New Discourse Instance + SMTP

Hi Guys,

Yes, the old and classic issue with E-Mail (the favorite “tech” of our beloved @codinghorror ). I’m trying to set up another Discourse installation in a totally different context (being that my main one already works and is using Sparkpost) but I can’t, for the life of me, put this to work, after reading all sorts of posts and docs here in Meta, without success, I ask your help.

I’ve tried three different setups: using another machine’s PostFix Installation, trying to use a container with Dockermail (if you have any other that you recommend for this, please forward me) and using gmail itself.

Being that gmail is G-Suite and SMTP is actually supported, I tried with something like this:

  DISCOURSE_SMTP_ADDRESS: smtp.gmail.com
  DISCOURSE_SMTP_PORT: 587
  DISCOURSE_SMTP_ENABLE_START_TLS: true
  #DISCOURSE_SMTP_AUTHENTICATION: none
  DISCOURSE_SMTP_OPENSSL_VERIFY_MODE: none
  DISCOURSE_SMTP_USER_NAME: <user@domain.com>
  DISCOURSE_SMTP_PASSWORD: <pass>

This seems like an overkill but I already tried with all sorts of options, without them, etc. The closests I’ve been is with gmail and I randomly receive some Registration Confirmation Mails hours later. With the setup as you see it above I get the following:

530 5.7.0 Must issue a STARTTLS command first.

Which to me doesn’t make sense, since I’m already enabling START_TLS right there, am I missing anything?

If I tweak a little (like having the “vanilla setup” with only Address, Port, Enable_Start_TLS, User and Pass I get:

end of file reached

I’ve been trying things for the past few days and I’ve already rebuilt discourse so many times that I can assure that my hatred for mail is surpassing that of Jeff’s. Can someone throw some light into this?

Thanks in advance

And you didn’t want to use a way that you know works and you know how to configure?

If I were you, I’d give SparkPost a try. It just might work.

Getting it working with G-suite is difficult. I don’t know anything that says it’s supported.

Configuring PostFix to be able to not be classified as spam is notoriously difficult. I ran mail servers for 20 years and don’t try anymore. I now have a server that I think would probably be a good mail server with an IP that’s probably not on every black list in the world, and I’ve still not managed to give it a go.

Here’s a tip. Rather than rebuilding, if all you have changed is the mail config, you can do this:

./launcher destroy app; ./launcher start app

Thanks Jay, didn’t knew the Destroy/Start trick, could had saved me hours -.-U

Regarding SparkPost, in this case is a different context (corporate one) and I can’t reach to the “outside” to incorporate the SMTP (Gmail is an exception because is part of the corporate suite). But the PostFix installation available is as good as having nothing. Tried with the container with dovemail but to no success.

Do you have control over DNS in your corporate context?

Have you set up DKIM and SPF records?

If it’s a technical problem with port filtering SMTP, can you access port 2525? If so (and you have control over DNS) you could (technically) use something like SparkPost.

This is not a Discourse issue, but a mail server issue. It’s really, really hard to run a mail server anymore.

For what it’s worth, I am a newbie and used Mailgun with extreme ease on a recent install. Kind of like Jay was saying, if you find something that works, keep using it!

Have you seen if other providers also run into these corporate context or might it just be SparkPost?

I tried with SparkPost but for obvious reasons the “impersonation” of the domain is restricted and therefore the mails do not arrive.

So I’m back to square one with the local SMTP. The local SMTP (PostFix) works with a sender_access file with the address or domains allowed. So mine is there, the server is working (tried by hand and is being used by other tools) but no mather how much I put DISCOURSE_SMTP_AUTHENTICATION: none I will always get SMTP-AUTH requested but missing user name Is Discourse always trying to do SMTP-AUTH? Because the server does not have auth in any way, re-checked.

Right now I’m at bare minimum like mentioned here:

  DISCOURSE_SMTP_ADDRESS: IP_ADDRESS
  DISCOURSE_SMTP_PORT: 25
  DISCOURSE_SMTP_AUTHENTICATION:NONE
  DISCOURSE_SMTP_ENABLE_START_TLS: false

But still, no success.

PD: May I add, after both @pfaffman and @jayqueue2 suggestions I did tried SparkPost but only to be faced by Corporate Blockades It connected on the first try and worked like a charm, however.

Have you tried any of the other providers Discourse recommends like SendGrid or Mailgun?

Not yet, but then the problem persist, is an external provider and therefore outside of the network.

I kept trying with every setting and the only conclusion I could reach is that Discourse is ignoring the DISCOURSE_SMTP_AUTHENTICATION: none instruction, doesn’t matter what It tries to Authenticate, even though the PostFix server has Auth Disabled (checked many times with other software, it is disabled).

Ok, so after tons of testing, I finally got to put it to work, here is the scoop:

The PostFix SMTP server is set up with no authentication. This server was the only option due to Security Measures in the internal environment. (Otherwise SparkPost worked on the first try).

Trying to use the DISCOURSE_SMTP_AUTHENTICATION: none had no effect, since Discourse-Doctor always gave back SMTP-AUTH requested but missing user name. Regardless of it being a Rebuild App command or just an Stop/Start.

So I just let it as configured above and went “well, I can use Discourse without e-mail” (which is true if all your users come from LDAP) and after a few days I received one mail from Discourse, in Spam, but still. However, Discourse-Doctor still gives back the same error and does not send the test e-mail.

Therefore, my conclusions: It works (in a very unstable fashion) configured as mentioned above. But Discourse-Doctor doesn’t help debug this issue as is, because it says error when on runtime it works (apparently and after a week of testing).

Perhaps this (relatively rare) scenario could be improvinated @pfaffman?

Indeed. A no-auth SMTP server is an edge case that I hadn’t considered.

Oh. Wait. No.

I’m pretty sure that ./discourse-setup doesn’t work for a no-auth SMTP server case either.

As I think about it, my inclination is that if you’re in a security situation, which requires that you not have an SMTP password, and you are capable of setting up a mail server in such a way that it doesn’t need SMTP auth, then you may just be on your own to read the comments in app.yml and not have the benefits of discourse-doctor and discourse-setup.

The rake task that Discourse Doctor calls does this:

https://github.com/discourse/discourse/blob/master/lib/tasks/emails.rake#L81-82
which I think is why that rake task is generating the error that @Iceman describes. If you want, @codinghorror, I can have a look at modifying that rake task to test if GlobalSetting.smtp_authentication is set to none and skip those tests accordingly.

That should at least let the test-send task work.

Or just have the script pump out a warning like “HERE BE DRAGONS U ARE IN XXXXTREME XXXPERT MODE DIGGETY DAWG” (not actual copy)

I have also deployed a new instance and my SMTP works fine except for user registration, invites, password resets. I can not figure out how to remove the IP address and replace with domain name. Is there a setting I’m missing with the Discourse admin settings?

helpview.png1314×654 188 KB

I’m a little concerned because this is a “bitnami” install and is un-supported. Would it be possible for you to install this on Digital Ocean following our Official Install Guide?

Normally you just follow the /wizard to configure your hostname or you edit the containers/app.yml DISCOURSE_HOSTNAME field which doesn’t appear to exist with a “bitnami” install.

“un-supported”. Do you think Bitnami is the cause of my email issue?
I’m not going to redeploy to another environment. My discourse installation is within my Azure subscription.

No idea. But it looks like email is working, but the links in the email just have the ip address instead of the hostname?

That’s cool that you are using Azure. I would strongly consider you take the time to re-install your forum following our Official Azure install guide. This way you can get better support from the community since you will have a very similar install to everyone else, you will have the option to always upgrade to the latest version of Discourse (receive bug fixes), and have better plugin support.

Hi @blake, thanks for the reply. Bitnami file structure has an additional layer on top the Discourse file structure. I’ll update my response when I fix the issue.

The Azure install guide is very good. Thanks for the link.

Other Bitnami stack issues were discovered other than SMTP, so I took your suggestion and followed the “Official Azure install guide”. Installing new instance now… thanks @blake

Awesome, that is very good to hear!

For reference and so that others don’t refer back to this statement, Google is only supported for reply by email. We don’t support google being used in this way, nor does Google. In fact they expressly prohibit it in their ToS and do restrict accounts engaging in the practice.

If nothing else these unofficial pre-packaged installations trap users on older/different versions that fall outside of the scope of support here. Official guides are always the way to go.