I wanted my emails to be noreply@mydomain.com (mine is noreply@iunctis.fr, you’ll see this in this guide)
  4. In domains, you should have something like this in Domain Verification & DNS :

Configure DNS verification in Digital Ocean

  1. In Digital-Ocean, go to Networking > Domains
    (We have to setup the DNS Records, don’t follow the instructions in Mailgun)
  2. Create a CNAME record, just put : email // mailgun.org.
  3. Create a TXT record : @ // "v=spf1 include:mailgun.org ~all" - The commas are recommended.
  4. Create another TXT record : mailo._domainkey then the code given by Mailgun "k=rsa; p=MIGfMA....." - Again, the commas are recommended. Example:

Finalize configuration in Mailgun

  1. Go to Mailgun again and click on Check DNS Record Now, after a few minutes, everything should be validated.
  2. Now, you can change the email adresses you want to use (if you don’t want postmaster@yourdomain created by mailgun). In Mailgun > Domains, you should have this on top of the page :

    In Manage SMTP credentials make sure to set an address and a long random password of alphanumerics - a-z, A-Z, 0-9 - you’ll need it later.

Update your Discourse

  1. Launch Putty or any program you use to manage your server. Use these commands :
    cd /var/discourse
    nano containers/app.yml
    
  2. In app.yml, you should have around the line 59, something like this :
    ## TODO: The mailserver this Discourse instance will use
    DISCOURSE_SMTP_ADDRESS: smtp.mailgun.org         # (mandatory)
    DISCOURSE_SMTP_PORT: 587                        # (optional)
    DISCOURSE_SMTP_USER_NAME: noreply@yourdomaine.com      # (optional)
    DISCOURSE_SMTP_PASSWORD: password               # (optional)
    DISCOURSE_SMTP_ENABLE_START_TLS: true           # (optional, default true)
    
    You have to change DISCOURSE_SMTP_USER_NAME and DISCOURSE_SMTP_PASSWORD
  3. Exit, save the file. If you want to be sure your app.yml haven’t been messed up, you can use the YAML Validator.
  4. Rebuild the app using the command:
    ./launcher rebuild app`
    
    This should go fine.

Test the new mail server

Finally, in your Discourse, you can test the new mail server :

Send test email and you’re done !

25 Likes

Thanks for this guide.
I have made it 2 days ago and i have this :
Any idea ?

Check this screenshot, the infos on mailgun are not made for Digital Ocean :

The first TXT with @ instead of wikidot.es (and the commas "" between v=spf1 include:mailgun.org ~all) should do the trick. I think the CNAME can only be validated if the two TXT are OK.

On the zone file you should have something like this at the end :

wikidot.es. 1800 IN TXT "v=spf1 include:mailgun.org ~all"
mailo._domainkey.wikidot.es. 1800 IN TXT "k=rsa; p=MIGf..."
email.wikidot.es. 1800 IN CNAME mailgun.org.

Yes , i have seen it and edited . Now i think
i need to wait for propagate , true ?

You don’t have to add wikidot.es in the second TXT, it didn’t work when i put iunctis.fr in mine, It worked only when I wrote : mailo._domainkey.

When my config was right, it was pretty quick. Less than 10 minutes.

Ok , done , so , the mailgun give the a bad config ? :smiley:

We don’t recommend letting DNS go to Digital Ocean. I discourage this whenever I see it, since for most people it is much simpler to control DNS from the same place they purchased the domain name from.

4 Likes

@codinghorror yes , i understand but in my register
only i have option for create Glue Records , nothing else . :frowning:

Sure in that case fine, but I’d be very hesitant to hand over DNS to Digital Ocean unless you have a very good reason. It’s less confusing and clearer to have your DNS handled in one place, the first place you bought the domain from, versus splitting DNS between two sources …

5 Likes

@Steven
If i am using cloudflare , where i need to add that lines ? On cloudflare dns panel or digitalocean dns panel ?

On SPF field , the commas are not accepted :slight_smile:

The commas are mostly for DO, it should work without it in Cloudfare

The line before that, it’s not SPF but TXT you have to use

So , i need to change the SPF line into a TXT line ?

Yes, and I think it will be ok.

But I never tried with cloudfare so I can’t be 100% sure

1 Like

I’m guessing that Cloudflare automatically converted the TXT into an SPF record.

1 Like

I am wondering what the correct settings are for subdomains. I currently have:

TXT: forum.open-dialogue.net - v=spf1 include:mailgun.org ~all
TXT: mailo._domainkey.forum.open-dialogue.net - k=rsa.....
CNAME: email.forum.open-dialogue.net - mailgun.org.

These are the settings recommended by Mailgun, and I have entered them in Digital Ocean. Because I am using a subdomain for discourse, I’m unsure if these are the right settings.

You should include the subdomain because MailGun recommends that, it is also how Discourse sets up defaults.

forum.example.com → mail is from → noreply@forum.example.com

So you are setting up and validating the forum.example.com domain for email not the parent domain.

1 Like

Hi, following your instructions and still the “k=rsa; p=MIG…” does not get verified.

Another question:

I have a droplet in digital ocean, I am pointing my domain mysite.com to my IP. In order to do the mailgun configuration I created another domain mail.mysite.com to do this setup. Is this the correct way?

This is what I have under mail.mysite.com

Sometimes the k=rsa can take quite some time, you can try with smtp._domainkey instead of mailo._domainkey

Also, nothing links your server to the droplet, you should have at least an A record, with @ and the ip adress

Here is a full DNS records on a droplet :

If you already use your DNS provider to config some records, I think the best way is to also use it for the subdomain, it will be quicker and simpler (you just use what mailgun tells you, no need to change some things). And it will not impact your previous config

not sure if I follow you. So creating another domain (well, actually a sub-domain) in my droplet is not needed? all should be done under the mydomain.com? I thought the suggestion was to use a subdomain.mydomain.com

thanks

You can do it without creating a subdomain or using the networking panel on DigitalOcean yes.

The guide is just an alternative to link mailgun with DO instead of a DNS provider. Some people tried using DigitalOcean to do this and I wanted to help. But it’s not necessary at all

Sorry if the guide was confusing

1 Like