I just upgraded to from self hosted 4 to 5, and i have an issues with outgoing email.
I cant send emails, i get this error “400: Bad Request • Connection to “smtp.gmail.com:587” timed out.”
i tried different emails account but no luck.
Hi,
I suggest checking the domain/port is reachable from the server using telnet.
I’m using the same setting from V4, and same host. V4 is still working.
I’m not sure, the error implies it’s a networking issue.
The equivalent option in v5 is smtp
i found this fix and it worked but i’m not sure how safe is it php - stream_socket_enable_crypto(): Peer certificate CN=`<hostname>' did not match expected CN=`smtp-relay.sendinblue.com' - Stack Overflow
Sorry, I’m not familiar with it
@Dandashi Can you possibly share just the mail settings from your .env config file?
Just remember to remove your password and any login information, similar to below.
MAIL_MAILER="smtp"
MAIL_HOST="smtp.myemail.com"
MAIL_PORT="465"
MAIL_USERNAME="[email protected]"
MAIL_PASSWORD="********"
MAIL_ENCRYPTION="ssl"
MAIL_FROM_ADDRESS="[email protected]"
MAIL_FROM_NAME="My Business/organization"
If you are using Google Workspace, it is definitely recommended to use the SMTP relay when sending emails from something like InvoiceNinja. If that is not an option and you are using a free Gmail account, the next option is to use their SMTP server, as you are trying to do. Here is the Google support article for how to do that.
Personally, I would not recommend reducing any security measures. But that is just me and what I have recommended to my clients.
This may sound silly, but have you verified that port 587 (and 465) are still open after your upgrades or when you setup your new server?
The other issue with Gmail can be the requirement to connect via OAuth, which is complicated to do via command line. This often will simply return a time out error with no explanation of what is happening. To get around this, you need to enable ‘Less secure apps’ in your Gmail account security settings and then create an app password to use this in InvoiceNinja. You can find many debates online whether using an app password is any less secure or not. There are people on both sides of the discussion.
Below are the settings, i’m using an App password from my Gmail account. how do i check if the ports are open?
MAIL_MAILER=“smtp”
MAIL_HOST=“smtp.gmail.com”
MAIL_PORT=“587”
MAIL_USERNAME="[email protected]"
MAIL_PASSWORD=“app specific password”
MAIL_ENCRYPTION=“tls”
MAIL_FROM_ADDRESS="[email protected]"
MAIL_FROM_NAME=“ABDULAZIZ”
1 Like
Okay, thank you. That all looks fine.
If you have nmap installed on the server, one thing you can do is use that to test if it is open. The simplest to test if it is accessible from your server is:
nmap -p 587 smtp.google.com
Unfortunately, when I run that from my server, it tells me that Google is blocking access (I explain why below). However, if you run the following:
nmap -Pn 587 smtp.google.com
Then you should, hopefully, see output similar to this:
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-08-16 12:30 EDT
Stats: 0:00:26 elapsed; 0 hosts completed (2 up), 2 undergoing Connect Scan
Connect Scan Timing: About 68.60% done; ETC: 12:31 (0:00:12 remaining)
Nmap scan report for 587 (0.0.2.75)
Host is up.
All 1000 scanned ports on 587 (0.0.2.75) are in ignored states.
Not shown: 1000 filtered tcp ports (no-response)
Nmap scan report for smtp.google.com (142.251.167.27)
Host is up (0.0020s latency).
Other addresses for smtp.google.com (not scanned): 64.233.180.27 142.251.163.27 142.251.167.26 64.233.180.26 2607:f8b0:4004:c1d::1b 2607:f8b0:4004:c21::1b 2607:f8b0:4004:c21::1a 2607:f8b0:4004:c1d::1a
rDNS record for 142.251.167.27: ww-in-f27.1e100.net
All 1000 scanned ports on smtp.google.com (142.251.167.27) are in ignored states.
Not shown: 998 filtered tcp ports (no-response), 2 filtered tcp ports (host-unreach)
Nmap done: 2 IP addresses (2 hosts up) scanned in 38.50 seconds
To check what ports are specifically open on your server, make sure you have net-tools installed (on Ubuntu or Debian) and run the following:
sudo netstat -tulpn | grep LISTEN
The results should look something like this:
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 739/systemd-resolve
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1022/mariadbd
tcp 0 0 ***.***.***.***:47826 0.0.0.0:* LISTEN 877/tailscaled
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 909/nginx: master p
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 909/nginx: master p
tcp 0 0 127.0.0.54:53 0.0.0.0:* LISTEN 739/systemd-resolve
tcp6 0 0 fd7a:115c:a1e0::8:35997 :::* LISTEN 877/tailscaled
tcp6 0 0 :::443 :::* LISTEN 909/nginx: master p
tcp6 0 0 :::80 :::* LISTEN 909/nginx: master p
tcp6 0 0 :::22 :::* LISTEN 1/init
If you are using ufw (or a similar) firewall on the server, you may want to check sudo ufw status.
However, this doesn’t mean that anyone from the outside has access to your open ports. They may be blocked by other factors (router, hardware firewall, ISP, etc.), depending on where your server is located. You may also need to check your iptables.
Last but not least, there is quite a lot of discussion on many websites - including Google’s own help forum - that if you are trying to access Google SMTP using a VPN (regardless of what type of VPN: work, privacy, geo-blocking), they often block access. Google does not give a clear answer as to why, but it is a common problem. I use a VPN for work on my server, hence the most likely reason why my first attempt to run nmap above was blocked.
1 Like
Thanks for the info, i contected the support of my host vps.net and this is their reply:
"I’ve checked that ports 587 and 25 are opened on the VPS 109.123.86.14 , so it should work.
And from VPS - outgoing port 587 is opened too:
[root@sr ~]# telnet smtp.gmail.com 587
Trying 2a00:1450:400c:c02::6d…
Connected to smtp.gmail.com.
Escape character is ‘^]’.
220 smtp.gmail.com ESMTP ffacd0b85a97d-371898aa496sm6053607f8f.89 - gsmtp
^]
I’ve checked that all DNS records are seems set properly.
Also enabled the SMTP restrictions and checked the mail delivery by sending email to the “mail-tester” service, it was successfully:
Result: Score : 9/10"
@Dandashi Does this mean it is now working for you?
unfortunately its not
Sorry to hear this.
I’m going to see if I can duplicate this issue, but cannot get to it until later today.