TLS configuration for outgoing emails does not propagate, resulting in no outgoing emails at all

Dear all.

on our self-hosted omnibus instance (15.11.3-ee), we lost the ability to send outgoing emails.

All notification sidekiq jobs fail with an ArgumentError with the error message stating:

:enable_starttls and :tls are mutually exclusive. Set :tls if you’re on an SMTPS connection. Set :enable_starttls if you’re on an SMTP connection and using STARTTLS for secure TLS upgrade.

Our /etc/gitlab/gitlab.rb SMTP section reads:

gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_pool'] = false
gitlab_rails['smtp_address'] = "smtp.fastmail.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "services@example.com"
gitlab_rails['smtp_password'] = "xxxxxxxxxxxx"
gitlab_rails['smtp_authentication'] = "plain"
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['smtp_tls'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'

After a gitlab-ctl reconfigure, the files /var/opt/gitlab/gitlab-rails/etc/smtp_settings.rb and /opt/gitlab/embedded/service/gitlab-rails/config/initializers/smtp_settings.rb are identical:

# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.

if Rails.env.production?
  secrets = Gitlab::Email::SmtpConfig.secrets
  smtp_settings = {
    authentication: :plain,
    user_name: "services@example.com",
    password: "xxxxxxxxxxxxx",
    address: "smtp.fastmail.com",
    port: 465,

    enable_starttls_auto: false,
    tls: true,

    openssl_verify_mode: "peer",

    ca_file: "/opt/gitlab/embedded/ssl/certs/cacert.pem",
  }

  Gitlab::Application.config.action_mailer.delivery_method = :smtp
  ActionMailer::Base.delivery_method = :smtp

  ActionMailer::Base.smtp_settings = smtp_settings
end

Still after gitlab-ctl restart the error messages state that TLS and STARTTLS are both configured…

What do I miss? Why does it seem, that the settings are not propagated correctly? Are any additional steps necessary? Any further ideas?

EDIT 1:

Using the console works perfectly… :jigsaw:

ccauet@gitlab$ sudo gitlab-rails console
--------------------------------------------------------------------------------
 Ruby:         ruby 3.0.6p216 (2023-03-30 revision 23a532679b) [x86_64-linux]
 GitLab:       15.11.3-ee (9850c263897) EE
 GitLab Shell: 14.18.0
 PostgreSQL:   13.8
------------------------------------------------------------[ booted in 30.46s ]
Loading production environment (Rails 6.1.7.2)
irb(main):001:0> Notify.test_email('me@example.com, 'Message Subject', 'Message Body').deliver_now
Delivered mail 64638343af8d9_434f49981eb@git.mail (3153.1ms)
=> #<Mail::Message:342920, Multipart: false, Headers: <Date: Tue, 16 May 2023 15:21:07 +0200>, <From: GitLab <gitlab@git.example.com>>, <Reply-To: GitLab <noreply@git.example.com>>, <To: me@example.com>, <Message-ID: <64638343af8d9_434f49981eb@git.mail>>, <Subject: Message Subject>, <Mime-Version: 1.0>, <Content-Type: text/html; charset=UTF-8>, <Content-Transfer-Encoding: 7bit>, <Auto-Submitted: auto-generated>, <X-Auto-Response-Suppress: All>>

Thanks ins advance for you help!

Best regards
Christophe

1 Like