Discourse email delivery rejected with cPanel SMTP server

Avaruusromu · 2016-08-19 00:14:34 UTC

I’ve installed Discourse on a VPS running cPanel. Forum site seem to work properly but all emails sent by it gets rejected and not delivered by the default mail server of cPanel. The following is a screen capture of delivery report (from cPanel WHM) of Discourse generated email:

The configuration is typical and I can’t spot any problem there:

DISCOURSE_DEVELOPER_EMAILS: 'XXXXX@YYYYYYY.com'
DISCOURSE_SMTP_ADDRESS: smtp.YYYYYYY.com       
DISCOURSE_SMTP_PORT: 587                       
DISCOURSE_SMTP_USER_NAME: XXXXX@YYYYYYY.com    
DISCOURSE_SMTP_PASSWORD: qwertyui              
DISCOURSE_SMTP_ENABLE_START_TLS: false

Also /var/discourse/shared/standalone/log/rails/production.log shows no errors when sending email:

Sent mail to XXXXX@YYYYYYY.com (947.2ms)

I’ve also tested how wrong password would look like (just to exclude that possibility):

Sent mail to XXXXX@YYYYYYY.com (2130.2ms)
Job exception: 535 Incorrect authentication data

So the only problem is the rejection of the message in email server side. Any ideas what could cause this? The SMTP of my VPS works very well with exact same settings when I’m sending mail with Thunderbird.

Thanks!

mpalmer · 2016-08-19 00:16:52 UTC

You might need to turn on TLS, but apart from that all the settings look reasonable on the Discourse side. Something’s broken in cPanel.

Avaruusromu · 2016-08-19 09:41:08 UTC

I tried that too, but then mail sending fails because certificate does not verify (according to log). My cert do not cover subdomains so I can’t make it to verify properly.

Is there a way to make Discourse ignore invalid certificate and send mail anyway?

mpalmer · 2016-08-19 09:44:39 UTC

I hope not. Given that you can get a free certificate from Let’s Encrypt in about five minutes, there’s not really any reason not to be running a real cert, anyway.

Avaruusromu · 2016-08-19 20:49:14 UTC

I succeed making TLS work on local mail server with proper cert. However, the result is still the same (message rejected by mail server with same error report.

I dug deeper and found following from /var/log/exim_rejectlog:

2016-08-19 23:40:23 H=(localhost.localdomain) [172.17.0.2]:47776 sender verify fail for <noreply@forum.YYYYYYYYYY.com>: The mail server could not deliver mail to noreply@forum.YYYYYYYYYY.com. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.

So, it looks like mail server rejects the sender address that it doesn’t recognize (noreply@forum.YYYYYYYYYY.com). Is there any way to change the sender address that Discourse will use?

Avaruusromu · 2016-08-19 20:57:53 UTC

Ok found a workaround. In WHM Exim settings change:
Sender Verification (Verify that the domain mail reports as it origin actually exists) to Off.

If you don’t mind one quick off-topic question: is there way to change all Discourse URLs so that they include a non-standard port number? I.e. format of http://forum.YYYY.com:8080/blabla to all links. That’s because I can live with that and avoid messing with Nginx on a production server.

codinghorror · 2016-08-19 21:16:23 UTC

No, custom ports are not supported, except for development purposes on a local machine.