I cant get my email sending to work on my instance. After trying for hours, i wanted to ask for some support here since im quite stuck and dont understand.

I installed Lemmy using ansible so everything is set up in a very standard way - except email.

I want my instance to send email to an external smtp server (Fastmail) whenever there is a need to send an email (user registration, password reset, etc).

Currently the email settings in lemmy.hjson looks like this:

  email: {
    smtp_server: "postfix:25"
    smtp_login: "abc@fastmail.se"
    smtp_password: "fastmail_user_password_here"
    smtp_from_address: "noreply@lemmy.today"
    tls_type: "tls"
  }

It seems like i need to have postfix:25 as the smtp server. What i really want is to put smtp.fastmail.com:465 here since thats what i want to use to send email. But that doesnt seem to work.

So I understand I need to send email through postfix, but then I wonder, how should the config look like to send emails to smtp.fastmail.com on port 465 (which is what they have on fastmail), with a specific username and password used on the fastmail server?

I think a lot of people are having issues with the email part of the setup, judging from the many reports of spinning buttons on user signup… this is a very likely reason, specially since there is no error message to the user.

Please help me sort this out, how should i configure this?

EDIT:

Ok after a lot of experiments and help from people below, this was the solution.

  email: {
    smtp_server: "smtp.fastmail.com:587"
    smtp_login: "my_email@fastmail.com"
    smtp_password: "password"
    smtp_from_address: "my_email@fastmail.com"
    tls_type: "starttls"
  }

Using this, email sending finally works. I couldnt use something else in the smtp_from_address. Which means my real email gets shown to users, so I will probably create another email address for this purpose completely.

Also specific to Hetzner instances, they dont block port 587 so you can use that with starttls.

  • Matej@matejc.com
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    My instance had the same problem, the problem was that Hetzner (where I host my server) by default is not permitting outbound smtp ports. For me the solution was to use alternative port and even that a starttls alternative port which AWS SES luckily supports (that is what I am using for smtp server). Alternative would be also to just ask Hetzner to unblock the port (people have reported success with this method).

    • smartwater0897@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Actually it seems that port 587 is open (starttls) while port 465 (tls) is closed. I can connect to port 587 on my email server from my Hetzner instance (im also using them).

      But how should the config look like to forward emails? How does your config look like?

      • HSL@wayfarershaven.eu
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        I was able to get Brevo working on Hetzner with the following block:

          email: {
            smtp_server: "smtp-relay.sendinblue.com:587"
            smtp_login: "your_email"
            smtp_password: "smtp_key"
            smtp_from_address: "your_email"
            tls_type: "starttls"
          }
        

        Interestingly, it wasn’t working when I gave up and went to bed. I happened to do something on the instance today and much to my surprise, an email came through. Maybe Brevo holds the emails/doesn’t immediately allow SMTP?

        if that hadn’t worked, my next step was going to test sending email through the console as described in another comment.

  • Admiral Patrick@dubvee.org
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Mine works fine sending to my SMTP TLS port.

    Are you hosting your instance in a cloud provider? Some may block outgoing SMTP ports as a spam-prevention measure. Other instance admins have reported Digital Ocean as one of those providers.

    • smartwater0897@lemmy.mlOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      yeah they block 465 but not 587, so i can connect to it with starttls. But dont get any emails, so something else is wrong…

      • Admiral Patrick@dubvee.org
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 year ago

        I’m not sure about fastmail, but on my email provider, the “from” address has to be valid and assigned to the login account. Most reputable providers enforce this to prevent email spoofing. It is also required so DKIM signing and SFP records can be validated.

        I’m sure what you posted here are pseudo values, but is your noreply@lemmy.today address valid in your fastmail account? If not, then try setting the “from” address to the address you use to log in.

        • smartwater0897@lemmy.mlOP
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          No the fastmail account doesnt know anything about the lemmy.today address, so this could be an issue. And I dont have any DKIM or SFP records in my DNS. I could add that though, maybe thats a good next step?

          But i tried to put the email I log in with as the “noreply” address, and I still dont any emails.

          At least the signup page doesnt freeze up anymore, since it seemingly can talk to the email server, but no emails arrive. I also cant find anything in the logs about errors… i do “docker compose logs -n 100” to get the last 100 rows from each container but no errors there.

          • Admiral Patrick@dubvee.org
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            1 year ago

            From Lemmy’s perspective, it’s probably sending the email out just fine.

            Many, if not most, providers will silently drop messages that it thinks have spoofed “from” addresses. If not the sending provider, then the recipient email server.

            Long story short, if your “from” address is not linked to your login address, then it’s probably going to be considered spoofed and treated as spam by at least one email server in the chain.

            Edit: yeah, if your from address is under a domain where you have control of DNS, try adding fastmail to your SPF record. You’d also need to add a DKIM record to provide their public signing key. Most providers also expect a DMARC record and policy for the “from” domain, too. Been a good while since I last set up a 3rd party to send under one of our domains, but I think that’s all we had to do on our end.

          • cablepick@lemmy.cablepick.net
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            DKIM and SPF will prevent delivery but should not prevent the initial send. Make sure you sending sending an email to yourself first because local email severs check the recipient against their own database before going to the public internet. DKIM and SPF may not matter there so you could at least see delivery.

            This most likely won’t end well as you will hit outbound limits and throttling as well as delivery issues getting into inbox if you get deliveries at all to the major providers. Managing email sucks. The only real way to accomplish this is using third parties that specialize in it. You still have to manage bounce rates and spam flags or they will shut you down too.

  • cablepick@lemmy.cablepick.net
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Make sure you can connect from your server to ensure firewall rules, passwords, and SSL type are accurate.

    openssl s_client -connect smtp.fastmail.com:465 -tls smtp

    More directions here as you need to encode your username and password to login from the shell: https://www.stevenrombauts.be/2018/12/test-smtp-with-telnet-or-openssl/

    You can replace postfix:25 with smtp.fastmail.com:465 in the config. Verify that you need tls and not starttls as the ssl type.

    If this is docker then you need to ensure the container can route to their server and port. I don’t use docker so I can’t help you there but I think it’s something about internal vs external bridge.

      • cablepick@lemmy.cablepick.net
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Did you try sending an email through OpenSSL using shell commands? Lemmy has no test email function so you need to be sure your credentials are correct.

        It’s not uncommon for email servers to prevent you from sending as someone else even if you authenticate against your primary account. When using the OpenSSL shell commands it should end a successful test send with 250 ok queued or display an error like from not owned by primary account.

        • mrmanager@lemmy.today
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          I got as far as connecting and authenticating, that works fine with starttls and port 587. I didn’t actually send an email though, maybe I should try that and put different things in the smtp_from field, if possible?

          • cablepick@lemmy.cablepick.net
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            Try sending an email through there. That will tell you right away if you mail server will allow to you use the from address you want to. The message that it responds with is the message that lemmy, or whatever relay, would be logging anyways.

            • smartwater0897@lemmy.mlOP
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              Email actually started working now, I think maybe I was blocked for a while due to my attempts to get things working. Will edit my top post to make sure others can find the result of this thread.

              Thanks!

  • Slashzero@hakbox.social
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Hi there! Going to take a minute to read through your post, as I banged my head against a the SMTP setup wall for several hours.

    But while I do that, assuming you are using the docker method, did you add a secondary external network to the lemmy container in docker-compose.yml? Your email setup looks fine, but without adding the secondary external network your lemmy instance can’t make outgoing calls (federation won’t work either).

        • mrmanager@lemmy.today
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          I checked the logs for postfix (since I use docker I can just do “docker logs”) but no errors.

          It all silently fails. I guess it has to do with email servers dropping the emails. I will look into using some other email server, maybe on aws if that works for other people.

          But I have verified that I can connect to the email server with starttls, and even base64 encoded my username and password and did an interactive “Auth login” session with the email server. All was fine, I was authenticated.

          So probably something with the reply from, maybe… Very confusing.

          • Slashzero@hakbox.social
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            1 year ago

            You are hosting your own postfix, right? Most mail servers will just outright reject your messages. You can add your site’s certs to postfix, so that your mail is not clear text, and that would allow some to go through (but gmail would still block all of them).

            What I ended up doing was signing up for brevo.com and their free tier allows 300 mail messages every 24 hours. Another option would be to use gmail’s smtp relay, which I think allows 300 - 500 emails per day, or something long those lines.

            brevo.com is actually pretty nice as it gives you stats on mail click throughs, etc.

  • Nina@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Similar, I’m assuming gmail is a no go? I feel like theoretically it should work but it’s not. However, this may be because I’m using elest.io -> docker, but something’s fucked up with my domain’s SSL and it’s signed by itself. It gives the browser a big huge 'ol unsecured warning, so I would assume that because that’s messed up it’s causing gmail to not accept it? I’ve opened a ticket with them, so eventually maybe I can figure out if that’s the case, I’ve never had a problem pointing namecheap domains to anything before.

    It says this, but I assure you, the password is correct.

    lemmy_server::api_routes_websocket: email_send_failed: permanent error (535): 5.7.8 Username and Password not accepted. Learn more at5.7.8  https://support.google.com/mail/?p=BadCredentials [long chain of numbers and letters I'm not sure matter] - gsmtp
    

    The settings

      # Email sending configuration. All options except login/password are mandatory
      email: {
        # Hostname and port of the smtp server
        smtp_server: "smtp.gmail.com:587"
        smtp_login: "crystals.rest.lm@gmail.com"
        smtp_password: "[the password]"
        # Address to send emails from, eg "noreply@your-instance.com"
        smtp_from_address: "crystals.rest.lm@gmail.com"
        # Whether or not smtp connections should use tls. Can be none, tls, or starttls
        tls_type: "tls"
      }
    

    I also did start stattls and that didn’t work. Tried swapping ports around, nope.

    edit: fixed the ssl issue with elest.io, they just had a configuration wrong, but tbf lemmy support was added literally yesterday

    second edit: I just didn’t use gmail and instead made a zoho mail account that worked out after a lot of setting up