Running a Mail Relay Alongside Taiga6 using Docker

12 views
Skip to first unread message

Scott Johnson

unread,
Feb 10, 2021, 12:43:57 PMFeb 10
to taigaio
Hi There:

I've recently used the docker images provided for Taiga6 to run an instance using docker-compose on Ubuntu 20.04.

Everything seems to work fine, except that I can't seem to get email working quite right. I use Gmail for my company's email, foamfactory.io, but the gmail smtp relay seems to be... finicky at best.

I decided to try using https://github.com/bokysan/docker-postfix to have a simple SMTP relay set up as part of the docker-compose.yml file. I can get the email server to start fine, and it will send emails as expected when I connect to the taiga-back container, install cURL, and run the following command:

curl --url 'smtp://taiga-email:25' --mail-from 'taiga-...@foamfactory.io' --mail-rcpt 'jay...@gmail.com' --upload-file mail.txt --insecure

However, when I attempt to send an email from Taiga (for example, inviting a user), I get the following exception:

taiga-back_1             | ERROR:2021-02-10 17:42:49,044: Internal Server Error: /api/v1/memberships/4/resend_invitation
taiga-back_1             | Traceback (most recent call last):
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/core/handlers/exception.py", line 34, in inner
taiga-back_1             |     response = get_response(request)
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/core/handlers/base.py", line 115, in _get_response
taiga-back_1             |     response = self.process_exception_by_middleware(e, request)
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/core/handlers/base.py", line 113, in _get_response
taiga-back_1             |     response = wrapped_callback(request, *callback_args, **callback_kwargs)
taiga-back_1             |   File "/taiga-back/taiga/base/api/viewsets.py", line 104, in view
taiga-back_1             |     return self.dispatch(request, *args, **kwargs)
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
taiga-back_1             |     return view_func(*args, **kwargs)
taiga-back_1             |   File "/taiga-back/taiga/base/api/views.py", line 458, in dispatch
taiga-back_1             |     response = self.handle_exception(exc)
taiga-back_1             |   File "/taiga-back/taiga/base/api/views.py", line 456, in dispatch
taiga-back_1             |     response = handler(request, *args, **kwargs)
taiga-back_1             |   File "/taiga-back/taiga/projects/api.py", line 1078, in resend_invitation
taiga-back_1             |     services.send_invitation(invitation=invitation)
taiga-back_1             |   File "/taiga-back/taiga/projects/services/invitations.py", line 32, in send_invitation
taiga-back_1             |     email.send()
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/core/mail/message.py", line 306, in send
taiga-back_1             |     return self.get_connection(fail_silently).send_messages([self])
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/core/mail/backends/smtp.py", line 103, in send_messages
taiga-back_1             |     new_conn_created = self.open()
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/core/mail/backends/smtp.py", line 70, in open
taiga-back_1             |     self.connection.login(self.username, self.password)
taiga-back_1             |   File "/usr/local/lib/python3.7/smtplib.py", line 697, in login
taiga-back_1             |     "SMTP AUTH extension not supported by server.")
taiga-back_1             | smtplib.SMTPNotSupportedError: SMTP AUTH extension not supported by server.

The configuration looks like the following inside of `docker-compose.yml`:
 
EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
DEFAULT_FROM_EMAIL: "taiga-...@foamfactory.io"
...
services:
  taiga-email:
    build: ../docker-postfix
    environment:
      ALLOWED_SENDER_DOMAINS: "foamfactory.io"
      RELAYHOST_TLS_LEVEL: "may"
    ports:
      - "1587:${EMAIL_PORT}"
    networks:
      - taiga

Any help would be appreciated!

~Scott

David Barragán

unread,
Feb 10, 2021, 5:18:58 PMFeb 10
to Scott Johnson, taigaio
Hi Scott

According to the traceback, the error is "SMTP AUTH extension not supported by server." So you need to enable TLS in the taiga docker-compose file:


    version: "3.5"

    x-environment:
      (...)
      # Email settings. Uncomment following lines and configure your SMTP server
      EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
      DEFAULT_FROM_EMAIL: "no-r...@example.com"
>    EMAIL_USE_TLS: "True"
>    EMAIL_USE_SSL: "False"
      EMAIL_HOST: "smtp.host.example.com"
      EMAIL_PORT: 587
      EMAIL_HOST_USER: "user"
      EMAIL_HOST_PASSWORD: "password"
      # Registration
                 (...)

I think TLS is enable by default in your server https://github.com/bokysan/docker-postfix#relayhost_tls_level

I hope this can help.


Best regards

--
Please help us keep the Taiga.io Community open and inclusive, follow our Code of Conduct:
https://github.com/taigaio/code-of-conduct/blob/master/CODE_OF_CONDUCT.md
---
You received this message because you are subscribed to the Google Groups "taigaio" group.
To unsubscribe from this group and stop receiving emails from it, send an email to taigaio+u...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/taigaio/CAEFop42Lpw4zu%2BWRiFUrWjVHhKYcin-JwxAH9q4Dk8uvT%2B6J_Q%40mail.gmail.com.


--
Logo Kaleidos David Barragán Merino
Engineer & Co-founder 
kaleidos.net/FFF8E7
 


Este mensaje y sus archivos adjuntos van dirigidos exclusivamente a su destinatario, y pudiendo contener información confidencial sometida a secreto profesional, o cuya divulgación esté legalmente prohibida. Cualquier opinión en él contenida es exclusiva de su autor y no representa necesariamente la opinión de la empresa. Si ha recibido este mensaje por error, le rogamos nos lo comunique de forma inmediata por esta misma vía y proceda a su eliminación, así como a la de cualquier documento adjunto al mismo. El correo electrónico vía Internet no es seguro y no se puede garantizar que no haya errores ya que puede ser interceptado, modificado, perdido o destruido, o contener virus. Cualquier persona que se ponga en contacto con nosotros por correo electrónico se considerará que asume estos riesgos.

KALEIDOS OPEN SOURCE se reserva las acciones legales que le correspondan contra todo tercero que acceda de forma ilegítima al contenido de cualquier mensaje externo procedente del mismo.

INFORMACIÓN PROTECCIÓN DE DATOS. Responsable: KALEIDOS OPEN SOURCE (B86241973)

Le informamos que sus datos identificativos y los contenidos en los correos electrónicos y ficheros adjuntos pueden ser incorporados a nuestras bases de datos con la finalidad de mantener relaciones profesionales y/o comerciales y, que serán conservados mientras se mantenga la relación. Si lo desea, puede ejercer su derecho a acceder, rectificar y suprimir sus datos y demás reconocidos normativamente dirigiéndose al correo emisor o en los datos del responsable. Para información y consultas visite nuestra web  https://kaleidos.net

Scott Johnson

unread,
Feb 10, 2021, 5:53:04 PMFeb 10
to David Barragán, taigaio
Hi David:

Thanks for the feedback.

I had originally enabled it with TLS support, as I actually wanted this to be honest. However, I ended up disabling it because I was getting the following error:

taiga-back_1             | ERROR:2021-02-10 22:49:31,823: Internal Server Error: /api/v1/memberships/6/resend_invitation

taiga-back_1             | Traceback (most recent call last):
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/core/handlers/exception.py", line 34, in inner
taiga-back_1             |     response = get_response(request)
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/core/handlers/base.py", line 115, in _get_response
taiga-back_1             |     response = self.process_exception_by_middleware(e, request)
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/core/handlers/base.py", line 113, in _get_response
taiga-back_1             |     response = wrapped_callback(request, *callback_args, **callback_kwargs)
taiga-back_1             |   File "/taiga-back/taiga/base/api/viewsets.py", line 104, in view
taiga-back_1             |     return self.dispatch(request, *args, **kwargs)
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
taiga-back_1             |     return view_func(*args, **kwargs)
taiga-back_1             |   File "/taiga-back/taiga/base/api/views.py", line 458, in dispatch
taiga-back_1             |     response = self.handle_exception(exc)
taiga-back_1             |   File "/taiga-back/taiga/base/api/views.py", line 456, in dispatch
taiga-back_1             |     response = handler(request, *args, **kwargs)
taiga-back_1             |   File "/taiga-back/taiga/projects/api.py", line 1078, in resend_invitation
taiga-back_1             |     services.send_invitation(invitation=invitation)
taiga-back_1             |   File "/taiga-back/taiga/projects/services/invitations.py", line 32, in send_invitation
taiga-back_1             |     email.send()
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/core/mail/message.py", line 306, in send
taiga-back_1             |     return self.get_connection(fail_silently).send_messages([self])
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/core/mail/backends/smtp.py", line 103, in send_messages
taiga-back_1             |     new_conn_created = self.open()
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/core/mail/backends/smtp.py", line 68, in open
taiga-back_1             |     self.connection.starttls(keyfile=self.ssl_keyfile, certfile=self.ssl_certfile)
taiga-back_1             |   File "/usr/local/lib/python3.7/smtplib.py", line 752, in starttls
taiga-back_1             |     "STARTTLS extension not supported by server.")
taiga-back_1             | smtplib.SMTPNotSupportedError: STARTTLS extension not supported by server.

I am using the defaults for docker-postfix. That said, I don't recall setting up TLS/SSL certificates, so perhaps I need to do that in order for postfix to work with TLS. I guess I was wondering if perhaps you had any insight into the "correct" way to set up a simple email relay from Taiga -> the outside world, as I'm not an email hosting guru, and switched to gmail simply to alleviate some of these mind-boggling issues, hah. :)


Yours,

Scott

Scott Johnson

unread,
Feb 10, 2021, 6:00:22 PMFeb 10
to David Barragán, taigaio
David:

As an alternative, do you happen to know if there is a way I can get Taiga to support XOAuth2 with Gmail, so that I don't have to utilize my username and password for Gmail to relay mail?

~Scott

David Barragán

unread,
Feb 11, 2021, 1:46:46 PMFeb 11
to Scott Johnson, taigaio
Sorry, but normally I connect taiga to a postfix server (and sometimes postfix is connected with an Amazon SES or mailjet). This shouldn't be complicated because Taiga uses django's common email module.

Maybe It could be a problem with the server port?? (https://stackoverflow.com/questions/38134714/starttls-extension-not-supported-by-server-getting-this-error-when-trying-to-s) I found this in docker-postfix documentation:

Please note that the image uses the submission (587) port by default. Port 25 is not exposed on purpose, as it's regularly blocked by ISPs, already occupied by other services, and in general should only be used for server-to-server communication.

To support xoauth2, you have to rebuild the taiga-back image adding this lib for django https://pypi.org/project/django-gmailapi-backend/ Then you can use the new email backend in the configuration. But I didn't test it.

Best regards

Scott Johnson

unread,
Feb 11, 2021, 2:14:15 PMFeb 11
to David Barragán, taigaio
Hi David:

Actually, I already have a postfix server running that was using Taiga 5 (and sent email fine via localhost). The thing is, it doesn't use TLS. I restrict the IP addresses for which postfix will allow smtp relay, which works fine for my purposes.

Unfortunately, when I try to configure Taiga 6 to use this same host for smtp relay, I get the following error when I disable TLS:

taiga-back_1             | ERROR:2021-02-11 19:09:28,671: Internal Server Error: /api/v1/memberships/6/resend_invitation

taiga-back_1             | Traceback (most recent call last):
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/core/handlers/exception.py", line 34, in inner
taiga-back_1             |     response = get_response(request)
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/core/handlers/base.py", line 115, in _get_response
taiga-back_1             |     response = self.process_exception_by_middleware(e, request)
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/core/handlers/base.py", line 113, in _get_response
taiga-back_1             |     response = wrapped_callback(request, *callback_args, **callback_kwargs)
taiga-back_1             |   File "/taiga-back/taiga/base/api/viewsets.py", line 104, in view
taiga-back_1             |     return self.dispatch(request, *args, **kwargs)
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
taiga-back_1             |     return view_func(*args, **kwargs)
taiga-back_1             |   File "/taiga-back/taiga/base/api/views.py", line 458, in dispatch
taiga-back_1             |     response = self.handle_exception(exc)
taiga-back_1             |   File "/taiga-back/taiga/base/api/views.py", line 456, in dispatch
taiga-back_1             |     response = handler(request, *args, **kwargs)
taiga-back_1             |   File "/taiga-back/taiga/projects/api.py", line 1078, in resend_invitation
taiga-back_1             |     services.send_invitation(invitation=invitation)
taiga-back_1             |   File "/taiga-back/taiga/projects/services/invitations.py", line 32, in send_invitation
taiga-back_1             |     email.send()
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/core/mail/message.py", line 306, in send
taiga-back_1             |     return self.get_connection(fail_silently).send_messages([self])
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/core/mail/backends/smtp.py", line 103, in send_messages
taiga-back_1             |     new_conn_created = self.open()
taiga-back_1             |   File "/opt/venv/lib/python3.7/site-packages/django/core/mail/backends/smtp.py", line 70, in open
taiga-back_1             |     self.connection.login(self.username, self.password)
taiga-back_1             |   File "/usr/local/lib/python3.7/smtplib.py", line 697, in login
taiga-back_1             |     "SMTP AUTH extension not supported by server.")
taiga-back_1             | smtplib.SMTPNotSupportedError: SMTP AUTH extension not supported by server.

I guess where I'm having frustrations is that I want to disable SMTP authentication. I am the only user of the system, and, actually, I don't even need email processing. The only problem is that I have a user account that I'm migrating as part of my project data from Taiga5. In order to get this user account set up, I need to send an invitation email through Taiga, and I can't get this to work. Do you know of another way to get the invitation set up so I can get my user account working and stop working as a superuser? :D

~Scott

David Barragán

unread,
Feb 12, 2021, 2:56:07 AMFeb 12
to Scott Johnson, taigaio
I can think of four ways that could solve your problem:

1).
You can create a user in the admin panel and then invite him to the project.

First go to the admin panel > users, press "+ add user button" adn create the new user.

image.png

Then go to the project admin panel in Taiga, with your superadmin user, and invite him

image.png
image.png

And that's all.

2).
When you invite a user to a project, you can check the invitation code in the superadmin panel, you can find it in the detail panel of a project (at the bottom of next image, field token)

image.png

In my case, the token is "122effde-6d04-11eb-8c1f-5c80b6f32541" so I can access to the invitation form at  taigaurl/invitation/122effde-6d04-11eb-8c1f-5c80b6f32541

image.png


3).
If you want to import a project from other instance the process is similar. First you create the user with the superadmin panel and then you import the project. If the email of a member of the imported project matches the created user, this user will be the new member of the project.


4).
Other optio could be configure the console email backend and read the the emails sent in the log files.
 
     EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend".


There is one more way, using the python shell and python code, but I hope with any of the above you can solve your problem.

Best regards

Scott Johnson

unread,
Feb 12, 2021, 12:24:28 PMFeb 12
to David Barragán, taigaio
Thanks, David.

I was actually able to solve this issue with a locally-hosted SMTP server. The problem was that default_transport and relay_transport had to be set in /etc/postfix/main.cf for my locally hosted SMTP server. For future reference, I've documented the issue here: https://stackoverflow.com/questions/66161722/using-taiga6-with-docker-and-an-smtp-server-that-does-not-require-authentication/66176287#66176287

Thanks for your help!

~Scott

David Barragán

unread,
Feb 12, 2021, 1:53:13 PMFeb 12
to Scott Johnson, taigaio
Great!! Glad to hear it!

Best regards
Reply all
Reply to author
Forward
0 new messages