How to make Dreamhost SMTP work (Just the mail for discourse)


#1

Hi guys, I’m a noob, but I just got Discourse (running on Digital Ocean) to use Dreamhost SMTP for sending mail and what I figured out SHOULD help you guys with things beyond Dreamhost.

You got to figure out your homie server, instead of putting mail.yourdomain.com you have to put
one of the homie servers such as:
sub3.mail.dreamhost.com
sub4.mail.dreamhost.com
sub5.mail.dreamhost.com
homie.mail.dreamhost.com
To figure out which one of these servers are your homies, check out:
Certificate domain mismatch error when connecting to a DreamHost mail server – DreamHost

See, when I check webmail at my domain I get this:


What that means, is that there’s a conflict between the SSL certificate because the dreamhost doesn’t assign individual certificates for your specific website, but instead uses their certificate from dreamhost.com

In the admin panel for discourse it shows up like this:
Argument: {“type”=>“signup”, “user_id”=>1, “email_token”=>“9067a99d7782276fb747e3c5041ca6e0”, “current_site_id”=>“default”}
Error: Jobs::HandledExceptionWrapper: Wrapped OpenSSL::SSL::SSLError: hostname “mailyourdomainhere.com” does not match the server certificate

To fix this, configure your discourse app.yml like this

Since the bottom level domain is now dreahost, the SSL certificate checks out and your e-mails will start going through!

Things I also tried that probably didn’t matter:
I changed the notification e-mail in discourse to noreply@mydomain.org
I created a noreply@mydomain.org on dreamhost

I hope someone found this helpful and it will likely fix other SMTP issues with other sites! Feel free to correct anything I said, I just started using linux yesterday to get this all to work and have literally had to google how to move around in putty/linux.


Troubleshooting email on a new Discourse install
(Dean Taylor) #2

Although I can’t recommend it for security reasons…

If you have no option like this “finding an alternative hostname with your mail provider” you can use this setting:

DISCOURSE_SMTP_OPENSSL_VERIFY_MODE: 'none'

This causing Discourse to ignore certificate checks for SMTP.

This would mean the communication between your Discourse server and your outgoing mail server could be intercepted, giving the attacker (or Government middle-man) access to sensitive data (password reset links etc).

However I would recommend finding an alternative mail host before using this.


#3

Quick question, should I test out port 465 for better security? I believe Dreamhost supports both. I just haven’t because 587 worked and I was absolutely exhausted after 18 hours of coding. I don’t want to take my server down now as people are about to get off work and will be signing up soon. Going to wait until the middle of the night to edit this more.


Dark theme with block posts
(Dean Taylor) #4

I don’t see a need to change it - port 587 is default mail submission port, 465 is somewhat legacy:


#5

Got it. So I’m using TLS/SSL of some kind already for my SMTP e-mails?

#DISCOURSE_SMTP_ENABLE_START_TLS: true # (optinal, default true)
I assumed by this wording that even with this commented out, it’s defaulting the using TLS and you’d only uncomment it if you wanted to set it to false?

Super beginner question, but I taught myself all this two days ago and my programming knowledge come from some minor stuff in college 6 years ago using C# with XNA framework to make xbox games.


(Dean Taylor) #6

Yes and really yes - but people unomments things, so maybe that’s the reason it’s set to true


#7

I figured something like that had to be true. I just have also learned that frequently Captain Obvious corrects me when everyone else seems to get it O.o