SMTP TLS configuration for gmail and other SMTP TLS MTAs

As the official documentation does not explain SMTP configuration, but simply refers to Rails Guide instead, I would like to document STMP TLS configuration for gmail or other SMTP TLS MTAs.

You need:

  • SMTP TLS-enabled MTA
  • SMTP port
  • MTA hostname or address
  • user name
  • password

To use gmail as submission MTA, you need to enable two factor authentication (skip if you are not using gmail). Enable 2FA in your gmail account. See « Sign in with App Passwords »

It is assumed that the MTA supports SMTP TLS, or SMTPS (not STARTTLS). Double-check it supports SMTP TLS. Use openssl s_client for test.
openssl s_client -connect

if you see something like:

CONNECTED(00000003) depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1 verify return:1 depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 verify return:1 depth=0 CN = verify return:1

it supports SMTP TLS.

Add the following to your env file.

if above configuration works, congratulation. if you get « certificate verify failed (unable to get local issuer certificate » error in worker log instead, you need my patch, which is available at bugfix: introduce SMTP_CA_FILE and SMTP_CA_PATH · trombik/fab-manager@4bd1634 · GitHub.

after applying the patch, add SMTP_CA_FILE to the env file.

« /path/to/your/ca/file » depends on your platform.

  • /etc/pki/tls/certs/ca-bundle.crt (RedHat)
  • /etc/ssl/certs/ca-certificates.crt (Debian and its variants)
  • /usr/local/etc/ssl/cert.pem (FreeBSD)
  • /etc/ssl/cert.pem (OpenBSD)
1 « J'aime »

See also: mail delivery fails when TLS verify is enabled · Issue #354 · sleede/fab-manager · GitHub