Well, to start off, this is production, and I can’t get the first registration email to send.
I am sure my SMTP settings are correct.
I am able to ping and telnet my mail server with the port used, but as soon as i do “EHLO mailserver” the connection is closed by the foreign host.
And I tried ensuring my SMTP settings were correct so I ran /var/discourse/discourse-doctor, but it cannot validate my settings. It says:
==================== YML SETTINGS ====================
awk: not an option: --field-separator=:
DISCOURSE_HOSTNAME=
awk: not an option: --field-separator=:
SMTP_ADDRESS=
awk: not an option: --field-separator=:
DEVELOPER_EMAILS=
awk: not an option: --field-separator=:
SMTP_PASSWORD=
awk: not an option: --field-separator=:
SMTP_PORT=
awk: not an option: --field-separator=:
SMTP_USER_NAME=
awk: not an option: --field-separator=:
LETSENCRYPT_ACCOUNT_EMAIL=
But my YAML (./containers/app.yml) seems perfectly formatted.
## TODO: The SMTP mail server used to validate new accounts and send notifications
# SMTP ADDRESS, username, and password are required
# WARNING the char '#' in SMTP password can cause problems!
DISCOURSE_SMTP_ADDRESS: mail.redacted.com
DISCOURSE_SMTP_PORT: 465
DISCOURSE_SMTP_USER_NAME: redacted@redacted.com
DISCOURSE_SMTP_PASSWORD: "redacted"
#DISCOURSE_SMTP_ENABLE_START_TLS: true # (optional, default true)
## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate
LETSENCRYPT_ACCOUNT_EMAIL: redacted@redacted.com
@irwinstar, I removed the actual mail server for the sake of not exposing my mail server on a public forum. But I can guarantee it is correct because I copied the settings from my mail client (working) and also compared them to my actual mail server’s SMTP settings.
Thank you for your offer to help. I think the issue is SPF/DKIM records so I’m trying to fix those.
Nonetheless, discourse-doctor still should be parsing it correctly. Not sure what’s going on there, since I didn’t edit the file myself in vim/nano. To be clear, the YAML was generated using discourse-setup.
And I think discourse not support the protocol in 465 now. If your mail server support 587, you can change it to 587 instead.
Unfortunately, my mail server can not use 587, so I add a mail proxy out side discourse.
@irwinstar, This is extremely important information if this is correct, and would explain why my email setup isn’t working. Do you have a source for this information?
I’m not sure about it, but I try 465 some times.
Finally, I ues this “hieulq/mailproxy” docker image as a mail proxy.
And use this app.yml setting for discourse.
This usage seems bad, but it works.
I try to find a mail plugin today, but I did not find any one.
I’m trying to avoid purchasing any cloud mail servers, or using proxies (because if I wanted a dirty solution I’d just rake an admin account at this point) when I already have a mail server on hostgator.
I’m sure the SPF records are set for my discourse server’s IP. I’m really just trying to validate the DKIM records now.
If someone can confirm 465 is not allowed, that would be fantastic news as it would stop me from going too far down the rabbit hole of a non-issue. 465 was an issue, noted in the post below.
Using port 587 I can successfully telnet an entire email and authenticate fine. So I switched.
Now, when the email gets sent, I am receiving the following error:
Delivered mail d86b48cc-b0f4-4df3-8960-ab5ff96613a0@discourse.imbleau.com (251.0ms)
Job exception: hostname "mail.redacted.com" does not match the server certificate
But what I have noticed is that this is no longer a connection timeout (triggered after 60 whole seconds), but rather, this is a different exception received in 250ms.
FIXED THE EMAIL ISSUE! (discourse-doctor still parses incorrectly)
I researched a bit more about ruby and why this error was happening behind the scenes which led me to this stackoverflow issue
This was the culprit. The solution involved changing the SSL negotiation, which gave me the intuition to turn this setting off in the app.yml file DISCOURSE_SMTP_ENABLE_START_TLS: false # (optional, default true)
That will disable TLS encryption, while the “only” issue is that you are using an incorrect hostname, i.e. the mail server is presenting a certificate which says something else than mail.redacted.com. Many email servers tend to be known by multiple different hostnames, you only need to find out which one it is using for its certificate.
You could try to find out which hostname it says it is and adjust your configuration accordingly.
Thanks @RGJ! Weirdly enough, it’s saying the CN is one of my subdomains, completely unrelated to mail. That’s worth investigating. Thank you for the guidance.