Straightforward direct-delivery incoming mail

(Jay Pfaffman) #90

Those were the days. Then the default behavior was to do everything possible to see that every message got delivered, and if it wasn’t possible, let someone know.

But it’s still striking how much of the basic system still works pretty much the same.

(Christoph) #91

Correct. And good to know that Alice’s SMTP server (or is that not what it is?) will accept the mail from Alice’s mailer, no matter what (authentication provided, of course). It was basically that part I wasn’t sure about. But now that you put it down so nicely it makes complete sense.

So can I add a little complication to the picture and ask what happens when Bob’s MX served is a Google server which accepts all email for Bob’s domain (which is the default config when you register a domain with Google Domains). But in order to read Alice’s mail, Bob needs to either sign up for a G Suite plan or configure the MX server so that mails to Bob’s email address are forwarded to his actual email account at another provider (All other emails are sent to /dev/null, I suppose).

Could you explain what happens in this forwarding step? Is the process the same as when Alice’s relay server delivered the mail to Bob’s (first) MX server? If so, why would the (second) MX server accept Alice’s email? After all, it is addressed to an entirely differed email address…

(Eli the Bearded) #92

Yes, it is an SMTP server, but it is serving a particular role (eg, internal incoming, relay, external incoming).

I’m not so familiar with the specifics of Gmail configuration. And this sounds like you are asking about a half-configured set-up. But let’s try to guess the process anyway.

Before Google knows about Bob’s domain, it will reject email to it. Once it knows, because configuration has started, it will possibly accept and store that email to forward in the future. During configuration of such MX intermediaries, you sometimes can configure things as “accept email ONLY for these named addresses” or “accept all email, and use this box name as a catchall”. Then there’s the not recommended in the age of spammers configuration of “accept all email, bounce at a later date when Bob’s server refuses some of those addresses”. (That last one is the source of “backscatter” spam.)

Because it has been configured to allow relaying to that domain.

The first mail server Alice uses probably checks username and password on connection.
The relay server that uses probably strictly checks IP address of first mail server.
The MX server the relay server connects to checks recipient strictly, only allowing “local” and known relayed domains.
When that MX server is relaying, it will locally queue and attempt delivery to the relay endpoint.

Typically you use a relay MX server like that because you want someone else to maintain a high quality reliable endpoint for you, either as a main delivery point or as a backup if you go off-line. The Gmail case sounds like a main delivery point scenario.

(Christoph) #93

Hm, not sure if I’m not getting something or if you misunderstood me. Here’s the route Alice’s email will take (and let’s leave Gmail out of the picture because that just causes confusion with Google Domains, i. e. Google as a registrar, which is what I’m talking about):

  1. Alice’s mailer
  2. Alice’s SMTP server
  3. Bob’s (first) MX server, which is run by Google. It accept emails sent to Bob’s domain, the one Alice is mailing to.
  4. Bob’s (second) MX server (I guess that would be the MX endpoint) , let’s say it’s run by Yahoo, because that’s where Bob has his email account. It accepts emails sent to a yahoo domain. But Alice did not send her mail to a yahoo domain. Why/How does the Yahoo server accept the mail nonetheless?

(Jay Pfaffman) #94

I think this is the answer to your question.

My mail for is MXed to my registrar. The registrar accepts the mail for It forwards that mail to my gmail account. Gmail accepts the message, which now has been re-addressed to my gmail account.

I think the part that you’re missing is that when a message is forwarded, the envelope gets a new address in it and gmail knows it’s for my gmail address, even though the To: address still has in it.

(Eli the Bearded) #95

Yeah, forwarding is different than relaying. The forwarder will change the “envelope” (SMTP protocol, rather than “in the headers”) email address. Having envelope address not match headers is how BCC works, too.

(Michael Scott Shappe) #96

I have this working and it seems to function pretty well! Thank you!

I have one request: is there a way to rig it so that, if we’re using Let’s Encrypt magic in our Discourse container, that cert can be shared and used to provide TLS on SMTP?

That’s about the only thing I feel is missing right now!

(Matt Palmer) #97

Sure, pull requests welcome.

(Christoph) #98

The site setting email in says:

Allow users to post new topics via email (requires pop3 polling).

I assume that what is meant here is that it requires that you have either pop3 or manual polling enabled? In other words, it will work with direct-delivery mail, right?

(Matt Palmer) #99

Yes, that help text is somewhat out-of-date. A PR to update it would be appreciated.

(Christoph) #100

I have never done a PR before, but I might have succeeded:

(Freddie Haddad) #101

Tip: If you’re running an EC2 instance on AWS, be sure to open incoming SMTP port 25.

(eriko) #102

If you have a multisite (two and now three containers) setup and are using this on one or more of the sites which site should you set as the DISCOURSE_MAIL_ENDPOINT in the containers configurations?

(Greg) #103

Got this up and running, seems great. However I’d like to simply drop mail to “noreply@my.discourse”, rather than rejecting it with the usual BadDestinationAddress template. Is that achieveable via the YML file or do I need to tweak something else?

(Matt Palmer) #104

I don’t believe that functionality exists at present. It would probably be easiest to add a “blackhole destination addresses” list setting to core, and then put your noreply address in there. PR welcome!

(Matt Palmer) #105

Multisite configurations aren’t supported by this system at present, because there’s no built-in way to map the incoming e-mail addresses to the mail endpoint they should be routed to.

(eriko) #106

Will it be supported at some point? At this point I only need it for one of the containers but that could change. Also of that said it works really nicely and the logging is great.

(Matt Palmer) #107

I’m not aware of any plans here at Discourse World HQ to add support, but PRs are welcome.

(eriko) #108

If the time comes I’ll give it thought. thx.

(Stephen Chung) #109

Why would you want to mail to an account whose name is noreply?