I’m experiencing a similar issue. Yesterday I debugged e-mail sending on a new Discourse instance for about three hours, without any success. I’m trying to send e-mail over Fastmail with STARTTLS on port 587. Other services are working with the same credentials.
I do not get the “Must issue a STARTTLS command first” error response with these settings:
DISCOURSE_SMTP_ADDRESS: 'smtp.fastmail.com'
DISCOURSE_SMTP_PORT: 587
DISCOURSE_SMTP_USER_NAME: 'myuser@fastmail.fm'
DISCOURSE_SMTP_PASSWORD: 'mypass'
DISCOURSE_SMTP_ENABLE_START_TLS: true
…followed by a ./launcher rebuild app, when I run ./discourse-doctor and send an e-mail, I get a 500 5.5.1 Invalid command error in response.
Today I started tracing the communication with tcpdump, and noticed that Discourse does not actually seem to use STARTTLS. Here’s what happens when I send a Grafana recovery email:
< 220 smtp.fastmail.com ESMTP ready
> EHLO 9b5ba1569f77
< 250-smtp.fastmail.com
< 250-PIPELINING
< 250-SIZE 71000000
< 250-ENHANCEDSTATUSCODES
< 250-8BITMIME
< 250 STARTTLS
> STARTTLS
< ...[encrypted]
But with Discourse, this happens:
< 220 smtp.fastmail.com ESMTP ready
> EHLO localhost
< 250-smtp.fastmail.com
< 250-PIPELINING
< 250-SIZE 71000000
< 250-ENHANCEDSTATUSCODES
< 250-8BITMIME
< 250 STARTTLS
> AUTH PLAIN [redacted]
< 500 5.5.1 Invalid command
So, it seems that Discourse is blasting my credentials through the internet in plain text, even though STARTTLS is enabled in the settings? Is this a bug?
I also noticed that when I run ./discourse-doctor, the “YML SETTINGS” summary at the top lists the following items:
==================== YML SETTINGS ====================
DISCOURSE_HOSTNAME=forum.[redacted]
SMTP_ADDRESS=smtp.fastmail.com
DEVELOPER_EMAILS=sysadmin@[redacted]
SMTP_PASSWORD=[redacted]
SMTP_PORT=587
SMTP_USER_NAME=[redacted]@fastmail.fm
LETSENCRYPT_ACCOUNT_EMAIL=
However, there is no mention of DISCOURSE_SMTP_ENABLE_START_TLS, even though it’s set in app.yml. Not sure if this issue is related.