Hi, I am configuring the sending of notifications from GitLab CE 13.11.3 with an email account from an external provider which is namecheap.
This is part of the gitlab.rb file as specified by my provider:
I run gitlab-ctl reconfigure and everything seems to be fine.
I open the rails console with gitlab-rails console to validate that a test mail is sent and I get the following output:
I don’t understand why if in the configuration I am indicating that the mail server is mail.ourlimm.dev in delivered mail,replay-to and message-id is using another domain.
I will be very grateful if you can help me with this problem.
What is actually in the body isn’t the problem here. The problem is mail.ourlimm.dev does not match the server certificate name. So in your SMTP address, you need to match the name of the certificate, or you need to generate a new certificate for mail.ourlimm.dev or for *.ourlimm.dev as a wildcard certificate.
In fact, checking that now, change the SMTP server to be ourlimm.dev instead of mail.ourlimm.dev, since mail.ourlimm.dev is just a cname for ourlimm.dev. The certificate is generated for ourlimm.dev. Then it would work.
openssl s_client -showcerts -connect mail.ourlimm.dev:443 -tls1_3
CONNECTED(00000003)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
verify return:1
depth=0 CN = ourlimm.dev
verify return:1
---
Certificate chain
0 s:CN = ourlimm.dev
i:C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
-----BEGIN CERTIFICATE-----
as you can see CN = ourlimm.dev.
Thank you very much iwalker
I made the change you indicated but I still get the same error:
I have seen these commands for the rails console:
ActionMailer::Base.delivery_method
ActionMailer::Base.smtp_settings
The last command returns the following settings:
In the configuration I see a setting that forces the use of a certificate, but I don’t locate where that setting is in the /etc/gitlab/gitlab.rb file.
I think that certificate is the one that is giving me problems.
My infrastructure is as follows:
I have a VPS contracted with Namecheap, in this VPS I have several domains among them ourlimm.dev and ourlimm.tech the gitlab instance is deployed in AWS in ligthsail, currently this instance is using for https Let’s Encrypt certificates, all DNS management is done in Namecheap
I think more of the problems are your infrastructure. You have email configured for ourlimm.dev but then your SMTP server has this information:
220-server1.ourlimm.training ESMTP Exim 4.94.2 #2 Wed, 05 May 2021 12:52:06 -0500
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
250-server1.ourlimm.training Hello
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-PIPE_CONNECT
250-STARTTLS
250 HELP
as you can see here, you now have ourlimm.training as a domain name for your mail server. Try changing ourlimm.dev to ourlimm.training for your SMTP settings. As there is zero consistency between any of your domains for email delivery to be successful.
Whatever banners are passed via the configuration of SMTP ports 25, 587 are going to come from that training domain. I don’t believe the Gitlab certificates are the problem, since any certificates under Gitlab with LetsEncrypt will match the domain name of the gitlab server itself. Of course assuming you configured external_url to use HTTPS.
All MX records for your domains should also match the SMTP name of your server. Otherwise you can expect mail delivery problems. This also applies for PTR records, because even checking that, they don’t match the name of your server either:
dig server1.ourlimm.training
server1.ourlimm.training. 14400 IN A 162.0.223.121
dig -x 162.0.223.121
121.223.0.162.in-addr.arpa. 86400 IN PTR server1.auth-loginweb.com.
Hi, iwalker
thank you very much for your help.
I finally gave up and set up a gmail account, it is working correctly, the only thing is that the notifications arrive to the users as spam.
1 Like
