Straightforward direct-delivery incoming mail

Maybe experts know it is easier but we beginners think it looks more complicated :slight_smile:

2 Likes

Oh. That may be true, but if you’re trying to do POP3 to, say, gmail, to me, it’s easier to set this up than POP3. And the likelihood that gmail will break something that is working is greater than zero. I think I remember only one time that the mail container has even needed rebuilding.

And though I taught novices computer stuff for many years, I might still lose sight of exactly what’s “easy” and DNS and MX records certainly are not easy for people to wrap their heads around.

(And for me, I have the entire configuration, from creating the api key, configuring the mail receiver to use the SSL certs from let’s encrypt, to setting the SiteSettings with the api all scripted, so I haven’t done this by hand in some time…)

Yeah. I think that’s right.

Perhaps so, but at this point it would be like choosing a different word for, say, “banana”. And to me, this has always seemed very much like a straightforward solution (at least once it’s set up). Being able to just start using an address for a group or category is, indeed, fantastically straightforward. It’s a huge pain to accomplish that with POP3 (unless you know how to configure something to accept *@example.com and forward it to that one POP3 mailbox; I"m sure I’ve done that before, but I no idea how I’d do it today.

tl;dr

So maybe what is needed is just a bigger/better disclaimer about what “straightforward” means, and both this and the pop3 topic should have a few sentences about for whom and for what conditions each solution is “easier”.

If you just want reply-by-email, POP3 is just good enough if you have a working mailbox somewhere (there’s currently a very long topic about just how to set up a mailbox). But if you want to be able to email support@example.com to a support group or myneighborhood@example.com to get posted to a category, then this really is a straightforward solution.

3 Likes

FWIW, I’m considering switching from the mail-receiver to POP3/Gmail just because of all the email spam we get. (Or putting a Gmail forwarder in front of the mail-receiver.)

3 Likes

I’ve once had a problem with spam. If it’s from a single source then there are some ways to deal with it, but it’s definitely something to mention in the OP.

2 Likes

Oh yeah, good point re spam. Spam handling is much better with gmail and is definitely one reason direct delivery is less straightforward than just setting up POP3 with gmail.

That said, it does depend on how you want to use your site. If you are using it primarily to allow posting to categories, by existing users, then you can rely on built in spam handling for discourse which is quite good, esp with akismet enabled and default trust level permissions. You’re just not going to see much spam.

However, if you want to enable posting by non-users, and allow emailing in to groups by non-users, then you are in for a world of pain unless you know how to set up postfix to prevent email from reaching your discourse. There are no bulk actions for messages and users to e.g. select lots of messages at once and mark as spam and delete spammer, or on the user list to delete a selection of users at once. You end up with lots of spam topics and spam users that you have to delete one by one.

I did this for a while and got hammered by emails from qq.com and 163.com. Setting up postfix to block unwanted domains from sending to you works - see the instructions in the OP. But the trouble is that you are then playing whack a mole as spammers move from domain to domain.

5 Likes

5 posts were split to a new topic: Configuring both direct delivery email and a forwarding rule

I’m using the mail-receiver container so that users can reply and create new topics via email. I noticed that Discourse has a setting for checking DMARC authentication, but the postfix configured by mail-receiver doesn’t do DMARC.

I propose that the mail-receiver container adds an option for authenticating emails via DMARC, possibly as described in [3].

By the way, this is my first Discourse installation, and I’m very impressed with its capabilities. Thank you for your hard work on this important software!

[2] Configuring authentication checks on incoming email

[3] Set Up OpenDMARC with Postfix on Ubuntu to Block Email Spoofing/Spam

4 Likes

Quick operational question regarding certificate renewal for the mail-receiver container. I’ve got everything working with the container mounting a volume that points to the necessary cert (which in my case is separate from the Discourse cert) and I’ve got a process that renews the cert and all that is great.

Will the mail-receiver container recognize the new cert when it gets overwritten by the renewal process or do I need to bounce the container when this happens? If it matters, the folder with the cert has the actual files rather than symlinks like /etc/letsencrypt/live normally would.

1 Like

I don’t know why they would be different from having the mail receiver use the discourse cert. If the mail receiver reboots once a month you’ll be ok. I think it’s just luck that works to get the mail receiver to get the new cert now, though I don’t know.

1 Like

They’re different because the public Discourse cert is being terminated at a reverse proxy on a different host rather than passing through to Discourse. But the SMTP traffic goes straight to the discourse box, so it has its own copy of the public cert. In any case, I’ll probably just add a post-renewal hook to bounce the mail-receiver container to be safe.

2 Likes

Since some months I didn’t received emails anymore on discourse, I was trying to solve the problem and the logs of mail-receiver shows this line when I try to send an email to the forum:

<22>Dec 18 01:42:03 postfix/smtpd[122]: NOQUEUE: reject: RCPT from mail-pf1-f172.google.com[209.85.210.172]: 450 4.7.1 <noreply@forum.domain.org>: **Recipient address rejected: Internal error, API request failed**; from=<myemail@gmail.com> to=<noreply@forum.domain.org> proto=ESMTP helo=<mail-pf1-f172.google.com>

Im wondering what means the “Internal error, API request failed” part, these are logs by postfix when receiving an email but they are rejected ?

Tried to rebuild the contains different times and using different settings, no changes. Ideas?

1 Like

Did you fix the problem months ago?

I’ll try to answer your question, more to learn from subsequent replies than because I am sure I have the right answer.

Emails from the forum have noreply@… in the From: field. Notification emails about forum posts have a unique reply ID in the Reply-To: field. Edit: here’s a description I was given recently: How can someone who wants to primarily interact via email join a thread in progress? - #9 by merefield

I’d expect that “Recipient address rejected” message from emailing noreply. I think it’s an example the tutorial here on bounce handling uses to check it’s working. Edit: here’s the link: Handling bouncing e-mails

1 Like

yes seems like it worked correctly months ago but not recently, maybe was a firewall problem, the thing is that I don’t know a reliable way to test the receiving of emails (so i just wanted to send a random email to the forum and see if appears in the skipped / received / rejected sections)

I have actually configured it with an external gmail account (set a catchall in the server to send everything to that gmail) and seems to work correctly, by other side using the external gmail mode, I can see every email that is received on that account from the skipped / received / rejected sections, I assume that in the same ways they should have appear with the straightforward mode ? :thinking:

1 Like

Sorry, I thought I saw the answer to this before, but couldn’t find it.

Our Discourse setup is new, and it occasionally rejects an email or deletes an attachment. Until we finalize our settings, I’d like to be able to address these issues.

What’s the best way to configure mail-receiver to keep emails around for a little while?

2 Likes

Is that what you need? Cleaning up e-mail logs - #13 by zogstrip

I’ve forgotten how to look at the bounce messages (if I ever knew) so would appreciate a reminder here!

1 Like

Is that what you need? Cleaning up e-mail logs.

It looks like that link is referring to the logs in Discourse. I’m looking for the original emails (mbox or eml) as received by postfix, so that I can, e.g., extract the attachments and attach them to the post.

1 Like

There is some information here: Where do I find details about bounced emails in Discourse? - #10 by peternlewis

When I click on a link (e.g. user_watching_first_post) I just get a error message popup saying “Discourse::NotFound”…

Maybe that’s because I use Mailgun for sending emails and the bounce messages would have gone to Mailgun… maybe it’ll work for you.

1 Like

There seems to be a bug at play - when the container configuration has an https:// URL in it for the mail delivery endpoint to POST to, it actually ignores https:// and instead provides HTTP only.

This is what’s in the containers/mail-handler.yml file for the DISCOURSE_MAIL_ENDPOINT under the env category:

  ## The URL of the mail processing endpoint of your Discourse forum.
  ## This is simply your forum's base URL, with `/admin/email/handle_mail`
  ## appended.  Be careful if you're running a subfolder setup -- in that case,
  ## the URL needs to have the subfolder included!
  DISCOURSE_MAIL_ENDPOINT: 'https://discourse.example.com/admin/email/handle_mail'

… but when checking the logs, it’s ignoring HTTPS:

<22>Dec 30 16:28:37 postfix/master[1]: daemon started -- version 3.2.4, configuration /etc/postfix
Operating environment:
...
PATH=/usr/local/bundle/bin:/usr/local/bundle/gems/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
DISCOURSE_MAIL_ENDPOINT=http://discourse.example.com/admin/email/handle_mail
...

I’m not entirely sure WHERE it’s getting http and not HTTPS from here. Is there any way to blast the thing and make it rebuild from scratch? Or force it to use HTTPS instead?

1 Like

Did you rebuild the mail receiver after updating the yml file?

2 Likes

That’s what I forgot to do…

Moral of this story: don’t try and sysadmin without coffee >.<

2 Likes