SMTP configuration for Office 365

drichards2 · February 10, 2016, 12:16pm

I’ve been chasing around trying to configure a fresh Gitlab install to send e-mail out via Office365. Currently it is failing with an ‘unknown protocol’ error - does anyone have a known good e-mail config for Office365?

The relevant parts of my gitlab.rb file are:

gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = '[outbound_user_name@mydomain.com]'
gitlab_rails['gitlab_email_display_name'] = 'Gitlab Robot'
gitlab_rails['gitlab_email_reply_to'] = '[noreply@mydomain.com]'

gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.office365.com"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "[outbound_user_name@mydomain.com]"
gitlab_rails['smtp_password'] = "[password]"
gitlab_rails['smtp_domain'] = "[mydomain.com]"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'none'
gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"

As far as I can tell, this is the correct configuration based on this Microsoft Technet article. I have, of course, replaced values within square brackets with their correct counterparts!

After reconfiguring and restarting Gitlab, I’m still not able to send mail from Gitlab. The relevant message from /var/log/gitlab/sidekiq/current seems to be:

TID-8zx5o WARN: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol
TID-8zx5o WARN: /opt/gitlab/embedded/lib/ruby/2.1.0/net/smtp.rb:586:in `connect'
/opt/gitlab/embedded/lib/ruby/2.1.0/net/smtp.rb:586:in `tlsconnect'

I’ve tried many variants on the configuration options, but nothing seems to work for me. I’ve tried initialising a direct TLS connection to smtp.office365.com:587 from the command line using openssl and that seemed to be successful. I can’t help feel that the ‘SSLv2/v3’ error is a clue - I had expected the connection to be made using TLS - surely SSLv2/v3 is a different (incorrect) connection method?

Version information for the install is as follows:

System information
System:         Debian 8.3
Current User:   git
Using RVM:      no
Ruby Version:   2.1.8p440
Gem Version:    2.5.1
Bundler Version:1.10.6
Rake Version:   10.5.0
Sidekiq Version:4.0.1

GitLab information
Version:        8.4.2
Revision:       8d07b81
Directory:      /opt/gitlab/embedded/service/gitlab-rails
DB Adapter:     postgresql
URL:            [hidden]
HTTP Clone URL: [hidden]
SSH Clone URL:  [hidden]
Using LDAP:     yes
Using Omniauth: no

GitLab Shell
Version:        2.6.10

The local MTA is exim4, configured for direct client connection to SMTP.

Any help would be very gratefully appreciated.

drichards2 · February 11, 2016, 4:31pm

Further to this point, I can confirm that I can make successful SSH connections to smtp.gmail.com on port 465, but attempts to connect using TLS to smtp.gmail.com:587 fail. Again, this seems to support the theory that (with the settings above), TLS connections are not successfully being made. Only the port number was changed between the two tests.

Essentially this seems to say that gitlab_rails['smtp_tls'] = true is having no effect. Is there a suggestion as to why that might be?

lwd · June 5, 2016, 7:54am

Not sure if you ever solved this, however here’s my working settings for GitLab mails via Office 365

gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "[office 365 mx record]"
gitlab_rails['smtp_port'] = 25
gitlab_rails['smtp_domain'] = "[my domain]"
gitlab_rails['smtp_authentication'] = "login"

The big deal here seems to be gitlab_rails['smtp_address']
Where we need to set it to be your MX record, not smtp.office365.com

See “How to configure direct send” from this TechNet Article https://technet.microsoft.com/en-us/library/dn554323(v=exchg.150).aspx#Howtodirectsend

If you want to send mails outside of your organisation, you’ll need to follow “How to configure Office 365 SMTP relay” and setup a Connector in Exchange Admin

scully.bart · January 6, 2017, 9:43pm

Did you ever solve this problem? I’m experiencing identical issues and getting nowhere.

bareliah · March 7, 2017, 2:34pm

thank you!

NickM · June 28, 2019, 6:56pm

This resolved my issue. For anyone who is using the “open relay” option for office 365 this is to correct answer to get this resolved.

Note that you will have to add the IP or IP range in your office 365 Admin configuration under the connector tab in the mailflow area (found in the Exchange settings)

Thank you!

iryanjan18 · April 28, 2020, 2:24am

I used to smtp.office365.com but it suddenly stopped working lately. I tried using our MX record but it show error Unrecognized authentication type