I used the Ansible playbook instructions and got my instance up and running, which is where I’m sending this from now. Still, I was not able to get the SMTP side of things working. Does this whole setup self-host SMTP on the Lemmy instance, or is it something I’ll have to sort out externally? I’ve heard some people have had issues with Digital Ocean on certain ports, which is the VPS provider I’m hosting on, but even other ports I’ve tried have not worked.

  • I eat words@group.lt
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    1 year ago

    Afaik Digital Ocean blocks smtp port.

    What you can do is to get some mail relay service, such as mailgun or any other and configure postfix to use it as a relay host. It can be done running postfix container, but probably Lemmy could be configured to send email via relay without using postfix

  • baltakatei@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    If it’s anything like SMTP on a Mediawiki or Discourse instance (example notes, then what you probably need is something called “transactional email” (I’m guessing you’re looking at a guide like this?). I’ve made use of this guide for looking up vendors for that service.

    In theory, the same server hosting a Lemmy service could also send and receive emails. However, in practice there’s a high probability of these emails landing in spam boxes. The defacto proof-of-work hurdle that inhibits email spam today is paying commercial transactional email companies a monthly fee. I’m hopeful that one day self-hosted email server software will become easier to set up through things like FreedomBox (via Postfix, Dovecot, and Rspamd), but the fundamental reputation problem remains, imo.

    So, I doubt a Lemmy setup guide would automatically take care of email setup. In any case, the process involves creating at least one MX record (according to instructions provided by your transactional email service) with your DNS provider which depends on the name servers you have configured for your domain registrar. The transactional email service you select should provide instructions for what port to open, as well as what SMTP URL, user name, password, and postmaster email address to provide to Lemmy.

    • EuphoricPenguin@normalcity.lifeOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Wait, what am I exactly doing with the MX record? Would that be necessary to send email in the first place? I only have two basic A records configured at the moment.

      • baltakatei@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Theoretically, I don’t think an MX record is absolutely needed to send, but it definitely is needed to receive. An MX record helps an email sending server to figure out which IP address to actually send email data packets towards based on the domain name in the email address (i.e. the @apple.com in steve@apple.com).

        Even if you’re self-hosting your own email server and are using the same domain name for all services and are using port number to differentiate incoming traffic, incoming email won’t come in unless an MX record can explicitly tell other email servers where to send emails labeled with your domain name. An MX record can also be a handy way to redirect email traffic to a different IP address in case the one your server uses is blacklisted by other email servers (e.g. if spammers have used your IP address in the past).

        An A record can associate an IP address with a domain name but an MX record is needed to tell a sending server that a domain name is prepared to accept email at all.

        That said, if you examine the DNS setup instructions that a transactional email company will send you, you’ll see that they also want you to create other DNS records for purposes. For example, Mailgun has me store a public key in a TXT record (making it a DKIM record) used to cryptographically authenticate emails against emails sent by your server (that are forwarded and signed by Mailgun’s private key) to prevent email address impersonation, which might be important even if you’re only sending password reset emails and not expecting to receive email. (I recall receiving several emails from emperorpalpatine@senate.gov while in college, probably sent by mischievous CS students learning about email stuff themselves and realizing our school’s email setup was old and crusty) Mailgun also has me keep a CNAME record as well for some kind of delivery confirmation service (a transactional email service is basically a trusted man-in-the-middle); I forget the details. But, basically, thanks to spammers, there’s more to setting up your own email service than creating an MX record, even if all you’re doing is setting up a Lemmy instance that only needs to send password reset emails.

        Source: someone who has bumbled through Discourse and Mediawiki email setup for small projects.

  • terribleplan@lemmy.nrd.li
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    1 year ago

    Can’t comment on the Ansible/Lemmy side of things, but I ran a mailserver in DO for years. IIRC I had to file a ticket for them to unblock port 25 outgoing, and IPv6 was a no-go entirely (because they assign individual IPs instead of a /64 for instances like they should, or maybe just too small a range I forget).

    I would suggest using some mailer service (mailgun, SES, postmark, etc.) unless you are interested in fully actually running a mailserver and all the fun deliverability issues that can ensue.

  • Demigodrick@lemmy.zip
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    1 year ago

    I’m on hetzner who also block port 25. I finally worked out what I needed to change to get it to work. As your using the ansible playbook, all you need to change the lines inside the .hjson file to match those of an external mail service. I used Mailersend (3000 free emails once you’re verified). If you’re using port 587 use starttls as your encryption.