My website uses Mezzanine 4.2.3 with Django-Oscar 1.5.2 and Django 1.10.8, running on Ubuntu 16.04 on Digitalocean. When I use the Mezzanine contact form on the demo page created with createdb, and from my own computer, it successfully sends out emails. But when I test it on my Digitalocean droplet running Ubuntu 16.04, I get 502 bad gateway.
The nginx error log records this error: *13 upstream prematurely closed connection while reading response header from upstream, client: [an IP I can't identify], server: [my website url], request: "POST /contact/ HTTP/1.1", upstream: "http://unix:/home/my-django-app/my-django-app.sock:/contact/", host: "[my website url]", referrer: "[my website url]/contact/". The number varies between *1, *7, and *13, but the text is the same.
I googled this and found various possible solutions:
Increasing the timeout for nginx proxy_pass. This involved adding proxy_connect_timeout 75s; and proxy_read_timeout 300s; to nginx config, and then adding --timeout 300 to gunicorn. This produced an actual timeout error: *21 upstream timed out (110: Connection timed out) while reading response header from upstream,
Uncommenting precedence ::ffff:0:0/96 100 in /etc/gai.conf..
Allowing port 587 in UFW. This shouldn't matter because if I'm using gmail, then this should be a port on Google's side of things, right? I'm only doing this because I see various solutions (most unresolved) talking about the need to unblock this port.
Making nginx listen on port 587: server {listen 80; listen 587; ... list 443 ssl; ...}.
With nginx listening on port 587, sudo netstat -tulnp | grep 587 shows:
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 12815/nginx -g daem
My email settings seem fine:
EMAIL_USE_TLS = True
EMAIL_HOST = "smtp.gmail.com"
EMAIL_HOST_USER = "!#%%&&*%^#$^*%#gmail.com"
EMAIL_HOST_PASSWORD = "^*#^##$%&#$%%#$"
EMAIL_PORT = 587
EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
I tried SSL with port 465 too. It worked with my local copy but not on the server. Same error message of 502.
I think "upstream" means gunicorn, so I set an error log for it, but all it recorded were status codes 200 and 302 when the page loaded. It didn't log anything when 502 happened.
I'm out of ideas. What am I missing?
Update 3 June 2018:
$ telnet smtp.gmail.com 587
Trying 108.177.96.109...
Trying 108.177.96.108...
Trying 2a00:1450:4013:c01::6c...
telnet: Unable to connect to remote host: Network is unreachable
Tried this with 465 and 25 too. Does this mean Digitalocean is blocking the connection? There's precedent.
Yes, Digitalocean blocks SMTP. Their reply to my email:
To assist with the restriction of SMTP services on your account, can
you please let us know the following:
Your name.
What business or individual you are going to send mail on behalf of as well as their website (if one exists).
What kind of mail you're going to be sending (password resets, newsletters, marketing mail, transactional mail such as order
confirmations).
If you're sending on behalf of a business or an individual that is not yourself, what is your relationship to that business or
individual.
Also, as we are a US based company, I'd like to make sure you
understand that we require all users of our network to follow both the
requirements of the CAN-SPAM (
https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business
)act in regards to any non-transactional mail sent to any subscriber
anywhere in the world, as well as the CASL (
http://fightspam.gc.ca/eic/site/030.nsf/eng/home ) for any email you
send to any subscribers in Canada.
Additionally, there are additional restrictions to sending email to
users in Europe created by both the EU itself and its member
countries, and would recommend that you investigate and follow all
relevant guidelines for the countries of any European subscribers you
may have.
I answered them and they replied:
Thank you for the information you have provided.
We've reviewed the information and have removed the SMTP block from
your account.
Just to reiterate - we require our subscribers to follow the CAN-SPAM
act for all email, and the CASL for any email sent to a subscriber in
Canada.
If you do not, and we receive complaints of violations, we can revoke
access to SMTP at our discretion with no further warning.
Related
I need to test a payment integration, where the payment service sends a webhook when payment is successful. The url for the webhook must be https://xxx-ngrock.io/paymentNotification. In this case, I cannot change the url to http. My problem is, I cannot receive this webhook because:
In development mode django does not allow traffic over https only over http
I tunnel to my development server using this command ./ngrok http https://localhost:8000 which I guess should forward the https traffic, but I have no way of testing it since the development server does not accept traffic over http in the first place.
Additional comments. Currently the ngrok forwarding map where both traffic from http and https are mapped to the https internal traffic that Django does not support for its development serveer.
ngrok by #inconshreveable (Ctrl+C to quit)
Session Status online
Account JianDk (Plan: Free)
Version 2.3.40
Region United States (us)
Web Interface http://127.0.0.1:4040
Forwarding http://3304-94-147-65-45.ngrok.io -> https://localhost:8000
Forwarding https://3304-94-147-65-45.ngrok.io -> https://localhost:8000
Connections ttl opn rt1 rt5 p50 p90
7 0 0.06 0.02 0.00 0.01
HTTP Requests
-------------
GET /favicon.ico
GET /
GET /favicon.ico
GET /
GET /
GET /favicon.ico
GET /
ngrok will provide one http and one https links for you to tunnel your dev server to.
If I have misunderstood your question, please add a comment!
I am trying to setup a email server on Google clou for which I have used iRedMail. I have followed this link to setup. There was no error in logs while sending email to this email server but when I try to send from the UI to my email ID it is giving me following error in logs. ( /var/log/mail.log ).
Dec 8 10:19:36 comm postfix/smtp[4142]: connect to mail.tinydef.com[157.230.67.25]:25: Connection timed out
Dec 8 10:19:36 comm postfix/smtp[4142]: 4J8CnP4ND5z3ygl: to=<jamir46881#tinydef.com>, relay=none, delay=31, delays=0.02/0.03/31/0, dsn=4.4.1, status=deferred (connect to mail.tinydef.com[157.230.67.25]:25: Connection timed out)
I am aware that port 25 is blocked on GCP. Just trying to figure a way out from this situation. Is there any configuration that can be tweaked to change port 25 to some other port ?
You cannot send mail to external IP addresses on port 25 from instances in Google Cloud. There is no appeal process to change this policy.
Sending email from an instance
To function as a mail server requires communication between servers on port 25. Mail relays can use any port the mail server supports except for port 25.
iRedMail can function as a traditional mail server, which requires port 25, and as a mail relay to forward mail to a mail server.
Setup relayhost
Your solution is to configure iRedMail as a relay host forwarding mail on port 465 or 587 to a mail service such as Gmail, Office 365, SendGrid, etc. The email service will deliver your email.
I use Odoo 10 installed on VM , i have this problem with Outcoming Mail Server
enter image description here
Hello #Koussay Abdouli
Please change the port to 465 and check again.
Configuration:
Gmail Server: smtp.gmail.com
Port: SSL – 465 / STARTTLS – 587
You should put 465 into the smtp port used by google:
Then create google application password and insert those informations into Security and Authentication menu:
Our integration partner was using our Web service with http: 8090 and now we are moving to https: 8443 so they tried to update the WS URL but they are getting "handshake error". They are asking whether they can still use http 8090. If we route any traffic coming from http 8090 to https 8443 in the webserver config, will they still get handshake error?
When you create a redirect, the server sends a HTTP 302 which the client is obligated to follow, which means that they should still get the error. depending on your setup, and config, they may be able to send the request anyway, but if that works, then all your traffic is potentially insecure...
I have a C++ server in linux using Mongoose listening on port 8080 for http requests. I'm using port 8080 because I have an Apache server already using port 80.
The reason I have my C++ server listening for http requests is so that I can receive the http GET sent by Facebook to get a user's Facebook info. For the Facebook server side Auth I'm redirecting to localhost:8080.
I am correctly getting the information sent from Facebook, but now Apache isn't serving up my html to the clients webpage (which works correctly if I only redirect to localhost).
Is it possible to make both of these work? Is the client still trying to get the index.html from port 80 or does it expect 8080 to now send this?
Is 80 equal 8080? Apparently no. So the both ports might be listened by different applications.
Try to inspect income requests with Wireshark (packet analyzer).