[solved] How to set up email registration

Install/Maintain/Configure

anon74399538 July 5, 2018, 5:43am 1

To set-up email for Gitea check out the the following email providers recommended by Discourse:

github.com

discourse/discourse/blob/main/docs/INSTALL-email.md

### Recommended Email Providers for Discourse

We strongly recommend using a dedicated email service. Email server setup and maintenance is _very_ difficult even for experienced system administrators, and getting any part of the complex required email setup wrong means your email won't be delivered, or worse, delivered erratically.

The following are template configurations for email service providers known to work with Discourse.

_The pricing information is included as a courtesy, and may be out of date. Discourse does not control the pricing for external services, be sure to check with the email provider for up to date pricing information._

**Please note that in any email provider, you _must_ verify and use the subdomain, e.g. `discourse.example.com`. If you verify the domain only, e.g. `example.com`, mail will not be configured correctly.**

Enter these values when prompted by `./discourse-setup` per the [install guide](https://github.com/discourse/discourse/blob/main/docs/INSTALL-cloud.md#edit-discourse-configuration). To change the current email service, run `./discourse-setup` as well (this will bring the forum offline for a few minutes while it gets rebuilt).

#### [Mailgun][gun] — 5k emails/month on a 3 month trial

    SMTP server address? smtp.mailgun.org
    SMTP user name?      [SMTP credentials for your domain under domains tab]
    SMTP password?       [SMTP credentials for your domain under domains tab]

#### [SendGrid][sg] — 40k emails on a 30 day trial

This file has been truncated. show original

Assuming you chose Mailgun do the following:

1. Add your Gitea domain in Mailgun
2. Add the Mailgun-suggested DNS records to domain. Rather than waiting 24-48 hours for DNS propogation look for the button inside Mailgun to check manually from the Mailgun dashboard.
3. Edit your app.ini file to enable user registrations, email confirmations and set a noreply address. Look in the [services] section for this stuff and reference the Config Cheat Sheet for help.
4. In the [mailer] section set the following: ENABLED=true, FROM=noreply@git.example.org, USE_SENDMAIL=false, HOST=smtp.mailgun.org:587, USER=[from-mailgun-dashboard], PASSWD=[from-mailgun-dashboard].

Consider also setting ENABLE_NOTIFY_EMAIL while you’re in there, then save and exit app.ini and then (assuming Docker) run a docker container restart [container_id] (available from docker ps).

Test emails can then be sent from the admin configuration settings as suggested here:

[solved] How to set up email registration Install/Maintain/Configure

You can also send a test email via the admin configuration settings page. [47%20PM]

If all went well you should receive an email within a few seconds.

High Tea: Gitea with Traefik

Mailgun SMTP times out

techknowlogick July 5, 2018, 11:54pm 2

You can also send a test email via the admin configuration settings page.

1 Like

anon74399538 October 18, 2018, 2:22pm 3

Email registration has been working well and I’ve had a number of users activate accounts. Since updating to to 1.5.2 I’ve seen a bunch of bots try and create accounts using various email addresses, some of which seem to be real given two users filed complaints (as reported by Mailgun):

Screen Shot 2018-10-18 at 10.25.08 PM.png2176×978 153 KB

Here’s what the spam accounts look like. I’ll find a way to bulk remove them later but none of them have activated so I’m not particularly concerned about them right now—just sharing for the benefit of others:

Screen Shot 2018-10-18 at 10.15.42 PM.png2880×1800 461 KB

1 Like

techknowlogick October 20, 2018, 8:43pm 4

@anon74399538 I know this is slightly off topic for this thread, but if you are concerned about being blocked from mailgun for sending email to these spammers you could use captcha (there is google recaptcha and just a plain built in system too that are options) to prevent these spammers.

1 Like

anon74399538 October 21, 2018, 8:31am 5

Good idea. A PoW-based tiny url might be useful too for accessibility and privacy compared to reCAPTCHA—which I’ve found to be sometimes unbearable gauntlet when using a socks5 proxy while browsing or traveling in SEA. Here’s a mirror which seems like a fun way to get some practice in with WireShark while taking some focus of the actual honey.

https://git.habd.as/comfusion/esp8266_honeypot

anon74399538 October 24, 2018, 9:38am 6

Also found this super useful feature today:

Screenshot_20181024_173304.jpg2159×1080 196 KB

Since none of the bots were able to activate their accounts I was able to purge about 160 of them with one click. As for where the bots came from who knows.

anon74399538 November 7, 2018, 7:52am 7

After three weeks of logging here are some observations about the email spam I’ve collected in case it’s useful for anyone. First, the last two days of logs (2 failures and 1 complaint) visualized:

Screen Shot 2018-11-07 at 3.24.34 PM.png2202×976 187 KB

Raw log data from Mailgun

Search logs
11/05/18 12:00 AM - 11/07/18 11:59 PM
Date/Time	Summary		

11/06/18 07:49 PM	Accepted: noreply@git.habd.as → claybro*****@hotmail.com ‘Please activate your account’		

11/06/18 07:02 PM	Accepted: noreply@git.habd.as → alexander.w.@gmail.com ‘Please activate your account’		

11/06/18 06:38 PM	Accepted: noreply@git.habd.as → tina@yahoo.com ‘Please activate your account’		

11/06/18 06:26 PM	Accepted: noreply@git.habd.as → j.neauxg*****@gmail.com ‘Please activate your account’		

11/06/18 06:14 PM	Accepted: noreply@git.habd.as → patelm*****@verizon.net ‘Please activate your account’		

11/06/18 06:02 PM	Accepted: noreply@git.habd.as → ji*****@yahoo.com ‘Please activate your account’		

11/06/18 05:49 PM	Accepted: noreply@git.habd.as → ar*****@gmail.com ‘Please activate your account’		

11/06/18 05:24 PM	Accepted: noreply@git.habd.as → midbrobobs*****@charter.net ‘Please activate your account’		

11/06/18 05:12 PM	Accepted: noreply@git.habd.as → lo*****@gmail.com ‘Please activate your account’		

11/06/18 04:59 PM	Accepted: noreply@git.habd.as → britneyj*****@yahoo.com ‘Please activate your account’		

11/06/18 04:47 PM	Accepted: noreply@git.habd.as → fashionis*****@hotmail.co.uk ‘Please activate your account’		

11/06/18 04:34 PM	Accepted: noreply@git.habd.as → p*****@gmail.com ‘Please activate your account’	

11/06/18 04:22 PM	Accepted: noreply@git.habd.as → rca*****@mac.com ‘Please activate your account’	

11/06/18 04:10 PM	Accepted: noreply@git.habd.as → mariansin*****@gmail.com ‘Please activate your account’	

11/06/18 03:57 PM	Accepted: noreply@git.habd.as → c*****@3bauto.co.uk ‘Please activate your account’	

11/06/18 03:45 PM	Accepted: noreply@git.habd.as → fratt*****@cox.net ‘Please activate your account’	

11/06/18 03:20 PM	Accepted: noreply@git.habd.as → eric*****@gmail.com ‘Please activate your account’	

11/06/18 03:08 PM	Accepted: noreply@git.habd.as → hamm*****@gmail.com ‘Please activate your account’	

11/06/18 02:55 PM	Accepted: noreply@git.habd.as → larry.co*****@verizon.net ‘Please activate your account’	

11/06/18 02:42 PM	Accepted: noreply@git.habd.as → christianmarg*****@gmail.com ‘Please activate your account’	

11/06/18 02:30 PM	Accepted: noreply@git.habd.as → clo*****@sbcglobal.net ‘Please activate your account’	

11/06/18 02:05 PM	Accepted: noreply@git.habd.as → christinabr*****@comcast.net ‘Please activate your account’	

11/06/18 01:40 PM	Accepted: noreply@git.habd.as → fran_ruben*****@yahoo.com ‘Please activate your account’	

11/06/18 01:28 PM	Accepted: noreply@git.habd.as → lbco*****@aol.com ‘Please activate your account’		

11/06/18 01:14 PM	Accepted: noreply@git.habd.as → courtneys*****@gmail.com ‘Please activate your account’		

11/06/18 12:35 PM	Accepted: noreply@git.habd.as → k*****@wilsonmgmt.com ‘Please activate your account’		

11/06/18 12:05 PM	Accepted: noreply@git.habd.as → bp*****@hotmail.com ‘Please activate your account’		

11/06/18 11:36 AM	Accepted: noreply@git.habd.as → dr*****@gmx.de ‘Please activate your account’		

11/06/18 11:07 AM	Accepted: noreply@git.habd.as → lilm*****@gmail.com ‘Please activate your account’		

11/06/18 10:38 AM	Accepted: noreply@git.habd.as → rams*****@aol.com ‘Please activate your account’		

11/06/18 10:08 AM	Accepted: noreply@git.habd.as → bmc*****@yahoo.com ‘Please activate your account’			

11/06/18 09:38 AM	Accepted: noreply@git.habd.as → patrickjswans*****@gmail.com ‘Please activate your account’		

11/06/18 09:08 AM	Accepted: noreply@git.habd.as → a*****@aol.com ‘Please activate your account’		

11/06/18 08:12 AM	Accepted: noreply@git.habd.as → ninan*****@naver.com ‘Please activate your account’		

11/06/18 07:44 AM	Accepted: noreply@git.habd.as → klaus.seng*****@gmx.de ‘Please activate your account’		

11/06/18 07:17 AM	Accepted: noreply@git.habd.as → ashley*****@yahoo.com ‘Please activate your account’	

11/06/18 06:55 AM	Retry limit reached. Dropped: noreply@git.habd.as → =?UTF-8?q?ta.storona.m.o.sta.rek*****@gmail.com=0d=0a?= ‘Please activate your account’ No MX for gmail.com=0d=0a?= Server response: 498 No MX for gmail.com=0d=0a?=		

11/06/18 06:51 AM	Accepted: noreply@git.habd.as → new*****@aol.com ‘Please activate your account’		

11/06/18 06:23 AM	Accepted: noreply@git.habd.as → ryanbr*****@yahoo.com ‘Please activate your account’		

11/06/18 05:56 AM	Accepted: noreply@git.habd.as → richardwalterjo*****@yahoo.com ‘Please activate your account’				

11/06/18 05:28 AM	Accepted: noreply@git.habd.as → heathersantosre*****@gmail.com ‘Please activate your account’		

11/06/18 04:35 AM	Accepted: noreply@git.habd.as → big_lunk_co*****@yahoo.com ‘Please activate your account’		

11/06/18 04:10 AM	Accepted: noreply@git.habd.as → mailr*****@yahoo.com ‘Please activate your account’			

11/06/18 03:20 AM	Accepted: noreply@git.habd.as → su*****@livemaster.ru ‘Please activate your account’	

11/06/18 02:29 AM	Accepted: noreply@git.habd.as → mike.@me.com ‘Please activate your account’		

11/06/18 02:05 AM	Accepted: noreply@git.habd.as → gyn@aol.com ‘Please activate your account’		

11/06/18 02:05 AM	Accepted: noreply@git.habd.as → m*****@brandongiesing.com ‘[after-dark] Web Mining (#7)’	

11/06/18 01:42 AM	Accepted: noreply@git.habd.as → aric*****@yahoo.com ‘Please activate your account’	

11/06/18 12:56 AM	Accepted: noreply@git.habd.as → j*****@dotweekly.com ‘Please activate your account’	

11/05/18 11:47 PM	Accepted: noreply@git.habd.as → kvz*****@yahoo.com ‘Please activate your account’	

11/05/18 07:51 PM	Accepted: noreply@git.habd.as → vul*****@aol.com ‘Please activate your account’	

11/05/18 07:06 PM	Accepted: noreply@git.habd.as → alicia*****@alumni.shu.edu ‘Please activate your account’	

11/05/18 07:00 PM	Accepted: noreply@git.habd.as → =?UTF-8?q?ta.storona.m.o.sta.rek*****@gmail.com=0d=0a?= ‘Please activate your account’	

11/05/18 06:44 PM	Accepted: noreply@git.habd.as → ndgo*****@mac.com ‘Please activate your account’	

11/05/18 06:21 PM	Accepted: noreply@git.habd.as → jlt*****@verizon.net ‘Please activate your account’	

11/05/18 05:58 PM	Accepted: noreply@git.habd.as → leonardo.la*****@yahoo.com ‘Please activate your account’	

11/05/18 05:35 PM	Accepted: noreply@git.habd.as → wallm*****@yahoo.com ‘Please activate your account’	

11/05/18 05:14 PM	Accepted: noreply@git.habd.as → c*****@gmail.com ‘Please activate your account’	

11/05/18 04:53 PM	Accepted: noreply@git.habd.as → coffi*****@comcast.net ‘Please activate your account’	

11/05/18 04:10 PM	Accepted: noreply@git.habd.as → ricerocke*****@yahoo.com ‘Please activate your account’	

11/05/18 03:49 PM	Accepted: noreply@git.habd.as → betsya*****@hotmail.com ‘Please activate your account’	

11/05/18 03:08 PM	Accepted: noreply@git.habd.as → lcaro*****@yahoo.com ‘Please activate your account’	

11/05/18 02:48 PM	Accepted: noreply@git.habd.as → ali*****@comcast.net ‘Please activate your account’	

11/05/18 02:28 PM	Accepted: noreply@git.habd.as → david_te*****@hotmail.com ‘Please activate your account’	

11/05/18 02:07 PM	Accepted: noreply@git.habd.as → rebeccahop*****@gmail.com ‘Please activate your account’	

11/05/18 01:45 PM	Accepted: noreply@git.habd.as → patelm*****@verizon.net ‘Please activate your account’	

11/05/18 01:24 PM	Accepted: noreply@git.habd.as → jennya*****@yahoo.com ‘Please activate your account’	

11/05/18 01:01 PM	Complained: mpreal@comcast.net ‘Please activate your account’		

11/05/18 12:41 PM	Accepted: noreply@git.habd.as → clyn*****@gmail.com ‘Please activate your account’		

11/05/18 12:20 PM	Accepted: noreply@git.habd.as → socale*****@gmail.com ‘Please activate your account’		

11/05/18 11:39 AM	Accepted: noreply@git.habd.as → mpreal@comcast.net ‘Please activate your account’			

11/05/18 10:33 AM	Accepted: noreply@git.habd.as → mar*****@hotmail.com ‘Please activate your account’	

11/05/18 10:13 AM	Accepted: noreply@git.habd.as → julieblak*****@btinternet.com ‘Please activate your account’		

11/05/18 09:51 AM	Accepted: noreply@git.habd.as → ssd*****@comcast.net ‘Please activate your account’			

11/05/18 09:31 AM	Accepted: noreply@git.habd.as → email_twice_bl*****@yahoo.com ‘Please activate your account’			

11/05/18 09:10 AM	Accepted: noreply@git.habd.as → mercedes.bau*****@gmail.com ‘Please activate your account’			

11/05/18 08:49 AM	Accepted: noreply@git.habd.as → cavy*****@gmail.com ‘Please activate your account’			

11/05/18 08:28 AM	Accepted: noreply@git.habd.as → danfan*****@gmail.com ‘Please activate your account’		

11/05/18 08:08 AM	Accepted: noreply@git.habd.as → marshaepe*****@comcast.net ‘Please activate your account’				

11/05/18 07:49 AM	Accepted: noreply@git.habd.as → charlesto*****@gmail.com ‘Please activate your account’			

11/05/18 07:28 AM	Accepted: noreply@git.habd.as → kri*****@gmail.com ‘Please activate your account’			

11/05/18 07:08 AM	Accepted: noreply@git.habd.as → djoyfalbe*****@gmail.com ‘Please activate your account’		

11/05/18 05:35 AM	Accepted: noreply@git.habd.as → emymai*****@gmail.com ‘Please activate your account’			

11/05/18 05:17 AM	Accepted: noreply@git.habd.as → debbiecleav*****@gmail.com ‘Please activate your account’	

11/05/18 04:03 AM	Accepted: noreply@git.habd.as → norman*****@icloud.com ‘Please activate your account’	

11/05/18 03:44 AM	Accepted: noreply@git.habd.as → kall*****@yahoo.de ‘Please activate your account’	

11/05/18 03:07 AM	Accepted: noreply@git.habd.as → m*****@brandongiesing.com ‘[after-dark] Web Mining (#7)’	

11/05/18 03:06 AM	Accepted: noreply@git.habd.as → catwiesel-an*****@web.de ‘Please activate your account’	

11/05/18 02:10 AM	Accepted: noreply@git.habd.as → jarrod*****@gmail.com ‘Please activate your account’

Parsing the logs the only thing that popped out at me was:

11/05/18 01:01 PM	Complained: mpreal@comcast.net 'Please activate your account'

Which I found on a blacklist here with a mention of WordPress: https://cleantalk.org/blacklists/mpreal@comcast.net

So far all spam accounts use the “SatGuach” postfix in their name.

anon74399538 January 2, 2019, 10:03am 9

Regarding the removal of unactivated accounts via the Admin Dashboard, I’ve observed as least some of the offending users were not removed as they were activated as shown here:

This seems to suggest the bots may now be following email activation links. And while I understand reCAPTCHA was added with the 1.6.0 release I have expressed some of my concerns on using it.

anon74399538 February 10, 2019, 6:15am 10

SatGuach fell out of favor, at least on https://git.habd.as and the new faux users are now using the “Ploms” suffix, as shown here. As like the prior, running a Delete all unactivated accounts from admin Maintenance Operations will typically purge these users.

Screen Shot 2019-02-10 at 2.11.18 PM.png2256×752 87.7 KB

And while I respect the authors of Gitea for providing a CAPTCHA option, I still do not feel using reCAPTCHA is a good approach for those with well wishes for the privacy of their users.

cim February 11, 2019, 12:37pm 11

Can someone help me with this? I have Gitea with MySQL in docker containers and the mailer times out when sending out test emails.

[mailer]
ENABLED = true
USE_SENDMAIL = false
HOST    = smtp.mailgun.org:587
FROM    = no-reply@domain.tld
USER    = postmaster@git.domain.tld
PASSWD  = 'password-has-special-chars'

# nginx error log
2019/02/11 04:36:33 [error] 19682#0: *11322 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 73.66.xxx.xxx, server: git.domain.tld, request: "POST /admin/config/test_mail HTTP/2.0", upstream: "http://127.0.0.1:3000/admin/config/test_mail", host: "git.domain.tld", referrer: "https://git.domain.tld/serviceworker.js"

techknowlogick February 14, 2019, 9:35pm 12

@anon74399538 there is a non-reCAPTCHA CAPTCHA system provided by Gitea as well. (look at CAPTCHA_TYPE setting in docs)

1 Like

techknowlogick February 14, 2019, 9:37pm 13

Just adding this in as a note for others coming from Google or otherwise, @cim’s problem was solved as their host had blocked the email port, and once unblocked everything was solved.