As the official documentation does not explain SMTP configuration, but simply refers to Rails Guide instead, I would like to document STMP TLS configuration for gmail or other SMTP TLS MTAs.
You need:
- SMTP TLS-enabled MTA
- SMTP port
- MTA hostname or address
- user name
- password
To use gmail as submission MTA, you need to enable two factor authentication (skip if you are not using gmail). Enable 2FA in your gmail account. See « Sign in with App Passwords »
It is assumed that the MTA supports SMTP TLS, or SMTPS (not STARTTLS). Double-check it supports SMTP TLS. Use openssl s_client for test.
openssl s_client -connect smtp.gmail.com:465
if you see something like:
CONNECTED(00000003) depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1 verify return:1 depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 verify return:1 depth=0 CN = smtp.gmail.com verify return:1
it supports SMTP TLS.
Add the following to your env file.
DELIVERY_METHOD="smtp" SMTP_ADDRESS="smtp.gmail.com" SMTP_PORT="465" SMTP_USER_NAME="YOUR_GMAIL_USERNAME@gmail.com" SMTP_PASSWORD="YOUR_PASSWORD" SMTP_AUTHENTICATION="plain" SMTP_ENABLE_STARTTLS_AUTO="false" SMTP_OPENSSL_VERIFY_MODE="peer" SMTP_TLS="true"
if above configuration works, congratulation. if you get « certificate verify failed (unable to get local issuer certificate » error in worker log instead, you need my patch, which is available at bugfix: introduce SMTP_CA_FILE and SMTP_CA_PATH · trombik/fab-manager@4bd1634 · GitHub.
after applying the patch, add SMTP_CA_FILE to the env file.
SMTP_CA_FILE="/path/to/your/ca/file"
« /path/to/your/ca/file » depends on your platform.
-
/etc/pki/tls/certs/ca-bundle.crt(RedHat) -
/etc/ssl/certs/ca-certificates.crt(Debian and its variants) -
/usr/local/etc/ssl/cert.pem(FreeBSD) -
/etc/ssl/cert.pem(OpenBSD)