Errors configuring Invoice Ninja w/ G Suite SMTP relay

Self-Hosted | v4/Legacy
1

I know this isn’t necessarily Invoice Ninja-specific, however, to be able to use this awesome software, I am hoping to get this configured. I am sure others would benefit from some documentation on this.

I am a G Suite account holder and have it tied to my main domain, in this example: mydomain.com. I am essentially wanting to be able to route all of Invoice Ninja’s emails through my G Suite account so my clients see emails as coming from my site.

On the initial Invoice Ninja setup/installation (I am self-hosting), I keep getting this error:
“Expected response code 250 but got code “550”, with message “Invalid credentials for relay [2604:a980:801:a1::a9f:6003]. The IP address you’ve registered in your G Suite SMTP Relay service doesn’t match domain of the account this email is being sent from. If you are trying to relay mail from a domain that isn’t registered under your G Suite account or has empty envelope-from, you must configure your mail server either to use SMTP AUTH to identify the sending domain or to present one of your domain names in the HELO or EHLO command. For more information, please visit https://support.google.com/a/answer/6140680#invalidcred””

I’m completely stumped for now. I’ve tried getting this set up many different ways. Has anyone else been able to successfully get G Suite/Gmail’s SMTP relay working with Invoice Ninja?

I’m going to include all of my settings below (obfuscated for security) if someone might consider helping me. I would sincerely appreciate it so much!!

Domain/DNS settings:
Domain: mydomain.com
Records (Type | Host | Value):
A - @ - 111.11.1111.111 (IP of my webserver)
CNAME - crm - mydomain.com
TXT - google._domainkey - v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ… (truncated)
TXT - @ - v=spf1 ip4:111.11.1111.111 include:_spf.google.com ~all
TXT - _dmarc.mydomain.com - v=DMARC1; p=quarantine; rua=mailto:[email protected]

G Suite settings:
Main G Suite admin/account email: [email protected]
I have aliases on this address set to: [email protected], [email protected], etc.

  • I have 2-step verification turned on for my account, so I created an app-specific password for my [email protected] account.

SMTP relay settings:
Allowed senders: Only addresses in my domains
Authentication:

  • I have checked “Only accept mail from specified IP address(s)” and added the IP address of my webserver (i.e. 111.11.1111.111)
  • I have checked “Require SMTP authentication”
    Encryption:
  • I have checked “Require TLS encryption”

Invoice Ninja initial installation email settings:
Driver: SMTP
From Name: My Company Name
From Address: [email protected]
Username: [email protected]
Host: smtp-relay.gmail.com
Port: 587
Encryption: TLS
Password: my-app-specific-password

When clicking the “Send test email” button with all of these settings and configuration, this is when I get the “Invalid credentials for relay [2604:a980:801:a1::a9f:6003]. The IP address you’ve registered in your G Suite SMTP Relay service doesn’t match…” error.

Would appreciate any insight. Maybe someone else has successfully gotten this set up/configured and might share? I’ve poured through Google’s documentation on getting SMTP relays set up but it seems as though everything I’ve done matches. :frowning:

Thank you truly in advance!!

2

Forgot to add the last section that this is how I would like emails to appear as coming from Invoice Ninja…

From: My Company Name <[email protected]>

3

Is there a specific reason you’re trying to setup SMTP Relay vs just going with GSuite’s SMTP servers? I have not had any experience with their relay service and can’t help you with that but I have successfully setup using my Gsuite account using Google SMTP server smtp.gmail.com. IMHO the relay service is geared towards adding Gmail security features such as spam filtering to outgoing messages before they reach external contacts. Since you will be sending mail only from IN I’m not sure what the benefit would be.

To successfully use Gsuite I highly recommend all the usual steps to validate and configure your domain:

  • Add SPF record to your domain's DNS zone file
  • Setup DKIM key in Gsuite Admin Control Panel and add this to your DNS
  • Ensure you have enabled "Allow Less Secure Apps" for the account you wish to use (ie. [email protected]) in Google MyAccount Settings
  • Setup DMARC by adding a TXT record to your DNS. I suggest not enabling quarantine or reject settings.
  • Make sure you have a valid SSL cert installed on your server and that you use https links in all areas of your emails

Some Helpful Resources

  • Mail-Tester.com — check the spamyness of your messages
  • MXToolbox — check your DNS records and validate SPF, DKIM, & DMARC
  • Google Postmaster Tools — Use Postmaster Tools to analyze your email performance, and help Gmail route your messages to the right place.

Good luck :slight_smile:

4

I appreciate your insight @jmadrone, but I guess the reason why I thought I needed to use Google’s SMTP relay was because messages weren’t sending from the way I would like them to. I have been able to get the regular SMTP setup working with Gmail, but going that route makes messages appear to come from that particular G Suite email address rather than allowing me to customize the from address.

Rather than emails coming From: My Company Name <[email protected]> , where [email protected] is my main G Suite account, I’d rather emails to appear that they come from “[email protected]” or “[email protected]” . I can’t seem to figure out how to configure Invoice Ninja to send emails like that. That’s where I read up on G Suite’s SMTP relay and it sounds like going that route you can either leave an empty “FROM” or at least specify a “FROM” address that exists in your domain.

(I’m just trying to avoid having to create another user in my G Suite account to handle emails specifically from Invoice Ninja. I’m a one-man freelancer.)

5

Ah yes, that makes sense, having emails come from a nice professional address I mean. The behavior of the IN email settings seems strange, and really begs the question:

Why have a FROM address in settings if it's basically totally ignored?

A search of the headers will show at least a half dozen places where the <username>@domain.com is mentioned and only one time near the very bottom is the FROM even listed. Without looking at the header one would never even see the FROM address from the IN settings page. Is this how other email provider’s behave too or just Google?

I have a user setup in Gsuite, and that’s my suggestion to you. I realize that costs $5/mo, unless you have an old grandfathered free account like mine, but I just don’t feel like it’s worth the risk of having poor deliverability/missing messages. It seems like this was a lot easier in years past and I suspect that many of the old tricks will no longer work, due to heightened filtering by ISP’s to maintain IP reputability, yada yada yada. Gmail has several new features that don’t affect IMAP clients — You can see settings for these in Gsuite Admin -> Apps -> Gsuite -> Gmail -> Safety.

My experience in setting this up has led to a strong feeling that any deviation from being 100% compliant in every possible way — by that I mean SPF, DKIM, DMARC, valid SSL cert, https links, no redirects, etc… — and in my mind that also includes having a ENVELOPE FROM address that checks out to a domain you own and probably a valid user. I’m not sure I would want to risk messages not getting through, they are important messages by their very nature after all.

Sorry I couldn’t be of more help :slight_smile: Hope you get it worked out.