SOLVED Email suddenly no longer works with SMTP Relay Google Workspace


  • Hi, I've setup nodebb to send emails via Google Workspace SMTP relay and it was working fine until just a few days ago. I have no idea what happened, but now when I send a test email from the admin page I get this error:

    ERROR
    Server terminates connection. response=421 4.7.0 Try again later, closing connection. (EHLO) s22sm961094vkm.4 - gsmtp: 421 4.7.0 Try again later, closing connection. (EHLO) s22sm961094vkm.4 - gsmtp
    

    According to the Google docs this error means:

    421, "4.7.0", Try again later, closing connection. This usually indicates a Denial of Service (DoS) for the SMTP relay at the HELO stage.
    

    Not sure what that means but I have a Flarum forum running on the same server with the same SMTP relay setup for Google Workspace Gmail and it works fine.

    My settings:

    Custom Service
    SMTP Host: smtp-relay.gmail.com
    SMTP Port: 587
    Connection security: StartTLS
    

    Any help would be appreciated.

  • Global Moderator Plugin & Theme Dev

    @vaulverin okay so in NodeBB we need to add the name based on config.json url.

    @Emotion @theopenem can you try hard coding

    name: 'your-domain.com',
    

    At this line https://github.com/NodeBB/NodeBB/blob/501441b736386929ed06f749dae0c2a1d3c0059a/src/emailer.js#L121

    And see if that allows emails to send?

  • Global Moderator Plugin & Theme Dev

    @emotion I've seen some people say it's related to IPv6. Try replacing smtp-relay.gmail.com with the ip address instead: 64.233.162.28

  • Community Rep

    @emotion The second message condirms the 421 Error Code of the first. Checking your nearest RFC:

    The service is unavailable due to a connection problem: it may refer to an exceeded limit of simultaneous connections, or a more general temporary problem.

    @pitaj said in Email suddenly no longer works with SMTP Relay Google Workspace:

    @emotion I've seen some people say it's related to IPv6. Try replacing smtp-relay.gmail.com with the ip address instead: 64.233.162.28

    Why the 64.x address? After some quick drillin' I syspect this maybe resolves to various:

    <kvg@loon:~>% drill smtp-relay.gmail.com
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 59360
    ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; smtp-relay.gmail.com. IN A

    ;; ANSWER SECTION:
    smtp-relay.gmail.com. 300 IN A 74.125.195.28

    I suspect that the Goog's relays are simply a bit constipated. Give them some time. In the meantime, are your "failed" messages relegared to a mail spool, to try, try again, the mail must get thru? Or are they a one and done kind of deal?

    My $0.02. Proll'y half-baked as well.... Have fun! o/


  • Tried it again today and when I send a test email it says it was sent successfully but it doesn't arrive in my inbox.

    @pitaj said in Email suddenly no longer works with SMTP Relay Google Workspace:

    @emotion I've seen some people say it's related to IPv6. Try replacing smtp-relay.gmail.com with the ip address instead: 64.233.162.28

    Thanks, tried that and it said successful upon sending a test email but again it doesn't arrive in my inbox.

    @gotwf said in Email suddenly no longer works with SMTP Relay Google Workspace:

    @emotion The second message condirms the 421 Error Code of the first. Checking your nearest RFC:

    The service is unavailable due to a connection problem: it may refer to an exceeded limit of simultaneous connections, or a more general temporary problem.

    @pitaj said in Email suddenly no longer works with SMTP Relay Google Workspace:

    @emotion I've seen some people say it's related to IPv6. Try replacing smtp-relay.gmail.com with the ip address instead: 64.233.162.28

    Why the 64.x address? After some quick drillin' I syspect this maybe resolves to various:

    <kvg@loon:~>% drill smtp-relay.gmail.com
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 59360
    ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; smtp-relay.gmail.com. IN A

    ;; ANSWER SECTION:
    smtp-relay.gmail.com. 300 IN A 74.125.195.28

    I suspect that the Goog's relays are simply a bit constipated. Give them some time. In the meantime, are your "failed" messages relegared to a mail spool, to try, try again, the mail must get thru? Or are they a one and done kind of deal?

    My $0.02. Proll'y half-baked as well.... Have fun! o/

    I think they're a one and done deal. How do I check though?

    I tried your IP address and it's the same error.

    Odd, just a few moments ago I had no error when sending a test email but now I get that same 421 4.7.0 error.

    Disabling pooled connections doesn't seem to make a difference.

    If I add my Workspace admin account and an app password, I can send emails. However, the mailing domain and the return path is the domain of the Workspace admin account. I don't want this. What's more is it's missing DKIM, SPF, and DMARC.

    SMTP relay fixes all these problems and lets the forum domain be the sender along with its own DKIM, SPF, and DMARC records.

  • Global Moderator Plugin & Theme Dev

    @emotion which test email did you send? Some silently fail. Otherwise, if it sent without error, I don't what to tell you. It should be in your inbox. Maybe allow for more time for delivery or check your spam.


  • @pitaj Digest. Just tried it again and it says it sent it successfully. But nothing arrived in my inbox nor spam folder.

    I tried the other options and all of them, except digest, are giving me the same 421 4.7.0 error. This is very strange.

  • Global Moderator Plugin & Theme Dev

    @emotion as I said, digest is probably an option in there that will fail silently. You will get a "success" message client side but you should still see an error recorded in the server logs.

    I'd recommend using one of the other options in there that won't fail silently for testing purposes. It shouldn't make a difference delivery wise, it's only changing the message content.


  • @pitaj You're right, digest fails silently. And yes it does produce an error in the server log:

    2021-01-29T10:12:00.592Z [4567/26001] - error: [user/jobs] Could not send digest email
    [emailer.send] Error: Server terminates connection. response=421 4.7.0 Try again later, closing connection. (EHLO) w12sm600011oor.23 - gsmtp: 421 4.7.0 Try again later, closing connection. (EHLO) w12sm600011oor.23 - gsmtp
        at SMTPConnection._actionEHLO (/var/nodebb/node_modules/nodemailer/lib/smtp-connection/index.js:1229:27)
        at SMTPConnection._processResponse (/var/nodebb/node_modules/nodemailer/lib/smtp-connection/index.js:932:20)
        at SMTPConnection._onData (/var/nodebb/node_modules/nodemailer/lib/smtp-connection/index.js:739:14)
        at Socket.SMTPConnection._onSocketData.chunk (/var/nodebb/node_modules/nodemailer/lib/smtp-connection/index.js:189:44)
        at Socket.emit (events.js:198:13)
        at addChunk (_stream_readable.js:288:12)
        at readableAddChunk (_stream_readable.js:269:11)
        at Socket.Readable.push (_stream_readable.js:224:10)
        at TCP.onStreamRead [as onread] (internal/stream_base_commons.js:94:17)
    

    All the other options produce the same error:

    2021-01-29T10:18:38.846Z [4567/26001] - error: admin.email.test
    Error: Server terminates connection. response=421 4.7.0 Try again later, closing connection. (EHLO) g2sm1514993otp.7 - gsmtp: 421 4.7.0 Try again later, closing connection. (EHLO) g2sm1514993otp.7 - gsmtp
        at SMTPConnection._actionEHLO (/var/nodebb/node_modules/nodemailer/lib/smtp-connection/index.js:1229:27)
        at SMTPConnection._processResponse (/var/nodebb/node_modules/nodemailer/lib/smtp-connection/index.js:932:20)
        at SMTPConnection._onData (/var/nodebb/node_modules/nodemailer/lib/smtp-connection/index.js:739:14)
        at Socket.SMTPConnection._onSocketData.chunk (/var/nodebb/node_modules/nodemailer/lib/smtp-connection/index.js:189:44)
        at Socket.emit (events.js:198:13)
        at addChunk (_stream_readable.js:288:12)
        at readableAddChunk (_stream_readable.js:269:11)
        at Socket.Readable.push (_stream_readable.js:224:10)
        at TCP.onStreamRead [as onread] (internal/stream_base_commons.js:94:17)
    

    I have no idea how to even approach fixing this problem.

  • Global Moderator Plugin & Theme Dev

    @emotion I don't really know how to help you either. I am not an expert on SMTP or Google Workspace. Does using the IP instead of the domain give you the same error?

    Maybe you're being rate limited because of too many emails sent from the same server? Maybe try the debug steps here: https://glockapps.com/blog/remove-ip-address-gmail-blacklist/

  • NodeBB


  • @pitaj said in Email suddenly no longer works with SMTP Relay Google Workspace:

    @emotion I don't really know how to help you either. I am not an expert on SMTP or Google Workspace. Does using the IP instead of the domain give you the same error?

    Maybe you're being rate limited because of too many emails sent from the same server? Maybe try the debug steps here: https://glockapps.com/blog/remove-ip-address-gmail-blacklist/

    Tried both IP addresses listed here, 64.233.162.28 and 74.125.195.28. Both appear to connect to the SMTP server but again give the same error.

    TBH, my forum has 0 active users lol. The Flarum forum also has 0 active users, but again with the exact same SMTP relay settings it sends emails just fine. So it can't be rate limitation.

    @baris said in Email suddenly no longer works with SMTP Relay Google Workspace:

    Is this related? https://github.com/NodeBB/NodeBB/issues/9223

    Not sure, but I installed v1.12.1 just to test it out because I know in the past it used to work fine. It's the same error, only this time nodeBB says it sent it successfully but the logs say otherwise:

    2021-01-30T01:13:38.241Z [5835/15098] - error: Server terminates connection. response=421 4.7.0 Try again later, closing connection. (EHLO) b25sm1995991oot.16 - gsmtp: 421 4.7.0 Try again later, closing connection. (EHLO) b25sm1995991oot.16 - gsmtp {"code":"ECONNECTION","response":"421 4.7.0 Try again later, closing connection. (EHLO) b25sm1995991oot.16 - gsmtp","responseCode":421,"command":"EHLO"}
    

    Why would it work with Flarum but not nodeBB?

    Also, wouldn't nodeBB give me a different error if it was falling back to postfix? Regardless, I see that you've fixed it in the latest commit. How do I upgrade my forum to it?

  • Global Moderator Plugin & Theme Dev

    @emotion a restart of your forum would eliminate the issue, so it's highly unlikely that issue is causing this.

    As you said you'd likely see a different error if it was falling back to sendmail.

    The Flarum forum also has 0 active users, but again with the exact same SMTP relay settings it sends emails just fine.

    I don't know and this is extremely frustrating. I wish I could help but you might need to ask people with more expertise, try Stack Overflow or the Nodemailer GitHub issues. I'll see if I can write up a minimal reproduction example for you to try (removing NodeBB from the picture) so you can post there.

  • Community Rep

    might try pinging @scottalanmiller. i am recouperating from hand surgery & a bit challenged at present.

    maybe try test goog's smtp relays manually from cli, e.g.:

    Edit: in case not clear, I meant to test from cli on the respective server. If that all works, then you've isolated to nodebb, no? which may well already be the case but still nice to have confirmation and the real time responses from gsmtp server might proof informative. good luck o/


  • I had the same thing happen. Emails have been working fine when using the gmail smtp server for months. Then a few days ago it stopped working with the same error as mentioned above. I have a wordpress site on the same server as nodebb with the same relay settings and it continues to work fine. It also works fine when using telnet from that same server. NodeBB is the only thing that seems to be effected. I solved the problem by disabling "Use an external email server to send emails" and just letting postfix relay the mail for me. Just thought I'd share.

  • Global Moderator Plugin & Theme Dev

    @theopenem are you using the Gmail SMTP relay or just a normal Gmail address? Sounds like Gmail may have stopped accepting Nodemailer's requests for some reason.

    Let me try a test case myself. The authors of Nodemailer seem to hate Gmail as well: https://nodemailer.com/usage/using-gmail/


  • I am using the gmail smtp relay


  • @pitaj said in Email suddenly no longer works with SMTP Relay Google Workspace:

    @emotion a restart of your forum would eliminate the issue, so it's highly unlikely that issue is causing this.

    As you said you'd likely see a different error if it was falling back to sendmail.

    The Flarum forum also has 0 active users, but again with the exact same SMTP relay settings it sends emails just fine.

    I don't know and this is extremely frustrating. I wish I could help but you might need to ask people with more expertise, try Stack Overflow or the Nodemailer GitHub issues. I'll see if I can write up a minimal reproduction example for you to try (removing NodeBB from the picture) so you can post there.

    Thanks, that's a good idea, I might do that.

    @gotwf said in Email suddenly no longer works with SMTP Relay Google Workspace:

    might try pinging @scottalanmiller. i am recouperating from hand surgery & a bit challenged at present.

    maybe try test goog's smtp relays manually from cli, e.g.:

    Edit: in case not clear, I meant to test from cli on the respective server. If that all works, then you've isolated to nodebb, no? which may well already be the case but still nice to have confirmation and the real time responses from gsmtp server might proof informative. good luck o/

    Well, Flarum works fine with it. Still, I tested to see if telnet would connect with it and it does:

    $ telnet smtp-relay.gmail.com 587
    Trying 2607:f8b0:400d:c03::1c...
    Connected to smtp-relay.gmail.com.
    Escape character is '^]'.
    220 smtp-relay.gmail.com ESMTP v24sm193634pjt.16 - gsmtp
    

    @theopenem said in Email suddenly no longer works with SMTP Relay Google Workspace:

    I had the same thing happen. Emails have been working fine when using the gmail smtp server for months. Then a few days ago it stopped working with the same error as mentioned above. I have a wordpress site on the same server as nodebb with the same relay settings and it continues to work fine. It also works fine when using telnet from that same server. NodeBB is the only thing that seems to be effected. I solved the problem by disabling "Use an external email server to send emails" and just letting postfix relay the mail for me. Just thought I'd share.

    How are you connecting WordPress to smtp-relay.gmail.com? Are you using a plugin?

    The problem with letting postfix relay the mail is that it lacks DKIM, DMARC, and SPF records which makes your emails more likely to end up in the spam folder. Also, if you have multiple sites running on the same server then postfix mails every email from the primary domain, usually in /etc/mailname, which essentially spoofs emails and again makes it more likely to end up in spam.

    In any case, I contacted Google Workspace support on Friday and chatted with them for over 2 hours about this issue. They couldn't figure it out and kept insisting it was a denial of service issue, but they didn't make it clear if it was on my end or theirs.

    They sent me an email today:

    After consulting your case related to the SMTP relay issue and also verifying similar cases, it appears that the issue is highly related to the Denial of Service as we discussed during our chat interaction, probably, the system detected a massive email delivery from the previous set up causing this error to appear.

    As suggested, it will be necessary to declare your domain at the HELO command, from the tool that you are using adding your domain name so our system will be able to complete the authentication, it is strongly recommended to contact the app developer or their community forum to see if there's another way for you to add this command.

    In case is needed, you can visit the following Help Center article for more information about setting the SMTP relay, it will come in handy https://support.google.com/a/answer/2956491

    It was a pleasure to assist you. I'll keep this case open for the next three business days so you can let me know if additional assistance is needed. Once the case closes, you can reply in the next 30 days to reopen it. Have a nice day!

    Is this currently possible with nodeBB?

  • Community Rep

    @emotion Cool. I expected as much. Good to have confirmation.

    Are you also able to authenticate via cli? A bit more work but then you'd know 100%. And if not, then you've got some immediate error messaging at the source.


  • @emotion Yay, their email response gave me an idea to use "name" option in nodemail configuration, and it worked!
    I had the same problem, emails had been correctly sent but a week ago or so they stopped, in logs i saw that 421, "4.7.0" error.
    Here is what i use as transport configuration now

    {
        "name": "your-domain-name.com",
        "host" : "smtp-relay.gmail.com",
        "port" : 465,
        "secure": true,
        "pool": true
      },
    

    Thank you!


  • @emotion said in Email suddenly no longer works with SMTP Relay Google Workspace:

    How are you connecting WordPress to smtp-relay.gmail.com? Are you using a plugin?

    Yes, I use WP Mail SMTP

Suggested Topics

| |