As the official documentation does not explain SMTP configuration, but simply refers to Rails Guide instead, I would like to document STMP TLS configuration for gmail or other SMTP TLS MTAs.
You need:
- SMTP TLS-enabled MTA
- SMTP port
- MTA hostname or address
- user name
- password
To use gmail as submission MTA, you need to enable two factor authentication (skip if you are not using gmail). Enable 2FA in your gmail account. See "Sign in with App Passwords"
https://support.google.com/accounts/answer/185833
It is assumed that the MTA supports SMTP TLS, or SMTPS (not STARTTLS). Double-check it supports SMTP TLS. Use openssl s_client for test.
openssl s_client -connect smtp.gmail.com:465
if you see something like:
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = smtp.gmail.com
verify return:1
it supports SMTP TLS.
Add the following to your env file.
DELIVERY_METHOD="smtp"
SMTP_ADDRESS="smtp.gmail.com"
SMTP_PORT="465"
SMTP_USER_NAME="YOUR_GMAIL_USERNAME@gmail.com"
SMTP_PASSWORD="YOUR_PASSWORD"
SMTP_AUTHENTICATION="plain"
SMTP_ENABLE_STARTTLS_AUTO="false"
SMTP_OPENSSL_VERIFY_MODE="peer"
SMTP_TLS="true"
if above configuration works, congratulation. if you get "certificate verify failed (unable to get local issuer certificate" error in worker log instead, you need my patch, which is available at https://github.com/trombik/fab-manager/commit/4bd1634f82b3582b4574d837bd05aeccc975e943.
after applying the patch, add SMTP_CA_FILE to the env file.
SMTP_CA_FILE="/path/to/your/ca/file"
"/path/to/your/ca/file" depends on your platform.
-
/etc/pki/tls/certs/ca-bundle.crt (RedHat)
-
/etc/ssl/certs/ca-certificates.crt (Debian and its variants)
-
/usr/local/etc/ssl/cert.pem (FreeBSD)
-
/etc/ssl/cert.pem (OpenBSD)
