2023-06-24T11:48:35.798293Z WARN lemmy_server::root_span_builder: email_send_failed: Connection error: failed to lookup address information: Try again
0: lemmy_api::local_user::reset_password::perform
at crates/api/src/local_user/reset_password.rs:15
1: lemmy_server::root_span_builder::HTTP request
with http.method=POST http.scheme="http" http.host=iusearchlinux.fyi http.target=/api/v3/user/password_reset otel.kind="server" request_id=ba8117b9-9c0f-49e5-af0e-01e92a4917cf
at src/root_span_builder.rs:16
LemmyError { message: Some("email_send_failed"), inner: Connection error: failed to lookup address information: Try again
Caused by:
failed to lookup address information: Try again, context: SpanTrace [{ target: "lemmy_api::local_user::reset_password", name: "perform", file: "crates/api/src/local_user/reset_password.rs", line: 15 }, { target: "lemmy_server::root_span_builder", name: "HTTP request", fields: "http.method=POST http.scheme=\"http\" http.host=iusearchlinux.fyi http.target=/api/v3/user/password_reset otel.kind=\"server\" request_id=ba8117b9-9c0f-49e5-af0e-01e92a4917cf", file: "src/root_span_builder.rs", line: 16 }] }
2023-06-24T11:48:46.118615Z WARN lemmy_server::root_span_builder: data did not match any variant of untagged enum AnnouncableActivities
0: lemmy_apub::activities::community::announce::receive
at crates/apub/src/activities/community/announce.rs:46
1: lemmy_server::root_span_builder::HTTP request
with http.method=POST http.scheme="http" http.host=iusearchlinux.fyi http.target=/inbox otel.kind="server" request_id=0d639361-7707-4f9b-b61f-fc133d3946e7
at src/root_span_builder.rs:16
I am using the lemmy-ansible setup on ubuntu 22.10
@soeren@iusearchlinux.fyi I got this figured out with the help of @tool@r.rosettast0ned.com from this thread: https://lemmy.pub/comment/112090
This almost fixed it. So no more error in Lemmy. Now I get this error in postfix:
2023-06-25T07:44:48.221806+00:00 f42cba971055 postfix/bounce[150]: B5C5E99B88: sender non-delivery notification: 34AF199B8A 2023-06-25T07:44:48.221897+00:00 f42cba971055 postfix/qmgr[134]: 34AF199B8A: from=<>, size=4451, nrcpt=1 (queue active) 2023-06-25T07:44:48.222390+00:00 f42cba971055 postfix/qmgr[134]: B5C5E99B88: removed 2023-06-25T07:44:48.226425+00:00 f42cba971055 postfix/smtp[149]: connect to iusearchlinux.fyi[2a03:b0c0:3:d0::1b5f:9001]:25: Cannot assign requested address 2023-06-25T07:44:48.226554+00:00 f42cba971055 postfix/smtp[149]: connect to iusearchlinux.fyi[46.101.183.128]:25: Connection refused 2023-06-25T07:44:48.240297+00:00 f42cba971055 postfix/smtp[149]: 34AF199B8A: to=<noreply@iusearchlinux.fyi>, relay=none, delay=0.01, delays=0.01/0/0/0, dsn=4.4.1, status=deferred (connect to iusearchlinux.fyi[46.101.183.128]:25: Connection refused) 2023-06-25T07:45:47.742485+00:00 f42cba971055 postfix/smtpd[146]: disconnect from iusearchlinuxfyi-lemmy-1.iusearchlinuxfyi_lemmyexternalproxy[172.22.0.3] ehlo=1 quit=1 commands=2 2023-06-25T07:45:47.742847+00:00 f42cba971055 postfix/smtpd[144]: disconnect from iusearchlinuxfyi-lemmy-1.iusearchlinuxfyi_lemmyexternalproxy[172.22.0.3] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Well that would make sense. That domain has no MX record. Nor SPF, DMARC or even PTR records set.
That looks like a misconfig somewhere.
the flow should be
Lemmy APP see’s request to email something@gmail.com. --> Postfix looks up something@gmail.com --> gets MX record --> connects to gmail.com --> Does HELO/EHLO ahndshake --> Sends email.
Your server is stuck here
Lemmy APP see’s request to email something@iusearchlinux.fyi. --> Postfix looks up something@iusearchlinux.fyi --> Error no mx record for this domain…close
You are either testing with a misconfigured domain/email address, or you have configured postfix to try and relay through iusearchlinux.fyi domain, which is misconfigured on the email side.
At the very least you should have an SPF record, a DMARC record and a PTR/A record for the domain. All I see is an A record there.
I would double/triple check your config.hjson and docker-compose.yml and make sure you didnt try and setup relay ala: https://github.com/wader/postfix-relay#relay-client-authentication
Thank you this is super helpful!!! I am pretty inexperienced with networking.
So if your instance is https://iusearchlinux.fyi then here is what I would do. For most of this it can be done in the DNS section of the place you registered the domain with.
NOTE: It looks like you are using Google Domains. Those are going away. So you may need to move to a differe registrar: https://9to5google.com/2023/06/15/google-domains-squarespace/
- SPF record. This is a txt record (text) record saying “these servers can relay from this location” For you the content should be
v=spf1 ip4:45.33.23.198 ~all
- DMARC record. is another text record that says “Do this if SPF or DKIM dont match.” If you put it in strict mode, you need BOTH SPF and DKIM. DKIM is a bit of a pain (though is much better). But if you start with SPF and the default relaxed mode you are probably fine. The record here would be for the _dmarc subdomain as well ie: _dmarc.iusearchlinux.fyi. In the below case I am saying “reject emails that are trying to spoof my domain” you can set it to quarantine but there is little need here.
_dmarc.iusearchlinux.fyi 900 IN TXT "v=DMARC1;p=reject"
- PTR record. You are using digital ocean. These are good to setup because many email servers will look up your IP and make sure it matches the domain. It shows you own it. Dont know how to do it in digital ocean but on linode its in the networking section of the UI. Because linode/DO owns the IP they need to make the change for you as opposed to all the previous steps being done in your domain registrars portal (ie: goodle domains)
This will get you most of the way to ensure Digital Ocean doesnt get pissed and suspend you for spamming or the like. They may also restrict port 25 outbound due to abuse. For linode you ahve to log a ticket if your account is too young. Your other alternative would be to use a relay host, like sendgrid. Its possible to relay through other services like gmail, but it would probably get your account flagged for something like this. So I would stick to sendgrid or some other relay provider if DO support wont allow you to relay off your droplet.
The default postfix setup is a direct relay, which DigitalOcean may block. So you can setup relay with these instructions: https://github.com/wader/postfix-relay#relay-client-authentication This is the docker container bundled in the lemmy-ansible app.
I added the missing records. Lets hope its working soon. I will have to wait to move the domain since it’s less than 60 days since i bought it.
Best of luck. If you have any questions feel free to holler.
I’m not a lemmy (or docker) pro, but I have done a few postfix and email setups including a lot of email admin, dmarc/dkim/spf etc.
It does look like digital ocean may be blocking the normal mail ports outbound. So you’ll want to make sure you can work around that or get them to open it.
I wrote them about opening the port but maybe it will already be open since my acount is older. Thank you again!
I am having this issue as well today. Email was working fine in 0.17.4
Noted some of the stuff I did here:
https://github.com/LemmyNet/lemmy-ansible/issues/105
Its worth noting that its not hitting postfix container at all. I setup logging to a file on the postfix container to test. The error, for me, is occuring within the lemmy container, before its ever passed to postfix.
This is happening with account sign ups, comment notifications, and forgot password emails.
Did you setup email in your Lemmy config file?
I am using the default from the ansible config
{ # for more info about the config, check out the documentation # https://join-lemmy.org/docs/en/administration/configuration.html database: { host: postgres password: "{{ postgres_password }}" } hostname: "{{ domain }}" pictrs: { url: "http://pictrs:8080/" api_key: "{{ postgres_password }}" } email: { smtp_server: "postfix:25" smtp_from_address: "noreply@{{ domain }}" tls_type: "none" } }
This should be fine. see my other comment in the thread though, i think its occuring before it ever gets to postfix.