[solved] How to set up email registration

To set-up email for Gitea check out the the following email providers recommended by Discourse:

Assuming you chose Mailgun do the following:

  1. Add your Gitea domain in Mailgun
  2. Add the Mailgun-suggested DNS records to domain. Rather than waiting 24-48 hours for DNS propogation look for the button inside Mailgun to check manually from the Mailgun dashboard.
  3. Edit your app.ini file to enable user registrations, email confirmations and set a noreply address. Look in the [services] section for this stuff and reference the Config Cheat Sheet for help.
  4. In the [mailer] section set the following: ENABLED=true, FROM=noreply@git.example.org, USE_SENDMAIL=false, HOST=smtp.mailgun.org:587, USER=[from-mailgun-dashboard], PASSWD=[from-mailgun-dashboard].

Consider also setting ENABLE_NOTIFY_EMAIL while you’re in there, then save and exit app.ini and then (assuming Docker) run a docker container restart [container_id] (available from docker ps).

Test emails can then be sent from the admin configuration settings as suggested here:

If all went well you should receive an email within a few seconds.

You can also send a test email via the admin configuration settings page.


1 Like

Email registration has been working well and I’ve had a number of users activate accounts. Since updating to to 1.5.2 I’ve seen a bunch of bots try and create accounts using various email addresses, some of which seem to be real given two users filed complaints (as reported by Mailgun):

Here’s what the spam accounts look like. I’ll find a way to bulk remove them later but none of them have activated so I’m not particularly concerned about them right now—just sharing for the benefit of others:

1 Like

@anon74399538 I know this is slightly off topic for this thread, but if you are concerned about being blocked from mailgun for sending email to these spammers you could use captcha (there is google recaptcha and just a plain built in system too that are options) to prevent these spammers.

1 Like

Good idea. A PoW-based tiny url might be useful too for accessibility and privacy compared to reCAPTCHA—which I’ve found to be sometimes unbearable gauntlet when using a socks5 proxy while browsing or traveling in SEA. Here’s a mirror which seems like a fun way to get some practice in with WireShark while taking some focus of the actual honey.


Also found this super useful feature today:

Since none of the bots were able to activate their accounts I was able to purge about 160 of them with one click. As for where the bots came from who knows.

After three weeks of logging here are some observations about the email spam I’ve collected in case it’s useful for anyone. First, the last two days of logs (2 failures and 1 complaint) visualized:

Raw log data from Mailgun
Search logs

11/05/18 12:00 AM - 11/07/18 11:59 PM

Date/Time Summary
11/06/18 07:49 PM Accepted: noreply@git.habd.as → claybro*****@hotmail.com ‘Please activate your account’
11/06/18 07:02 PM Accepted: noreply@git.habd.as → alexander.w.@gmail.com ‘Please activate your account’
11/06/18 06:38 PM Accepted: noreply@git.habd.as → tina
@yahoo.com ‘Please activate your account’
11/06/18 06:26 PM Accepted: noreply@git.habd.as → j.neauxg*****@gmail.com ‘Please activate your account’
11/06/18 06:14 PM Accepted: noreply@git.habd.as → patelm*****@verizon.net ‘Please activate your account’
11/06/18 06:02 PM Accepted: noreply@git.habd.as → ji*****@yahoo.com ‘Please activate your account’
11/06/18 05:49 PM Accepted: noreply@git.habd.as → ar*****@gmail.com ‘Please activate your account’
11/06/18 05:24 PM Accepted: noreply@git.habd.as → midbrobobs*****@charter.net ‘Please activate your account’
11/06/18 05:12 PM Accepted: noreply@git.habd.as → lo*****@gmail.com ‘Please activate your account’
11/06/18 04:59 PM Accepted: noreply@git.habd.as → britneyj*****@yahoo.com ‘Please activate your account’
11/06/18 04:47 PM Accepted: noreply@git.habd.as → fashionis*****@hotmail.co.uk ‘Please activate your account’
11/06/18 04:34 PM Accepted: noreply@git.habd.as → p*****@gmail.com ‘Please activate your account’
11/06/18 04:22 PM Accepted: noreply@git.habd.as → rca*****@mac.com ‘Please activate your account’
11/06/18 04:10 PM Accepted: noreply@git.habd.as → mariansin*****@gmail.com ‘Please activate your account’
11/06/18 03:57 PM Accepted: noreply@git.habd.as → c*****@3bauto.co.uk ‘Please activate your account’
11/06/18 03:45 PM Accepted: noreply@git.habd.as → fratt*****@cox.net ‘Please activate your account’
11/06/18 03:20 PM Accepted: noreply@git.habd.as → eric*****@gmail.com ‘Please activate your account’
11/06/18 03:08 PM Accepted: noreply@git.habd.as → hamm*****@gmail.com ‘Please activate your account’
11/06/18 02:55 PM Accepted: noreply@git.habd.as → larry.co*****@verizon.net ‘Please activate your account’
11/06/18 02:42 PM Accepted: noreply@git.habd.as → christianmarg*****@gmail.com ‘Please activate your account’
11/06/18 02:30 PM Accepted: noreply@git.habd.as → clo*****@sbcglobal.net ‘Please activate your account’
11/06/18 02:05 PM Accepted: noreply@git.habd.as → christinabr*****@comcast.net ‘Please activate your account’
11/06/18 01:40 PM Accepted: noreply@git.habd.as → fran_ruben*****@yahoo.com ‘Please activate your account’
11/06/18 01:28 PM Accepted: noreply@git.habd.as → lbco*****@aol.com ‘Please activate your account’
11/06/18 01:14 PM Accepted: noreply@git.habd.as → courtneys*****@gmail.com ‘Please activate your account’
11/06/18 12:35 PM Accepted: noreply@git.habd.as → k*****@wilsonmgmt.com ‘Please activate your account’
11/06/18 12:05 PM Accepted: noreply@git.habd.as → bp*****@hotmail.com ‘Please activate your account’
11/06/18 11:36 AM Accepted: noreply@git.habd.as → dr*****@gmx.de ‘Please activate your account’
11/06/18 11:07 AM Accepted: noreply@git.habd.as → lilm*****@gmail.com ‘Please activate your account’
11/06/18 10:38 AM Accepted: noreply@git.habd.as → rams*****@aol.com ‘Please activate your account’
11/06/18 10:08 AM Accepted: noreply@git.habd.as → bmc*****@yahoo.com ‘Please activate your account’
11/06/18 09:38 AM Accepted: noreply@git.habd.as → patrickjswans*****@gmail.com ‘Please activate your account’
11/06/18 09:08 AM Accepted: noreply@git.habd.as → a*****@aol.com ‘Please activate your account’
11/06/18 08:12 AM Accepted: noreply@git.habd.as → ninan*****@naver.com ‘Please activate your account’
11/06/18 07:44 AM Accepted: noreply@git.habd.as → klaus.seng*****@gmx.de ‘Please activate your account’
11/06/18 07:17 AM Accepted: noreply@git.habd.as → ashley*****@yahoo.com ‘Please activate your account’
11/06/18 06:55 AM Retry limit reached. Dropped: noreply@git.habd.as → =?UTF-8?q?ta.storona.m.o.sta.rek*****@gmail.com=0d=0a?= ‘Please activate your account’ No MX for gmail.com=0d=0a?= Server response: 498 No MX for gmail.com=0d=0a?=
11/06/18 06:51 AM Accepted: noreply@git.habd.as → new*****@aol.com ‘Please activate your account’
11/06/18 06:23 AM Accepted: noreply@git.habd.as → ryanbr*****@yahoo.com ‘Please activate your account’
11/06/18 05:56 AM Accepted: noreply@git.habd.as → richardwalterjo*****@yahoo.com ‘Please activate your account’
11/06/18 05:28 AM Accepted: noreply@git.habd.as → heathersantosre*****@gmail.com ‘Please activate your account’
11/06/18 04:35 AM Accepted: noreply@git.habd.as → big_lunk_co*****@yahoo.com ‘Please activate your account’
11/06/18 04:10 AM Accepted: noreply@git.habd.as → mailr*****@yahoo.com ‘Please activate your account’
11/06/18 03:20 AM Accepted: noreply@git.habd.as → su*****@livemaster.ru ‘Please activate your account’
11/06/18 02:29 AM Accepted: noreply@git.habd.as → mike.@me.com ‘Please activate your account’
11/06/18 02:05 AM Accepted: noreply@git.habd.as → gyn
@aol.com ‘Please activate your account’
11/06/18 02:05 AM Accepted: noreply@git.habd.as → m*****@brandongiesing.com ‘[after-dark] Web Mining (#7)’
11/06/18 01:42 AM Accepted: noreply@git.habd.as → aric*****@yahoo.com ‘Please activate your account’
11/06/18 12:56 AM Accepted: noreply@git.habd.as → j*****@dotweekly.com ‘Please activate your account’
11/05/18 11:47 PM Accepted: noreply@git.habd.as → kvz*****@yahoo.com ‘Please activate your account’
11/05/18 07:51 PM Accepted: noreply@git.habd.as → vul*****@aol.com ‘Please activate your account’
11/05/18 07:06 PM Accepted: noreply@git.habd.as → alicia*****@alumni.shu.edu ‘Please activate your account’
11/05/18 07:00 PM Accepted: noreply@git.habd.as → =?UTF-8?q?ta.storona.m.o.sta.rek*****@gmail.com=0d=0a?= ‘Please activate your account’
11/05/18 06:44 PM Accepted: noreply@git.habd.as → ndgo*****@mac.com ‘Please activate your account’
11/05/18 06:21 PM Accepted: noreply@git.habd.as → jlt*****@verizon.net ‘Please activate your account’
11/05/18 05:58 PM Accepted: noreply@git.habd.as → leonardo.la*****@yahoo.com ‘Please activate your account’
11/05/18 05:35 PM Accepted: noreply@git.habd.as → wallm*****@yahoo.com ‘Please activate your account’
11/05/18 05:14 PM Accepted: noreply@git.habd.as → c*****@gmail.com ‘Please activate your account’
11/05/18 04:53 PM Accepted: noreply@git.habd.as → coffi*****@comcast.net ‘Please activate your account’
11/05/18 04:10 PM Accepted: noreply@git.habd.as → ricerocke*****@yahoo.com ‘Please activate your account’
11/05/18 03:49 PM Accepted: noreply@git.habd.as → betsya*****@hotmail.com ‘Please activate your account’
11/05/18 03:08 PM Accepted: noreply@git.habd.as → lcaro*****@yahoo.com ‘Please activate your account’
11/05/18 02:48 PM Accepted: noreply@git.habd.as → ali*****@comcast.net ‘Please activate your account’
11/05/18 02:28 PM Accepted: noreply@git.habd.as → david_te*****@hotmail.com ‘Please activate your account’
11/05/18 02:07 PM Accepted: noreply@git.habd.as → rebeccahop*****@gmail.com ‘Please activate your account’
11/05/18 01:45 PM Accepted: noreply@git.habd.as → patelm*****@verizon.net ‘Please activate your account’
11/05/18 01:24 PM Accepted: noreply@git.habd.as → jennya*****@yahoo.com ‘Please activate your account’
11/05/18 01:01 PM Complained: mpreal@comcast.net ‘Please activate your account’
11/05/18 12:41 PM Accepted: noreply@git.habd.as → clyn*****@gmail.com ‘Please activate your account’
11/05/18 12:20 PM Accepted: noreply@git.habd.as → socale*****@gmail.com ‘Please activate your account’
11/05/18 11:39 AM Accepted: noreply@git.habd.as → mpreal@comcast.net ‘Please activate your account’
11/05/18 10:33 AM Accepted: noreply@git.habd.as → mar*****@hotmail.com ‘Please activate your account’
11/05/18 10:13 AM Accepted: noreply@git.habd.as → julieblak*****@btinternet.com ‘Please activate your account’
11/05/18 09:51 AM Accepted: noreply@git.habd.as → ssd*****@comcast.net ‘Please activate your account’
11/05/18 09:31 AM Accepted: noreply@git.habd.as → email_twice_bl*****@yahoo.com ‘Please activate your account’
11/05/18 09:10 AM Accepted: noreply@git.habd.as → mercedes.bau*****@gmail.com ‘Please activate your account’
11/05/18 08:49 AM Accepted: noreply@git.habd.as → cavy*****@gmail.com ‘Please activate your account’
11/05/18 08:28 AM Accepted: noreply@git.habd.as → danfan*****@gmail.com ‘Please activate your account’
11/05/18 08:08 AM Accepted: noreply@git.habd.as → marshaepe*****@comcast.net ‘Please activate your account’
11/05/18 07:49 AM Accepted: noreply@git.habd.as → charlesto*****@gmail.com ‘Please activate your account’
11/05/18 07:28 AM Accepted: noreply@git.habd.as → kri*****@gmail.com ‘Please activate your account’
11/05/18 07:08 AM Accepted: noreply@git.habd.as → djoyfalbe*****@gmail.com ‘Please activate your account’
11/05/18 05:35 AM Accepted: noreply@git.habd.as → emymai*****@gmail.com ‘Please activate your account’
11/05/18 05:17 AM Accepted: noreply@git.habd.as → debbiecleav*****@gmail.com ‘Please activate your account’
11/05/18 04:03 AM Accepted: noreply@git.habd.as → norman*****@icloud.com ‘Please activate your account’
11/05/18 03:44 AM Accepted: noreply@git.habd.as → kall*****@yahoo.de ‘Please activate your account’
11/05/18 03:07 AM Accepted: noreply@git.habd.as → m*****@brandongiesing.com ‘[after-dark] Web Mining (#7)’
11/05/18 03:06 AM Accepted: noreply@git.habd.as → catwiesel-an*****@web.de ‘Please activate your account’
11/05/18 02:10 AM Accepted: noreply@git.habd.as → jarrod*****@gmail.com ‘Please activate your account’

Parsing the logs the only thing that popped out at me was:

11/05/18 01:01 PM	Complained: mpreal@comcast.net 'Please activate your account'

Which I found on a blacklist here with a mention of WordPress: https://cleantalk.org/blacklists/mpreal@comcast.net

So far all spam accounts use the “SatGuach” postfix in their name.

Regarding the removal of unactivated accounts via the Admin Dashboard, I’ve observed as least some of the offending users were not removed as they were activated as shown here:


This seems to suggest the bots may now be following email activation links. And while I understand reCAPTCHA was added with the 1.6.0 release I have expressed some of my concerns on using it.

SatGuach fell out of favor, at least on https://git.habd.as and the new faux users are now using the “Ploms” suffix, as shown here. As like the prior, running a Delete all unactivated accounts from admin Maintenance Operations will typically purge these users.

And while I respect the authors of Gitea for providing a CAPTCHA option, I still do not feel using reCAPTCHA is a good approach for those with well wishes for the privacy of their users.

Can someone help me with this? I have Gitea with MySQL in docker containers and the mailer times out when sending out test emails.

ENABLED = true
HOST    = smtp.mailgun.org:587
FROM    = no-reply@domain.tld
USER    = postmaster@git.domain.tld
PASSWD  = 'password-has-special-chars'
# nginx error log
2019/02/11 04:36:33 [error] 19682#0: *11322 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 73.66.xxx.xxx, server: git.domain.tld, request: "POST /admin/config/test_mail HTTP/2.0", upstream: "", host: "git.domain.tld", referrer: "https://git.domain.tld/serviceworker.js"

@anon74399538 there is a non-reCAPTCHA CAPTCHA system provided by Gitea as well. (look at CAPTCHA_TYPE setting in docs)

1 Like

Just adding this in as a note for others coming from Google or otherwise, @cim’s problem was solved as their host had blocked the email port, and once unblocked everything was solved.