Quick Info:
SMTP via smtp-relay dot gmail dot com
Discourse running in Docker on Digital Ocean Droplet
Installation is ~2 years old, mail was previously working
Hello, On October 5th I modified the app.yml config file to reduce the number of Unicorn instances. We are running Discourse on Docker. We rebuilt the app using the launcher, and the forums came back online in about 10 minutes.
I am not certain what version of Discourse we had installed before then, but after the rebuild 3.2.0.beta3-dev was the latest code reported on the Dashboard. We made no modifications to our SMTP configurations which had, up until that point, been working without issue.
After the rebuild, Discourse logs started reporting SMTP Authentication errors.
Job exception: wrong authentication type Login
I used swaks to test SMTP from the Digital Ocean droplet we were running Discourse on, and I was able to simulate a similar error from smtp-relay dot gmail dot com because the HELO header wasn’t sending our email domain, and therefor due to our gsuite SMTP relay settings, gmail wasn’t even offering any authentication options.
When I adjusted the hostname of the droplet to reflect our email domain, and tried again with swaks, I was able to send a test email through smtp-relay dot gmail dot com using a new user with app password, everything worked fine.
I re-tried this same test inside the Discourse app container, and was able to successfully send an email with the same credentials.
I have followed all the debugging issues found here: Troubleshoot email on a new Discourse install, among suggestions from other posts (which provided solutions we had already adopted), despite this not being a new install but an install we’ve had running for about 2 years now.
Output of ./discourse-doctor
==================== MAIL TEST ====================
For a robust test, get an address from http://www.mail-tester.com/
Or just send a test message to yourself.
Email address for mail test? ('n' to skip) [<redacted>]: <my personal email>
Sending mail to <my personal email>. . .
Testing sending to <my personal email> using smtp-relay.gmail.com:587, username:<redacted> with Login auth.
======================================== ERROR ========================================
UNEXPECTED ERROR
Invalid authentication method. Must be plain, login, or cram_md5.
====================================== SOLUTION =======================================
This is not a common error. No recommended solution exists!
I’ve tried iterations of the accepted authentication methods: login and plain, even attempting variations on cAsE.
The app.yml configurations were correct, the authentication type was set to Login, and this had been the setting used previously as we only changed UNICORN_WORKERS to be 2 instances instead of 4.
From within the Discourse docker container, this is the output from swaks:
./swaks --auth --server smtp-relay.gmail.com -au <redacted> -ap “<redacted>” --to <my_email_addy> --h-Subject: "Inside the container!" --body 'Testing SMTP from inside discourse container.' --tls
=== Trying smtp-relay.gmail.com:25...
=== Connected to smtp-relay.gmail.com.
<- 220 smtp-relay.gmail.com ESMTP de21-20020a056122459500b0049d3960c382sm198389vkb.7 - gsmtp
-> EHLO <our email domain>
<- 250-smtp-relay.gmail.com at your service, [<our IP address>]
<- 250-SIZE 157286400
<- 250-8BITMIME
<- 250-STARTTLS
<- 250-ENHANCEDSTATUSCODES
<- 250-PIPELINING
<- 250-CHUNKING
<- 250 SMTPUTF8
-> STARTTLS
<- 220 2.0.0 Ready to start TLS
=== TLS started with cipher UNKNOWN(0x0304):TLS_AES_256_GCM_SHA384:256
=== TLS no local certificate set
=== TLS peer DN="/CN=smtp-relay.gmail.com"
~> EHLO <our email domain>
<~ 250-smtp-relay.gmail.com at your service, [<our IP address>]
<~ 250-SIZE 157286400
<~ 250-8BITMIME
<~ 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
<~ 250-ENHANCEDSTATUSCODES
<~ 250-PIPELINING
<~ 250-CHUNKING
<~ 250 SMTPUTF8
~> AUTH LOGIN
<auth_challenge_redacted>
<~ 235 2.7.0 Accepted
~> MAIL FROM:<root@our email domain>
<~ 250 2.1.0 OK de21-20020a056122459500b0049d3960c382sm198389vkb.7 - gsmtp
~> RCPT TO:<my_email_addy>
<~ 250 2.1.5 OK de21-20020a056122459500b0049d3960c382sm198389vkb.7 - gsmtp
~> DATA
<~ 354 Go ahead de21-20020a056122459500b0049d3960c382sm198389vkb.7 - gsmtp
~> Date: Fri, 20 Oct 2023 17:24:16 +0000
~> To: <my_email_addy>
~> From: root@<our email domain>
~> Subject: Inside the container!
~> X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
~>
~> Testing SMTP from inside discourse container.
~>
~> .
<~ 250 2.0.0 OK 1697822658 de21-20020a056122459500b0049d3960c382sm198389vkb.7 - gsmtp
~> QUIT
<~ 221 2.0.0 closing connection de21-20020a056122459500b0049d3960c382sm198389vkb.7 - gsmtp
=== Connection closed with remote host.
This test email was successfully received at my personal email account.
I don’t know fully what is going on, but my leading guess is that there is an issue with reporting the correct mail hostname in the HELO header of the SMTP session request.
Sadly, Gmail does not provide access to SMTP logs, so I am only able to see the successful email sends from my manual testing, and none of the headers/requests from failed Discourse attempts.
Assistance would be appreciated, I am not familiar with the Ruby ecosystem, and I’m doing my best to restore email notifications for my users.
Thanks in advance!