recaptime.dev
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
1@title Configuring Outbound Email
2@group config
3
4Instructions for configuring Phorge to send email and other types of
5messages, like text messages.
6
7Overview
8========
9
10Phorge sends outbound messages through "mailers". Most mailers send
11email and most messages are email messages, but mailers may also send other
12types of messages (like text messages).
13
14Phorge can send outbound messages through multiple different mailers,
15including a local mailer or various third-party services. Options include:
16
17| Send Mail With | Setup | Cost | Inbound | Media | Notes |
18|----------------|-------|------|---------|-------|-------|
19| Postmark | Easy | Cheap | Yes | Email | Recommended |
20| Amazon SES | Easy | Cheap | No | Email | |
21| SendGrid | Medium | Cheap | Yes | Email | |
22| Twilio | Easy | Cheap | No | SMS | Recommended |
23| Amazon SNS | Easy | Cheap | No | SMS | Recommended |
24| External SMTP | Medium | Varies | No | Email | |
25| Local SMTP | Hard | Free | No | Email | sendmail, postfix, etc |
26| Custom | Hard | Free | No | All | Write a custom mailer. |
27| Drop in a Hole | Easy | Free | No | All | Drops mail in a deep, dark hole. |
28| Mailgun | Easy | Cheap | Yes | Email | Discouraged |
29
30See below for details on how to select and configure mail delivery for each
31mailer.
32
33For email, Postmark is recommended because it makes it easy to set up inbound
34and outbound mail and has a good track record in our production services. Other
35services will also generally work well, but they may be more difficult to set
36up.
37
38For SMS, Twilio or SNS are recommended. They're also your only upstream
39options.
40
41If you have some internal mail or messaging service you'd like to use you can
42also write a custom mailer, but this requires digging into the code.
43
44Phorge sends mail in the background, so the daemons need to be running for
45it to be able to deliver mail. You should receive setup warnings if they are
46not. For more information on using daemons, see
47@{article:Managing Daemons with phd}.
48
49
50Outbound "From" and "To" Addresses
51==================================
52
53When Phorge sends outbound mail, it must select some "From" address to
54send mail from, since mailers require this.
55
56When mail only has "CC" recipients, Phorge generates a dummy "To" address,
57since some mailers require this and some users write mail rules that depend
58on whether they appear in the "To" or "CC" line.
59
60In both cases, the address should ideally correspond to a valid, deliverable
61mailbox that accepts the mail and then simply discards it. If the address is
62not valid, some outbound mail will bounce, and users will receive bounces when
63they "Reply All" even if the other recipients for the message are valid. In
64contrast, if the address is a real user address, that user will receive a lot
65of mail they probably don't want.
66
67If you plan to configure //inbound// mail later, you usually don't need to do
68anything. Phorge will automatically create a `noreply@` mailbox which
69works the right way (accepts and discards all mail it receives) and
70automatically use it when generating addresses.
71
72If you don't plan to configure inbound mail, you may need to configure an
73address for Phorge to use. You can do this by setting
74`metamta.default-address`.
75
76
77Configuring Mailers
78===================
79
80Configure one or more mailers by listing them in the the `cluster.mailers`
81configuration option. Most installs only need to configure one mailer, but you
82can configure multiple mailers to provide greater availability in the event of
83a service disruption.
84
85A valid `cluster.mailers` configuration looks something like this:
86
87```lang=json
88[
89 {
90 "key": "mycompany-postmark",
91 "type": "postmark",
92 "options": {
93 "domain": "mycompany.com",
94 "api-key": "..."
95 }
96 },
97 ...
98]
99```
100
101The supported keys for each mailer are:
102
103 - `key`: Required string. A unique name for this mailer.
104 - `type`: Required string. Identifies the type of mailer. See below for
105 options.
106 - `priority`: Optional string. Advanced option which controls load balancing
107 and failover behavior. See below for details.
108 - `options`: Optional map. Additional options for the mailer type.
109 - `inbound`: Optional bool. Use `false` to prevent this mailer from being
110 used to receive inbound mail.
111 - `outbound`: Optional bool. Use `false` to prevent this mailer from being
112 used to send outbound mail.
113 - `media`: Optional list<string>. Some mailers support delivering multiple
114 types of messages (like Email and SMS). If you want to configure a mailer
115 to support only a subset of possible message types, list only those message
116 types. Normally, you do not need to configure this. See below for a list
117 of media types.
118
119The `type` field can be used to select these mailer services:
120
121 - `ses`: Use Amazon SES.
122 - `sendgrid`: Use SendGrid.
123 - `postmark`: Use Postmark.
124 - `twilio`: Use Twilio.
125 - `sns`: Use Amazon SNS.
126 - `mailgun`: Use Mailgun.
127
128It also supports these local mailers:
129
130 - `sendmail`: Use the local `sendmail` binary.
131 - `smtp`: Connect directly to an SMTP server.
132 - `test`: Internal mailer for testing. Does not send mail.
133
134You can also write your own mailer by extending `PhorgeMailAdapter`.
135
136The `media` field supports these values:
137
138 - `email`: Configure this mailer for email.
139 - `sms`: Configure this mailer for SMS.
140
141Once you've selected a mailer, find the corresponding section below for
142instructions on configuring it.
143
144
145Setting Complex Configuration
146=============================
147
148Mailers can not be edited from the web UI. If mailers could be edited from
149the web UI, it would give an attacker who compromised an administrator account
150a lot of power: they could redirect mail to a server they control and then
151intercept mail for any other account, including password reset mail.
152
153For more information about locked configuration options, see
154@{article:Configuration Guide: Locked and Hidden Configuration}.
155
156Setting `cluster.mailers` from the command line using `bin/config set` can be
157tricky because of shell escaping. The easiest way to do it is to use the
158`--stdin` flag. First, put your desired configuration in a file like this:
159
160```lang=json, name=mailers.json
161[
162 {
163 "key": "test-mailer",
164 "type": "test"
165 }
166]
167```
168
169Then set the value like this:
170
171```
172phorge/ $ ./bin/config set --stdin cluster.mailers < mailers.json
173```
174
175For alternatives and more information on configuration, see
176@{article:Configuration User Guide: Advanced Configuration}
177
178
179Mailer: Postmark
180================
181
182| Media | Email
183|---------|
184| Inbound | Yes
185|---------|
186
187
188Postmark is a third-party email delivery service. You can learn more at
189<https://www.postmarkapp.com/>.
190
191To use this mailer, set `type` to `postmark`, then configure these `options`:
192
193 - `access-token`: Required string. Your Postmark access token.
194 - `inbound-addresses`: Optional list<string>. Address ranges which you
195 will accept inbound Postmark HTTP webook requests from.
196
197The default address list is preconfigured with Postmark's address range, so
198you generally will not need to set or adjust it.
199
200The option accepts a list of CIDR ranges, like `1.2.3.4/16` (IPv4) or
201`::ffff:0:0/96` (IPv6). The default ranges are:
202
203```lang=json
204[
205 "50.31.156.6/32",
206 "50.31.156.77/32",
207 "18.217.206.57/32",
208 "3.134.147.250/32"
209]
210```
211
212The default address ranges were last updated in December 2021, and were
213documented at: <https://postmarkapp.com/support/article/800-ips-for-firewalls>
214
215
216Mailer: Mailgun
217===============
218
219| Media | Email
220|---------|
221| Inbound | Yes
222|---------|
223
224Use of Mailgun is discouraged because of concerns that they may not be a
225trustworthy custodian of sensitive data.
226See <https://secure.phabricator.com/T13669> for discussion and context.
227
228Mailgun is a third-party email delivery service. You can learn more at
229<https://www.mailgun.com>. Mailgun is easy to configure and works well.
230
231To use this mailer, set `type` to `mailgun`, then configure these `options`:
232
233 - `api-key`: Required string. Your Mailgun API key.
234 - `domain`: Required string. Your Mailgun domain.
235 - `api-hostname`: Optional string. Defaults to "api.mailgun.net". If your
236 account is in another region (like the EU), you may need to specify a
237 different hostname. Consult the Mailgun documentation.
238
239
240Mailer: Amazon SES
241==================
242
243| Media | Email
244|---------|
245| Inbound | No
246|---------|
247
248Amazon SES is Amazon's cloud email service. You can learn more at
249<https://aws.amazon.com/ses/>.
250
251To use this mailer, set `type` to `ses`, then configure these `options`:
252
253 - `access-key`: Required string. Your Amazon SES access key.
254 - `secret-key`: Required string. Your Amazon SES secret key.
255 - `region`: Required string. Your Amazon SES region, like `us-west-2`.
256 - `endpoint`: Required string. Your Amazon SES endpoint, like
257 `email.us-west-2.amazonaws.com`.
258
259NOTE: Amazon SES **requires you to verify your "From" address**. Configure
260which "From" address to use by setting `metamta.default-address` in your
261config, then follow the Amazon SES verification process to verify it. You
262won't be able to send email until you do this!
263
264Mailer: Twilio
265==================
266
267| Media | SMS
268|---------|
269| Inbound | No
270|---------|
271
272Twilio is a third-party notification service. You can learn more at
273<https://www.twilio.com/>.
274
275
276To use this mailer, set `type` to `twilio`, then configure these options:
277
278 - `account-sid`: Your Twilio Account SID.
279 - `auth-token`: Your Twilio Auth Token.
280 - `from-number`: Number to send text messages from, in E.164 format
281 (like `+15551237890`).
282
283Mailer: Amazon SNS
284==================
285
286| Media | SMS
287|---------|
288| Inbound | No
289|---------|
290
291
292Amazon SNS is Amazon's cloud notification service. You can learn more at
293<https://aws.amazon.com/sns/>. Note that this mailer is only able to send
294SMS messages, not emails.
295
296To use this mailer, set `type` to `sns`, then configure these options:
297
298 - `access-key`: Required string. Your Amazon SNS access key.
299 - `secret-key`: Required string. Your Amazon SNS secret key.
300 - `endpoint`: Required string. Your Amazon SNS endpoint.
301 - `region`: Required string. Your Amazon SNS region.
302
303You can find the correct `region` value for your endpoint in the SNS
304documentation.
305
306Mailer: SendGrid
307================
308
309| Media | Email
310|---------|
311| Inbound | Yes
312|---------|
313
314SendGrid is a third-party email delivery service. You can learn more at
315<https://sendgrid.com/>.
316
317You can configure SendGrid in two ways: you can send via SMTP or via the REST
318API. To use SMTP, configure Phorge to use an `smtp` mailer.
319
320To use the REST API mailer, set `type` to `sendgrid`, then configure
321these `options`:
322
323 - `api-key`: Required string. Your SendGrid API key.
324
325Older versions of the SendGrid API used different sets of credentials,
326including an "API User". Make sure you're configuring your "API Key".
327
328
329Mailer: Sendmail
330================
331
332| Media | Email
333|---------|
334| Inbound | Requires Configuration
335|---------|
336
337
338This requires a `sendmail` binary to be installed on the system. Most MTAs
339(e.g., sendmail, qmail, postfix) should install one for you, but your machine
340may not have one installed by default. For install instructions, consult the
341documentation for your favorite MTA.
342
343Since you'll be sending the mail yourself, you are subject to things like SPF
344rules, blackholes, and MTA configuration which are beyond the scope of this
345document. If you can already send outbound email from the command line or know
346how to configure it, this option is straightforward. If you have no idea how to
347do any of this, strongly consider using Postmark instead.
348
349To use this mailer, set `type` to `sendmail`, then configure these `options`:
350
351 - `message-id`: Optional bool. Set to `false` if Phorge will not be
352 able to select a custom "Message-ID" header when sending mail via this
353 mailer. See "Message-ID Headers" below.
354
355Mailer: SMTP
356============
357
358| Media | Email
359|---------|
360| Inbound | Requires Configuration
361|---------|
362
363You can use this adapter to send mail via an external SMTP server.
364
365To use this mailer, set `type` to `smtp`, then configure these `options`:
366
367 - `host`: Required string. The hostname of your SMTP server.
368 - `port`: Optional int. The port to connect to on your SMTP server.
369 - `user`: Optional string. Username used for authentication.
370 - `password`: Optional string. Password for authentication.
371 - `protocol`: Optional string. Set to `tls` or `ssl` if necessary.
372 - `message-id`: Optional bool. Set to `false` if Phorge will not be
373 able to select a custom "Message-ID" header when sending mail via this
374 mailer. See "Message-ID Headers" below.
375
376
377Disable Mail
378============
379
380| Media | All
381|---------|
382| Inbound | No
383|---------|
384
385
386To disable mail, just don't configure any mailers. (You can safely ignore the
387setup warning reminding you to set up mailers if you don't plan to configure
388any.)
389
390
391Testing and Debugging Outbound Email
392====================================
393
394You can use the `bin/mail` utility to test, debug, and examine outbound mail. In
395particular:
396
397 phorge/ $ ./bin/mail list-outbound # List outbound mail.
398 phorge/ $ ./bin/mail show-outbound # Show details about messages.
399 phorge/ $ ./bin/mail send-test # Send test messages.
400
401Run `bin/mail help <command>` for more help on using these commands.
402
403By default, `bin/mail send-test` sends email messages, but you can use
404the `--type` flag to send different types of messages.
405
406You can monitor daemons using the Daemon Console (`/daemon/`, or click
407**Daemon Console** from the homepage).
408
409
410Priorities
411==========
412
413By default, Phorge will try each mailer in order: it will try the first
414mailer first. If that fails (for example, because the service is not available
415at the moment) it will try the second mailer, and so on.
416
417If you want to load balance between multiple mailers instead of using one as
418a primary, you can set `priority`. Phorge will start with mailers in the
419highest priority group and go through them randomly, then fall back to the
420next group.
421
422For example, if you have two SMTP servers and you want to balance requests
423between them and then fall back to Postmark if both fail, configure priorities
424like this:
425
426```lang=json
427[
428 {
429 "key": "smtp-uswest",
430 "type": "smtp",
431 "priority": 300,
432 "options": "..."
433 },
434 {
435 "key": "smtp-useast",
436 "type": "smtp",
437 "priority": 300,
438 "options": "..."
439 },
440 {
441 "key": "postmark-fallback",
442 "type": "postmark",
443 "options": "..."
444 }
445}
446```
447
448Phorge will start with servers in the highest priority group (the group
449with the **largest** `priority` number). In this example, the highest group is
450`300`, which has the two SMTP servers. They'll be tried in random order first.
451
452If both fail, Phorge will move on to the next priority group. In this
453example, there are no other priority groups.
454
455If it still hasn't sent the mail, Phorge will try servers which are not
456in any priority group, in the configured order. In this example there is
457only one such server, so it will try to send via Postmark.
458
459
460Message-ID Headers
461==================
462
463Email has a "Message-ID" header which is important for threading messages
464correctly in mail clients. Normally, Phorge is free to select its own
465"Message-ID" header values for mail it sends.
466
467However, some mailers (including Amazon SES) do not allow selection of custom
468"Message-ID" values and will ignore or replace the "Message-ID" in mail that
469is submitted through them.
470
471When Phorge adds other mail headers which affect threading, like
472"In-Reply-To", it needs to know if its "Message-ID" headers will be respected
473or not to select header values which will produce good threading behavior. If
474we guess wrong and think we can set a "Message-ID" header when we can't, you
475may get poor threading behavior in mail clients.
476
477For most mailers (like Postmark, Mailgun, and Amazon SES), the correct setting
478will be selected for you automatically, because the behavior of the mailer
479is knowable ahead of time. For example, we know Amazon SES will never respect
480our "Message-ID" headers.
481
482However, if you're sending mail indirectly through a mailer like SMTP or
483Sendmail, the mail might or might not be routing through some mail service
484which will ignore or replace the "Message-ID" header.
485
486For example, your local mailer might submit mail to Mailgun (so "Message-ID"
487will work), or to Amazon SES (so "Message-ID" will not work), or to some other
488mail service (which we may not know anything about). We can't make a reliable
489guess about whether "Message-ID" will be respected or not based only on
490the local mailer configuration.
491
492By default, we check if the mailer has a hostname we recognize as belonging
493to a service which does not allow us to set a "Message-ID" header. If we don't
494recognize the hostname (which is very common, since these services are most
495often configured against the localhost or some other local machine), we assume
496we can set a "Message-ID" header.
497
498If the outbound pathway does not actually allow selection of a "Message-ID"
499header, you can set the `message-id` option on the mailer to `false` to tell
500Phorge that it should not assume it can select a value for this header.
501
502For example, if you are sending mail via a local Postfix server which then
503forwards the mail to Amazon SES (a service which does not allow selection of
504a "Message-ID" header), your `smtp` configuration in Phorge should
505specify `"message-id": false`.
506
507
508Next Steps
509==========
510
511Continue by:
512
513 - @{article:Configuring Inbound Email} so users can reply to email they
514 receive about revisions and tasks to interact with them; or
515 - learning about daemons with @{article:Managing Daemons with phd}; or
516 - returning to the @{article:Configuration Guide}.