From c0722c74e9476ea49cccbc22f514570bb852f5b2 Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Thu, 20 Feb 2025 01:03:55 +0900 Subject: [PATCH 1/6] Update docs/configuring-playbook-email.md: add the links to the role and its documentation Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-email.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/configuring-playbook-email.md b/docs/configuring-playbook-email.md index 8968b48f1..3e01449a7 100644 --- a/docs/configuring-playbook-email.md +++ b/docs/configuring-playbook-email.md @@ -20,6 +20,10 @@ By default, emails are sent from `matrix@matrix.example.com`, as specified by th 💡 To improve deliverability, we recommend [relaying email through another SMTP server](#relaying-email-through-another-smtp-server) anyway. +The Ansible role for exim-relay is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay). For details about configuring exim-relay, you can check them via: +- 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md) online +- 📁 `roles/galaxy/exim_relay/docs/configuring-exim-relay.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles) + ## Firewall settings No matter whether you send email directly (the default) or you relay email through another host (see how below), you'll probably need to allow outgoing traffic for TCP ports 25/587 (depending on configuration). From 916831f94d142945a1a67c87edcacd3ec1765f5d Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Thu, 20 Feb 2025 01:04:07 +0900 Subject: [PATCH 2/6] Update docs/configuring-playbook-email.md: refer the docs at the role Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-email.md | 48 ++++-------------------------- 1 file changed, 6 insertions(+), 42 deletions(-) diff --git a/docs/configuring-playbook-email.md b/docs/configuring-playbook-email.md index 3e01449a7..1ab654181 100644 --- a/docs/configuring-playbook-email.md +++ b/docs/configuring-playbook-email.md @@ -11,15 +11,8 @@ SPDX-License-Identifier: AGPL-3.0-or-later By default, this playbook sets up an [Exim](https://www.exim.org/) email server through which all Matrix services send emails. -The email server would attempt to deliver emails directly to their final destination. This may or may not work, depending on your domain configuration (SPF settings, etc.) - By default, emails are sent from `matrix@matrix.example.com`, as specified by the `exim_relay_sender_address` playbook variable. -> [!WARNING] -> On some cloud providers (Google Cloud, etc.), [port 25 is always blocked](https://cloud.google.com/compute/docs/tutorials/sending-mail/), so sending email directly from your server is not possible. You will need to [relay email through another SMTP server](#relaying-email-through-another-smtp-server). - -💡 To improve deliverability, we recommend [relaying email through another SMTP server](#relaying-email-through-another-smtp-server) anyway. - The Ansible role for exim-relay is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay). For details about configuring exim-relay, you can check them via: - 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md) online - 📁 `roles/galaxy/exim_relay/docs/configuring-exim-relay.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles) @@ -30,45 +23,16 @@ No matter whether you send email directly (the default) or you relay email throu ## Adjusting the playbook configuration -### Relaying email through another SMTP server +### Relaying email through another SMTP server (optional) -If you'd like to relay email through another SMTP server, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs): +By default, exim-relay attempts to deliver emails directly. This may or may not work, depending on your domain configuration (SPF settings, etc.) -```yaml -exim_relay_sender_address: "another.sender@example.com" -exim_relay_relay_use: true -exim_relay_relay_host_name: "mail.example.com" -exim_relay_relay_host_port: 587 -exim_relay_relay_auth: true -exim_relay_relay_auth_username: "another.sender@example.com" -exim_relay_relay_auth_password: "PASSWORD_FOR_THE_RELAY_HERE" -``` +**On some cloud providers such as Google Cloud, [port 25 is always blocked](https://cloud.google.com/compute/docs/tutorials/sending-mail/), so sending email directly from your server is not possible.** In this case, you will need to relay email through another SMTP server. -**Note**: only the secure submission protocol (using `STARTTLS`, usually on port `587`) is supported. **SMTPS** (encrypted SMTP, usually on port `465`) **is not supported**. +For details about configuration, refer [this section](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md#relaying-email-through-another-smtp-server) on the role's document. -### Sending emails using Sendgrid - -An easy and free SMTP service to set up is [Sendgrid](https://sendgrid.com/). Its free tier allows for up to 100 emails per day to be sent. - -To set it up, add the following configuration to your `vars.yml` file (adapt to your needs): - -```yaml -exim_relay_sender_address: "example@example.org" -exim_relay_relay_use: true -exim_relay_relay_host_name: "smtp.sendgrid.net" -exim_relay_relay_host_port: 587 -exim_relay_relay_auth: true - -# This needs to be literally the string "apikey". It is always the same for Sendgrid. -exim_relay_relay_auth_username: "apikey" - -# You can generate the API key password at this URL: https://app.sendgrid.com/settings/api_keys -# The password looks something like `SG.955oW1mLSfwds7i9Yd6IA5Q.q8GTaB8q9kGDzasegdG6u95fQ-6zkdwrPP8bOeuI`. -exim_relay_relay_auth_password: "YOUR_API_KEY_PASSWORD_HERE" -``` +💡 To improve deliverability, we recommend relaying email through another SMTP server anyway. ## Troubleshooting -If you're having trouble with email not being delivered, it may be useful to inspect the mailer logs. - -To do so, log in to the server with SSH and run `journalctl -f -u matrix-exim-relay`. +See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md#troubleshooting) on the role's documentation for details. From 2e9e6e60947d06909ff0a67ef0ae55ad931594a3 Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Thu, 20 Feb 2025 01:04:13 +0900 Subject: [PATCH 3/6] Update docs/configuring-playbook-email.md: edit the introduction Based on https://github.com/mother-of-all-self-hosting/mash-playbook/blob/00214dc4939981f187b1678678ecfc6c1bcd29df/docs/services/exim-relay.md Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-email.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/configuring-playbook-email.md b/docs/configuring-playbook-email.md index 1ab654181..4a24a89ca 100644 --- a/docs/configuring-playbook-email.md +++ b/docs/configuring-playbook-email.md @@ -9,9 +9,9 @@ SPDX-License-Identifier: AGPL-3.0-or-later # Adjusting email-sending settings (optional) -By default, this playbook sets up an [Exim](https://www.exim.org/) email server through which all Matrix services send emails. +By default, this playbook sets up an [Exim](https://www.exim.org/) relay SMTP mailer service (powered by [exim-relay](https://github.com/devture/exim-relay) and the [ansible-role-exim-relay](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay) Ansible role), through which all Matrix services send emails. -By default, emails are sent from `matrix@matrix.example.com`, as specified by the `exim_relay_sender_address` playbook variable. +**With the default setting, exim-relay attempts to deliver emails directly with the address `matrix@matrix.example.com`**, as specified by the `exim_relay_sender_address` playbook variable. See below if you want to configure the playbook to relay email through another SMTP server. The Ansible role for exim-relay is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay). For details about configuring exim-relay, you can check them via: - 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md) online @@ -19,7 +19,7 @@ The Ansible role for exim-relay is developed and maintained by [the MASH (mother ## Firewall settings -No matter whether you send email directly (the default) or you relay email through another host (see how below), you'll probably need to allow outgoing traffic for TCP ports 25/587 (depending on configuration). +No matter whether you send email directly (the default) or you relay email through another host, you'll probably need to allow outgoing traffic for TCP ports 25/587 (depending on configuration). ## Adjusting the playbook configuration From 5b3b372f367df24b616ec41b2536c41365eb7604 Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Thu, 20 Feb 2025 01:04:23 +0900 Subject: [PATCH 4/6] Update docs/configuring-playbook-email.md: copy the instruction for firewall It was copied from https://github.com/mother-of-all-self-hosting/mash-playbook/commit/699b458733b0d890588286a0345b3636c79f7b58. The current copyright header covers this one. Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-email.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuring-playbook-email.md b/docs/configuring-playbook-email.md index 4a24a89ca..4857796bd 100644 --- a/docs/configuring-playbook-email.md +++ b/docs/configuring-playbook-email.md @@ -21,6 +21,8 @@ The Ansible role for exim-relay is developed and maintained by [the MASH (mother No matter whether you send email directly (the default) or you relay email through another host, you'll probably need to allow outgoing traffic for TCP ports 25/587 (depending on configuration). +Docker automatically opens these ports in the server's firewall, so you likely don't need to do anything. If you use another firewall in front of the server, you may need to adjust it. + ## Adjusting the playbook configuration ### Relaying email through another SMTP server (optional) From 235f11fede6c9ce9b73d6c1144ba7edab86e801f Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Thu, 20 Feb 2025 01:04:32 +0900 Subject: [PATCH 5/6] Update docs/configuring-playbook-email.md: add an instruction to disable mail service Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-email.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/configuring-playbook-email.md b/docs/configuring-playbook-email.md index 4857796bd..ceaca94c1 100644 --- a/docs/configuring-playbook-email.md +++ b/docs/configuring-playbook-email.md @@ -35,6 +35,18 @@ For details about configuration, refer [this section](https://github.com/mother- 💡 To improve deliverability, we recommend relaying email through another SMTP server anyway. +### Disable mail service (optional) + +For a low-power server you might probably want to disable exim-relay. To do so, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: + +```yaml +exim_relay_enabled: false +``` + +Note that disabling exim-relay will stop email-notifications and other similar functions from working. + +See [this entry on the FAQ](faq.md#how-do-i-optimize-this-setup-for-a-low-power-server) for other possible optimizations for a low-power server. + ## Troubleshooting See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md#troubleshooting) on the role's documentation for details. From c1bd6ba965f9b26c5e61e3c5e1ab75fd92d763f3 Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Thu, 20 Feb 2025 01:04:37 +0900 Subject: [PATCH 6/6] Update docs/configuring-playbook-email.md: copy the common section for installing The copyright header covers this one. Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-email.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/configuring-playbook-email.md b/docs/configuring-playbook-email.md index ceaca94c1..a1d7dff76 100644 --- a/docs/configuring-playbook-email.md +++ b/docs/configuring-playbook-email.md @@ -47,6 +47,19 @@ Note that disabling exim-relay will stop email-notifications and other similar f See [this entry on the FAQ](faq.md#how-do-i-optimize-this-setup-for-a-low-power-server) for other possible optimizations for a low-power server. +## Installing + +After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below: + + +```sh +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + +The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all` + +`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too. + ## Troubleshooting See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md#troubleshooting) on the role's documentation for details.