Gitlab SMTP Configuration

Question

I am new to Gitlab. I configure SMTP in Gitlab that looks like,

{:authentication=>:login,                         
 :user_name=>"My Email",                  
 :password=>"Email Password",         
 :address=>"smtp.office365.com",
 :port=>587,
 :domain=>"My Domain",
 :enable_starttls_auto=>true,
 :openssl_verify_mode=>"peer",
 :ca_path=>"/etc/ssl/certs",
 :ca_file=>"/etc/ssl/certs/ca-certificates.crt",
 :open_timeout=>30,
 :read_timeout=>60}

But when I send test mail I am getting bellow error, I don't know how to solve this.

Delivered mail [email protected] (120201.6ms)
/opt/gitlab/embedded/lib/ruby/3.1.0/socket.rb:1214:in `__connect_nonblock': Network is unreachable - connect(2) for 
[2603:1016:401:2c11::2]:587 (Errno::ENETUNREACH)                                                                            
        from /opt/gitlab/embedded/lib/ruby/3.1.0/socket.rb:1214:in `connect_nonblock'                                                                           
        from /opt/gitlab/embedded/lib/ruby/3.1.0/socket.rb:56:in `connect_internal'                                                                             
        from /opt/gitlab/embedded/lib/ruby/3.1.0/socket.rb:137:in `connect'     
        from /opt/gitlab/embedded/lib/ruby/3.1.0/socket.rb:227:in `each'        
        from /opt/gitlab/embedded/lib/ruby/3.1.0/socket.rb:227:in `foreach'     
        from /opt/gitlab/embedded/lib/ruby/3.1.0/socket.rb:632:in `tcp'         
        from /opt/gitlab/embedded/lib/ruby/gems/3.1.0/gems/net-smtp-0.3.3/lib/net/smtp.rb:643:in `tcp_socket'
    from /opt/gitlab/embedded/lib/ruby/gems/3.1.0/gems/net-smtp-0.3.3/lib/net/smtp.rb:656:in `do_start'
    from /opt/gitlab/embedded/lib/ruby/gems/3.1.0/gems/net-smtp-0.3.3/lib/net/smtp.rb:611:in `start'
    from /opt/gitlab/embedded/service/gitlab-rails/config/initializers/mail_starttls_patch.rb:53:in `start_smtp_session'
    from /opt/gitlab/embedded/lib/ruby/gems/3.1.0/gems/mail-2.8.1/lib/mail/network/delivery_methods/smtp.rb:100:in `deliver!'
    from /opt/gitlab/embedded/lib/ruby/gems/3.1.0/gems/mail-2.8.1/lib/mail/message.rb:2145:in `do_delivery'
    from /opt/gitlab/embedded/lib/ruby/gems/3.1.0/gems/mail-2.8.1/lib/mail/message.rb:253:in `block in deliver'
    from /opt/gitlab/embedded/lib/ruby/gems/3.1.0/gems/actionmailer-7.0.8.1/lib/action_mailer/base.rb:588:in `block in deliver_mail'
    from /opt/gitlab/embedded/lib/ruby/gems/3.1.0/gems/activesupport-7.0.8.1/lib/active_support/notifications.rb:206:in `block in instrument'
    ... 20 levels...

Answer 1

There is likely an outbound block on TCP/587. Speak with your network administrator to open that port as an exception for your source IP. Should clear things up... You should be able to do a service ping on port 25 & 587 to show that it is not being passed normally. or telnet out to those ports, if you can still get a telnet client to install without a whole lot of fuss?

You MAY have to escalate this to a provider. Unfortunately, mileage will vary. Some are easy to work with when opening ports for services while others are like dealing with the worst cable/phone providers in the history of the business.

The issue is, when some providers block outbound SMTP traffic, they simply drop it and take no further actions. A courtesy response would be nice. If the service itself cannot return connection refused or send an ICMP response that tells me the service is administratively blocked and/or prohibited. Perhaps include the rule # that my traffic matches for reference. Simply dropping all tcp 25/587 traffic on the floor is a pretty lousy practice IMO.

Whomever has administratively prohibited this traffic, may have an additional service that you can subscribe to and pay for, that enables you to send SMTP mail like a normal system? They may require you to use SASLAUTH to their own mail relay? I've had to deal with a number of goofy implementations, just to work around UCE prevention measures.

Yes! It is a monumental PITA but that's just how the world turns these days.