Fail to send email with discourse-doctor


(ajeremias) #1

Hei,
I’m using my own mailserver setup with:

I can send and receive mails from thunderbird… but discourse fails with the following error, when I run the $ ./discourse-doctor :

======================================== ERROR ========================================
                                    UNEXPECTED ERROR

530 5.7.0 Must issue a STARTTLS command first

Thank you


(Jay Pfaffman) #2

What is your mail configuration?


(ajeremias) #3

image

from thunderbird


(ajeremias) #4

I just tried with another mailserver… not my own setup… and gives me the same error…
it seems discourse fails to send a STARTTLS command before the EHLO?

This is the log from postfix:
mailserver | 2018-09-17T14:12:15.625736+00:00 mail postfix/smtpd[919]: connect from unknown[185.XX.XX.XX]
mailserver | 2018-09-17T14:12:15.798333+00:00 mail postfix/smtpd[919]: lost connection after AUTH from unknown[185.XX.XX.XX]
mailserver | 2018-09-17T14:12:15.799610+00:00 mail postfix/smtpd[919]: disconnect from unknown[185.XX.XX.XX] ehlo=1 auth=0/1 commands=1/2
mailserver | 2018-09-17T14:12:21.114623+00:00 mail postfix/submission/smtpd[922]: connect from static. 150 .XX.XX.XX.clients.your-server.de[195.XX.XX.XX]
mailserver | 2018-09-17T14:12:21.258481+00:00 mail postfix/submission/smtpd[922]: lost connection after EHLO from static. 150.XX. XX.XX. clients. your-server. de[195.XX.XX.XX]
mailserver | 2018-09-17T14:12:21.258898+00:00 mail postfix/submission/smtpd[922]: disconnect from static.150.XX.XX.XX.clients.your-server. de[195.XX.XX.XX] ehlo=1 auth=0/1 commands=1/2

This is my discourse configuration… i forgot it before:

DISCOURSE_HOSTNAME=discourse.domain.tld
SMTP_ADDRESS=mail.domain.tld
DEVELOPER_EMAILS=discourse@domain.tld
SMTP_PASSWORD=changeme
SMTP_PORT=587
SMTP_USER_NAME=discourse@domain.tld
LETSENCRYPT_ACCOUNT_EMAIL=something@domain.tld

(Jay Pfaffman) #5

What happens if you send from the web interface?

You can create an admin user with

rake admin:create 

Inside the container.


(ajeremias) #6

I don’t need to create users… I need the email to work.!


(Jay Pfaffman) #7

I need to know what happens if you try sending mail from the web interface. I’m curious whether discourse-doctor is unable to send mail even if Discourse can send mail. Do you get an error there as well?

You can do a test a /admin/email\.

Often people can’t create an account to try sending from the web interface if mail isn’t working, so I included the hint about how to get logged in even if you can’t send mail.


(Bhanu Sharma) #8

@pfaffman I can confirm that it is not an issue with discourse-doctor but the mailserver.

Somehow, the connection is not getting to start over TLS. However, explicitly allowing this in the yml fixes this for me in most if not all of the cases.


(Jay Pfaffman) #9

Hooray!

I’m stumped, then. I can’t imagine how this would help, but I’d check that inside the container you can get out to the mail server.


(ajeremias) #10

Which option do you mean? And it’s not a problem with the mailserver… it’s a problem of discourse… I even posted my thunderbird configuration, which works perfectly


(Bhanu Sharma) #11

First off, before blaming discourse, keep in mind that You’re not using any of the recommended email providers. Custom mail servers are known to be very tricky to be configured with discourse. I run docker-mailserver for some of my applications and this error has been very common for me. Even if the mailserver can let an email client (which, by the way is fundamentally different than a send only server) connect and negotiate protocol on the fly, discourse will expect the connection to be STARTTLS ready if You’re using the submission port (587). You can try using port 25 for the best chance of getting to debugging it.


(ajeremias) #12

So you mean… that discourse-doctor uses different routines than the web interface?
Also, discourse follows the number of the port, and not the definitions given in the .yml?

What I want to understand, (I can also look at code)… is what is discourse actually doing? Why a configuration the same as in thunderbird won’t work?

When using port 25 I get the following error:
503 5.5.1 Error: authentication not enabled

and on postfix i get this:

mailserver      | 2018-09-18T13:34:03.363466+00:00 mail postfix/smtpd[1943]: connect from static.150.X.X.X.clients.your-server.de[195.X.X.X]
mailserver      | 2018-09-18T13:34:03.504638+00:00 mail postfix/smtpd[1943]: lost connection after AUTH from static.150.X.X.X.clients.your-server.de[195.X.X.X]
mailserver      | 2018-09-18T13:34:03.504829+00:00 mail postfix/smtpd[1943]: disconnect from static.150.X.X.X.clients.your-server.de[195.X.X.X] ehlo=1 auth=0/1 commands=1/2

Thank for the support


(ajeremias) #13

I think the problem is that

smtp_sasl_auth_enable 

is not activated on postfix… so it does not accept the authentication command send by discourse.


(ajeremias) #14

I need to know what happens if you try sending mail from the web interface. I’m curious whether discourse-doctor is unable to send mail even if Discourse can send mail. Do you get an error there as well?

You can do a test a /admin/email\ .

Nop, i dont get any error… but the email is never sent!


(Jay Pfaffman) #15

Then you should check the logs on your mail server.


(Bhanu Sharma) #16

Hmmm!

Interesting!
Can You share what is inside your yml ? Redact any passwords.


(ajeremias) #17

Oh true… I got this:

1mailserver      | 2018-09-18T14:06:31.391924+00:00 mail postfix/submission/smtpd[2575]: connect from static.150.X.X.X.clients.your-server.de[195.X.X.X]
mailserver      | 2018-09-18T14:06:31.519639+00:00 mail postfix/submission/smtpd[2575]: Anonymous TLS connection established from static.150.X.X.X.clients.your-server.de[195.X.X.X]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
mailserver      | 2018-09-18T14:06:31.691535+00:00 mail postfix/submission/smtpd[2575]: NOQUEUE: reject: RCPT from static.150.X.X.X.clients.your-server.de[195.X.X.X]: 553 5.7.1 <noreply@discourse.domain.tld>: Sender address rejected: not owned by user discourse@domain.tld; from=<noreply@discourse.domain.tld> to=<ajeremias@disroot.org> proto=ESMTP helo=<localhost.localdomain>
mailserver      | 2018-09-18T14:06:31.740791+00:00 mail postfix/submission/smtpd[2575]: disconnect from static.150.X.X.X.clients.your-server.de[195.X.X.X] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 quit=1 commands=6/7

So why is discourse using noreply@discourse.domain.tld instead of the email setup on the .yml?
Also its not cool that sending email from the interface is different from sending with discourse-doctor :frowning:


(Bhanu Sharma) #18

You’ll have to change that in admin or by rebuilding the container after uncommenting the

- exec: rails r "SiteSetting.notification_email='info@unconfigured.discourse.org'"

value in app.yml file. modify the email to something that your mailserver is happy with. it should be at the very bottom.


(ajeremias) #19

Yay it worked!! Thank you so much :partying_face:


(Jay Pfaffman) #20

That’s what it does. If you want to send from a different address you do as @itsbhanusharma describes.

I totally agree. The problem is that its tests are naive, but it treats them as authoritative. It’s becoming clear that it should treat those tests as warnings rather than failures.

Could you please send me the exact output of the mail part of discourse doctor (if you look at the file it produces it’ll redact the passwords and such), and the output of

sudo docker exec -w /var/www/discourse -i app rake emails:test[user@example.com]