I cant get my email sending to work on my instance. After trying for hours, i wanted to ask for some support here since im quite stuck and dont understand.
I installed Lemmy using ansible so everything is set up in a very standard way - except email.
I want my instance to send email to an external smtp server (Fastmail) whenever there is a need to send an email (user registration, password reset, etc).
Currently the email settings in lemmy.hjson looks like this:
email: {
smtp_server: "postfix:25"
smtp_login: "abc@fastmail.se"
smtp_password: "fastmail_user_password_here"
smtp_from_address: "noreply@lemmy.today"
tls_type: "tls"
}
It seems like i need to have postfix:25 as the smtp server. What i really want is to put smtp.fastmail.com:465 here since thats what i want to use to send email. But that doesnt seem to work.
So I understand I need to send email through postfix, but then I wonder, how should the config look like to send emails to smtp.fastmail.com on port 465 (which is what they have on fastmail), with a specific username and password used on the fastmail server?
I think a lot of people are having issues with the email part of the setup, judging from the many reports of spinning buttons on user signup… this is a very likely reason, specially since there is no error message to the user.
Please help me sort this out, how should i configure this?
EDIT:
Ok after a lot of experiments and help from people below, this was the solution.
email: {
smtp_server: "smtp.fastmail.com:587"
smtp_login: "my_email@fastmail.com"
smtp_password: "password"
smtp_from_address: "my_email@fastmail.com"
tls_type: "starttls"
}
Using this, email sending finally works. I couldnt use something else in the smtp_from_address. Which means my real email gets shown to users, so I will probably create another email address for this purpose completely.
Also specific to Hetzner instances, they dont block port 587 so you can use that with starttls.
Mine works fine sending to my SMTP TLS port.
Are you hosting your instance in a cloud provider? Some may block outgoing SMTP ports as a spam-prevention measure. Other instance admins have reported Digital Ocean as one of those providers.
yeah they block 465 but not 587, so i can connect to it with starttls. But dont get any emails, so something else is wrong…
If it successfully connects on 587, but you’re not getting mail, then it might be your
from
address.I’m not sure about fastmail, but on my email provider, the “from” address has to be valid and assigned to the login account. Most reputable providers enforce this to prevent email spoofing. It is also required so DKIM signing and SFP records can be validated against the domain of the “from” address.
I’m sure what you posted here are pseudo values, but is your
noreply@lemmy.today
address valid in your fastmail account or at least under the same domain? If not, then try setting the “from” address to the address you use to log in.No the fastmail account doesnt know anything about the lemmy.today address, so this could be an issue. And I dont have any DKIM or SFP records in my DNS. I could add that though, maybe thats a good next step?
But i tried to put the email I log in with as the “noreply” address, and I still dont any emails.
At least the signup page doesnt freeze up anymore, since it seemingly can talk to the email server, but no emails arrive. I also cant find anything in the logs about errors… i do “docker compose logs -n 100” to get the last 100 rows from each container but no errors there.
From Lemmy’s perspective, it’s probably sending the email out just fine.
Many, if not most, providers will silently drop messages that it thinks have spoofed “from” addresses. If not the sending provider, then the recipient email server.
Long story short, if your “from” address is not linked to your login address, then it’s probably going to be considered spoofed and treated as spam by at least one email server in the chain.
Edit: yeah, if your from address is under a domain where you have control of DNS, try adding fastmail to your SPF record.
You’d also need to add a DKIM record to provide their public signing key. Most providers also expect a DMARC record and policy for the “from” domain, too. Been a good while since I last set up a 3rd party to send under one of our domains, but I think that’s all we had to do on our end.Yep I think so too. I turned off emails now but will try to figure something out later. Thanks for your help!
DKIM and SPF will prevent delivery but should not prevent the initial send. Make sure you sending sending an email to yourself first because local email severs check the recipient against their own database before going to the public internet. DKIM and SPF may not matter there so you could at least see delivery.
This most likely won’t end well as you will hit outbound limits and throttling as well as delivery issues getting into inbox if you get deliveries at all to the major providers. Managing email sucks. The only real way to accomplish this is using third parties that specialize in it. You still have to manage bounce rates and spam flags or they will shut you down too.