Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Recommend mandatory STARTTLS for Google #43594

Merged
merged 3 commits into from Sep 9, 2022
Merged

Recommend mandatory STARTTLS for Google #43594

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
3effda3
Recommend mandatory STARTTLS
c960657 Nov 4, 2021
c0a51d9
Explain version constraints
c960657 Feb 2, 2022
5762ec2
Merge remote-tracking branch 'origin/main' into enable-starttls
c960657 May 5, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 2 additions & 1 deletion actionmailer/lib/action_mailer/base.rb
View file
Open in desktop
Expand Up @@ -425,7 +425,8 @@ module ActionMailer
# This is a symbol and one of <tt>:plain</tt> (will send the password Base64 encoded), <tt>:login</tt> (will
# send the password Base64 encoded) or <tt>:cram_md5</tt> (combines a Challenge/Response mechanism to exchange
# information and a cryptographic Message Digest 5 algorithm to hash important information)
# * <tt>:enable_starttls</tt> - Use STARTTLS when connecting to your SMTP server and fail if unsupported. Defaults to <tt>false</tt>.
# * <tt>:enable_starttls</tt> - Use STARTTLS when connecting to your SMTP server and fail if unsupported. Defaults
# to <tt>false</tt>. Requires at least version 2.7 of the Mail gem.
# * <tt>:enable_starttls_auto</tt> - Detects if STARTTLS is enabled in your SMTP server and starts
# to use it. Defaults to <tt>true</tt>.
# * <tt>:openssl_verify_mode</tt> - When using TLS, you can set how OpenSSL checks the certificate. This is
Expand Down
26 changes: 14 additions & 12 deletions guides/source/action_mailer_basics.md
View file
Open in desktop
Expand Up @@ -854,18 +854,20 @@ Add this to your `config/environments/$RAILS_ENV.rb` file to send via Gmail:
```ruby
config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
address: 'smtp.gmail.com',
port: 587,
domain: 'example.com',
user_name: '<username>',
password: '<password>',
authentication: 'plain',
enable_starttls_auto: true,
open_timeout: 5,
read_timeout: 5 }
```

NOTE: On July 15, 2014, Google increased [its security measures](https://support.google.com/accounts/answer/6010255) to block attempts from apps it deems less secure.
address: 'smtp.gmail.com',
port: 587,
domain: 'example.com',
user_name: '<username>',
password: '<password>',
authentication: 'plain',
enable_starttls: true,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This option isn't documented here

rails/actionmailer/lib/action_mailer/base.rb

Line 405 in 603631b

# * <tt>:enable_starttls_auto</tt> - Detects if STARTTLS is enabled in your SMTP server and starts

Should it be?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just realised that enable_starttls was added in mail version 2.7.0. Surprisingly, the auto-feature was added first.

Action Mailer currently requires version 2.5.4.

I don't think there is any reason to bump the requirement just because of the guide, but the new option definitely deserves to be mentioned. I'll fix.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Arg, I made this fix a long time ago but I somehow failed to push my branch. In the meantime this option has been documented in #44096.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So if you are using an older version of mail and set this option, will that be fine?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have added a note about this.

open_timeout: 5,
read_timeout: 5 }
```

If you are using an old version of the Mail gem (2.6.x or earlier), use `enable_starttls_auto` instead of `enable_starttls`.

NOTE: Google [blocks sign-ins](https://support.google.com/accounts/answer/6010255) from apps it deems less secure.
You can change your Gmail settings [here](https://www.google.com/settings/security/lesssecureapps) to allow the attempts. If your Gmail account has 2-factor authentication enabled,
then you will need to set an [app password](https://myaccount.google.com/apppasswords) and use that instead of your regular password.

Expand Down