Email suddenly no longer works with SMTP Relay Google Workspace
-
@theopenem are you using the Gmail SMTP relay or just a normal Gmail address? Sounds like Gmail may have stopped accepting Nodemailer's requests for some reason.
Let me try a test case myself. The authors of Nodemailer seem to hate Gmail as well: https://nodemailer.com/usage/using-gmail/
-
@pitaj said in Email suddenly no longer works with SMTP Relay Google Workspace:
@emotion a restart of your forum would eliminate the issue, so it's highly unlikely that issue is causing this.
As you said you'd likely see a different error if it was falling back to sendmail.
The Flarum forum also has 0 active users, but again with the exact same SMTP relay settings it sends emails just fine.
I don't know and this is extremely frustrating. I wish I could help but you might need to ask people with more expertise, try Stack Overflow or the Nodemailer GitHub issues. I'll see if I can write up a minimal reproduction example for you to try (removing NodeBB from the picture) so you can post there.
Thanks, that's a good idea, I might do that.
@gotwf said in Email suddenly no longer works with SMTP Relay Google Workspace:
might try pinging @scottalanmiller. i am recouperating from hand surgery & a bit challenged at present.
maybe try test goog's smtp relays manually from cli, e.g.:
Edit: in case not clear, I meant to test from cli on the respective server. If that all works, then you've isolated to nodebb, no? which may well already be the case but still nice to have confirmation and the real time responses from gsmtp server might proof informative. good luck o/
Well, Flarum works fine with it. Still, I tested to see if telnet would connect with it and it does:
$ telnet smtp-relay.gmail.com 587 Trying 2607:f8b0:400d:c03::1c... Connected to smtp-relay.gmail.com. Escape character is '^]'. 220 smtp-relay.gmail.com ESMTP v24sm193634pjt.16 - gsmtp
@theopenem said in Email suddenly no longer works with SMTP Relay Google Workspace:
I had the same thing happen. Emails have been working fine when using the gmail smtp server for months. Then a few days ago it stopped working with the same error as mentioned above. I have a wordpress site on the same server as nodebb with the same relay settings and it continues to work fine. It also works fine when using telnet from that same server. NodeBB is the only thing that seems to be effected. I solved the problem by disabling "Use an external email server to send emails" and just letting postfix relay the mail for me. Just thought I'd share.
How are you connecting WordPress to smtp-relay.gmail.com? Are you using a plugin?
The problem with letting postfix relay the mail is that it lacks DKIM, DMARC, and SPF records which makes your emails more likely to end up in the spam folder. Also, if you have multiple sites running on the same server then postfix mails every email from the primary domain, usually in /etc/mailname, which essentially spoofs emails and again makes it more likely to end up in spam.
In any case, I contacted Google Workspace support on Friday and chatted with them for over 2 hours about this issue. They couldn't figure it out and kept insisting it was a denial of service issue, but they didn't make it clear if it was on my end or theirs.
They sent me an email today:
After consulting your case related to the SMTP relay issue and also verifying similar cases, it appears that the issue is highly related to the Denial of Service as we discussed during our chat interaction, probably, the system detected a massive email delivery from the previous set up causing this error to appear.
As suggested, it will be necessary to declare your domain at the HELO command, from the tool that you are using adding your domain name so our system will be able to complete the authentication, it is strongly recommended to contact the app developer or their community forum to see if there's another way for you to add this command.
In case is needed, you can visit the following Help Center article for more information about setting the SMTP relay, it will come in handy https://support.google.com/a/answer/2956491
It was a pleasure to assist you. I'll keep this case open for the next three business days so you can let me know if additional assistance is needed. Once the case closes, you can reply in the next 30 days to reopen it. Have a nice day!
Is this currently possible with nodeBB?
-
-
@emotion Yay, their email response gave me an idea to use "name" option in nodemail configuration, and it worked!
I had the same problem, emails had been correctly sent but a week ago or so they stopped, in logs i saw that 421, "4.7.0" error.
Here is what i use as transport configuration now{ "name": "your-domain-name.com", "host" : "smtp-relay.gmail.com", "port" : 465, "secure": true, "pool": true },
Thank you!
-
@emotion said in Email suddenly no longer works with SMTP Relay Google Workspace:
How are you connecting WordPress to smtp-relay.gmail.com? Are you using a plugin?
Yes, I use WP Mail SMTP
-
@emotion said in Email suddenly no longer works with SMTP Relay Google Workspace:
The problem with letting postfix relay the mail is that it lacks DKIM, DMARC, and SPF records which makes your emails more likely to end up in the spam folder.
I'm using postfix to relay all mail to gmail. It ends up being the same thing as if you set the relay in NodeBB.
-
@vaulverin okay so in NodeBB we need to add the name based on config.json
url
.@Emotion @theopenem can you try hard coding
name: 'your-domain.com',
At this line https://github.com/NodeBB/NodeBB/blob/501441b736386929ed06f749dae0c2a1d3c0059a/src/emailer.js#L121
And see if that allows emails to send?
-
@pitaj Yes! That fixed it!
I'm assuming you're going to let the nodeBB dev team know about this, eh? Great job.
@vaulverin said in Email suddenly no longer works with SMTP Relay Google Workspace:
@emotion Yay, their email response gave me an idea to use "name" option in nodemail configuration, and it worked!
I had the same problem, emails had been correctly sent but a week ago or so they stopped, in logs i saw that 421, "4.7.0" error.
Here is what i use as transport configuration now{ "name": "your-domain-name.com", "host" : "smtp-relay.gmail.com", "port" : 465, "secure": true, "pool": true },
Thank you!
Awesome, glad you got it to work.
@theopenem said in Email suddenly no longer works with SMTP Relay Google Workspace:
@emotion said in Email suddenly no longer works with SMTP Relay Google Workspace:
The problem with letting postfix relay the mail is that it lacks DKIM, DMARC, and SPF records which makes your emails more likely to end up in the spam folder.
I'm using postfix to relay all mail to gmail. It ends up being the same thing as if you set the relay in NodeBB.
How many sites do you have running on the server? If it's just 1 then yeah postfix relay will be the same as a direct relay. But if you have multiple sites then the mailing domain and the return path will be the FQDN. At least that's how it is with my configuration.
If you have multiple sites and they're all being mailed by the sending domain can you share your configuration please?
-
@theopenem said in Email suddenly no longer works with SMTP Relay Google Workspace:
I'm using postfix to relay all mail to gmail. It ends up being the same thing as if you set the relay in NodeBB.
Moreover, you now have a mail spool for failed messages, access to meaningful log messages, ability to tweak and tune if necessary, etc. This is a big win. But maybe too much a pita for some. Until something breaks.
DKIM is lame. Search "DKIM considered bad". Here's one rant from ZDNet.
Iirc (and it has been a while since I needed to read up cuz my stuff jfw....), SPF has no restrictions on number of different domains - just add the spf txt record to that domain. Then make sure the relay has a reverse dns entry - that does not have to be the same domain, just has to be.
I was hoping for some better diagnostics, wh/is why I suggested the cli. Establishing an initial connection is easy. It is what comes next that is important and unfortunately OP did not see that bit thru. Why does not somebody test it, eh? I don't have any goog accts, nor do I want/need one, but it may prove illuminating?
Just my $0.02.
P.S.; Or maybe ptr is even easier than that for this use case: create a redirect to goog's? then goog worries about the nitty gritty for you. Like I said, been a while and shootin' from the hip. Double check the rfc, eh?
Here's some DMARC spf resources for the bold and curious.
P.P.S.; Geronimo, here ya' go. Big medicine!
Primary domain sporting the smtp relay zone file:
relaydomain.tld. IN TXT "v=spf1 ip4:xxx.xxx.xxx.xxy ip4:yyy.yyy.yyy.yyz -all"
otherdom.tld zone file:
otherdom.tld. IN TXT "v=spf1 redirect=relaydom.tld"
foodom.tld zone file:
foodom.tld. IN TXT "v=spf1 redirect=relaydom.tld"
anotherdom.tld zone file
@ IN TXT "v=spf1 redirect=relaydom.tld"
More than one way to do it, note the @ in second example there. Save typing but less explicit. Pick yer' poison.
Then use a checker. I favor MXToolbox, but note the Goog has one specific for their stuff Google Admin Toolbox Check MX .