EDIT: I have it working now! I had to set up DKIM and configure my server so Digital Ocean created the proper PTR records. Now email is being sent to spam but at least it’s making it through!
Hopefully this is the last time I need to bug you guys here about stuff. :)
I added a postfix relay to my Lemmy instance and configured the email settings in my lemmy.conf
file but no matter what I do I keep getting a “no_email_setup” error when I try to test the SMTP server. Is there an obvious step I’m missing?
This is my full docker-compose.yml
:
version: "3.3"
networks:
lemmyexternalproxy:
lemmyinternal:
driver: bridge
internal: true
services:
proxy:
image: nginx:1-alpine
networks:
- lemmyinternal
- lemmyexternalproxy
ports:
# only ports facing any connection from outside
- 80:80
- 443:443
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
# setup your certbot and letsencrypt config
- ./certbot:/var/www/certbot
- /etc/letsencrypt:/etc/letsencrypt
restart: always
depends_on:
- pictrs
- lemmy-ui
lemmy:
image: dessalines/lemmy:0.17.3
hostname: lemmy
networks:
- lemmyinternal
- lemmyexternalproxy
restart: always
environment:
- RUST_LOG="warn,lemmy_server=info,lemmy_api=info,lemmy_api_common=info,lemmy_api_crud=info,lemmy_apub=info,lemmy_db_schema=info,lemmy_db_views=info,lemmy_db_views_actor=info,lemmy_db_views_moderator=info,lemmy_routes=info,lemmy_utils=info,lemmy_websocket=info"
volumes:
- ./lemmy.hjson:/config/config.hjson
depends_on:
- postgres
- pictrs
lemmy-ui:
image: dessalines/lemmy-ui:0.17.3
networks:
- lemmyinternal
environment:
# this needs to match the hostname defined in the lemmy service
- LEMMY_UI_LEMMY_INTERNAL_HOST=lemmy:8536
# set the outside hostname here
- LEMMY_UI_LEMMY_EXTERNAL_HOST=localhost:1236
- LEMMY_HTTPS=true
depends_on:
- lemmy
restart: always
pictrs:
image: asonix/pictrs:0.3.1
# this needs to match the pictrs url in lemmy.hjson
hostname: pictrs
# we can set options to pictrs like this, here we set max. image size and forced format for conversion
# entrypoint: /sbin/tini -- /usr/local/bin/pict-rs -p /mnt -m 4 --image-format webp
networks:
- lemmyinternal
environment:
- PICTRS__API_KEY=API_KEY
user: 991:991
volumes:
- ./volumes/pictrs:/mnt
restart: always
postgres:
image: postgres:15-alpine
# this needs to match the database host in lemmy.hson
hostname: postgres
networks:
- lemmyinternal
environment:
- POSTGRES_USER=lemmy
- POSTGRES_PASSWORD=PASSWORD
- POSTGRES_DB=lemmy
volumes:
- ./volumes/postgres:/var/lib/postgresql/data
restart: always
postfix:
image: mwader/postfix-relay
networks:
- lemmyinternal
- lemmyexternalproxy
environment:
- POSTFIX_myhostname=myhostname.here
- POSTFIX_inet_protocols=ipv4
restart: always
And my lemmy.hjson
has this block:
email: {
smtp_server: "postfix:25"
smtp_from_address: "Lemmy <noreply@myhostname.here>"
tls_type: "none"
}
Can you show your Lemmy service? Or include the entire
docker-compose.yml
file? Did you restart Lemmy after you updated the config?I updated my
docker-compose.yml
above to the full file. Does that help?Did you restart the container after you updated the
lemmy.hjson
file? The container needs to reload to pickup any changes to that file. You can dodocker-compose restart lemmy
to restart just that single container.Also, you posted your database password with your config file. You should change your Database password now that it’s “leaked”.
Ah SHIT. Thanks, doing it now.
Done. And restarting the lemmy container appears to have helped! Now if I click “forgot password” with my email in the user field it at least shows a “sent a reset email” notification. I don’t see an email yet though, either in inbox or spam, and no error logs from what I can tell but I’ll keep looking.
Your email block doesn’t have any login details? Or did you remove them to post here? I think both the smtp_login and smtp_password are required.
No, I didn’t have anything there. The docs say everything but the login and password are required, but because I’m using the relay package I don’t know what those would be to begin with because I’m not using an external SMTP with an account.
Yeah you are right - they aren’t required. Not sure what it could be.
It looks like email is getting blocked because I need to set up SPF or DKIM. From my postfix logs:
This mail is unauthenticated, which poses a security risk to the 550-5.7.26 sender and Gmail users, and has been blocked. The sender must 550-5.7.26 authenticate with at least one of SPF or DKIM.
Now I’m off to figure that out!
EDIT: It works now! Emails are currently being sent to spam but at least it’s making it to my inbox.
You should be concerned, because there is always a risk, but there is also a risk when you are just using internet even without selfhosting. It is good to remember some rules:
- Keep apps up to date
- Open only that ports, that you need (80, 443, maybe 22 for ssh)
- If you open ssh port, use keys authentication and cut possibility logging with password
- Do not expose apps, that you are not need in this form, for example Yunohost allows to hide apps behind Yunohost SSO logging page
- Using cloudflare or/and Fail2Ban is cool
- Maybe I am a little bit paranoic, but I do not expose apps, that can be used anonymously by everyone, for example link shorters or pastebin alternatives.
It is not all of course.