This should be the troublemaker. By default, Discourse uses a secure connection, and since the certificate is not trusted, this won’t work.
I don’t think you can easily trust your certificate. You might be able to make it work by using an unencrypted connection (look for the pop3 polling ssl setting), but I wouldn’t do that unless the connection is to localhost.
The best solution might be to get a (possibly free) signed certificate.
The mail server is on the same domain but does not point to localhost in the Discourse admin settings (just mail.mysite.com) so I guess it wouldn’t be safe to turn off SSL when connecting to the POP server? Or would it be fine?
Is there a way to set it up different given both postfix and Discourse are on the same server?
Being on the same domain isn’t relevant – running on the same server is.
I’m not sure how you can set this up correctly – entering localhost should refer to the container, not the host. Also, you want to be safe that no DNS hiccup can cause your password to be sent out unencrypted.
Is getting a signed certificate not doable in your case?
I don’t think I have ever used a signed cert - do you have to get one for every Discourse instance?
You mentioned free - are they any good?
Do you know if Discourse will at any point support self-signed certs? Apple mail just asks me if I trust it or not on first connection - maybe it is something we can add to the config?
Then you have two option: Either trust the certificate (I don’t know the exact syntax), or get a signed certificate which you can use for both HTTPS and POP3.
Ok so now I’m on the new server I am going to try to get this set up again
The snippet above doesn’t work Kane, the app fails to bootstrap with /pups/lib/pups/config.rb:93:in block (2 levels) in run_commands’: Invalid run command path (SyntaxError)`
Upgrade the server to handle more Client Hello variants, or
Install a ruby that uses an older OpenSSL library, or
Change your program to send a different Client Hello.
I think in the interest of keeping barriers low for Discourse, 1 and 2 would not be ideal options. Do you have any ideas which CH Discourse uses? And whether it would be feasible to add another (that is perhaps more widely compatible or helps make things more widely compatible)?
Edit: I guess I’d still be having this problem even if I got a free SSL cert as this is a protocol miss-match. Should I start a dedicated topic for it?
def poll_pop3
connection = Net::POP3.new(SiteSetting.pop3_polling_host, SiteSetting.pop3_polling_port)
connection.enable_ssl if SiteSetting.pop3_polling_ssl
connection.start(SiteSetting.pop3_polling_username, SiteSetting.pop3_polling_password) do |pop|
unless pop.mails.empty?
pop.each do |mail|
handle_mail(mail)
end
end
pop.finish
end
rescue Net::POPAuthenticationError => e
Discourse.handle_job_exception(e, error_context(@args, "Signing in to poll incoming email"))
end
to:
def poll_pop3
connection = Net::POP3.new(SiteSetting.pop3_polling_host, SiteSetting.pop3_polling_port)
if SiteSetting.pop3_polling_ssl
if SiteSetting.pop3_polling_ssl_verify_none
connection.enable_ssl(OpenSSL::SSL::VERIFY_NONE)
else
connection.enable_ssl
end
end
connection.start(SiteSetting.pop3_polling_username, SiteSetting.pop3_polling_password) do |pop|
unless pop.mails.empty?
pop.each do |mail|
handle_mail(mail)
end
end
pop.finish
end
rescue Net::POPAuthenticationError => e
Discourse.handle_job_exception(e, error_context(@args, "Signing in to poll incoming email"))
end
If this is ok, and if someone can point me in the right direction of how to add the site setting I can send a PR (but quite happy for one of you guys to do it instead as that’d be quicker.)