Helo command rejected: need fully-qualified hostname

[piotr-sikora-v]

Hello I have just created new instance of Keila in docker stack. I try to configure system mailer, but when it try to send via my mailcow instance I see error on postfix: Apr 2 13:15:20 51912cd08cdb postfix/smtpd[478774]: NOQUEUE: reject: RCPT from krk1.ftdl.pl[195.117.15.33]: 504 5.5.2 : Helo command rejected: need fully-qualified hostname; from=xxxx@ftdl.pl to=xxxxx@gmail.com proto=ESMTP helo=

EDIT: same configuration in "Senders" work perfect.

[wmnnd]

Hey, thanks for reporting this. This is stange … but it seems like it might be a configuration problem on your email server or with your system sender. Did you maybe use the IP instead of the FQDN for your system mailer?

[piotr-sikora-v]

I use "mailcow" ... this is all-in-one docker solution https://github.com/mailcow/mailcow-dockerized, and I use this for many software and there is no problems... also when I configured same settings as "Senders" in Keila and send campaning it works. Only problem is in registration and send password reset.

I use Keila in docker... so I don't configure system mailer. Maybe I forgot some env?

Here is all my docker env from docker-compose.yaml:

services:
  keila:
    image: pentacent/keila:latest
    depends_on:
      - postgres
    environment:
      SECRET_KEY_BASE: "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"
      DB_URL: "postgres://postgres:postgres@postgres/postgres"
      URL_HOST: "xxxxxxxxxxxxxxx"
      URL_SCHEMA: "https"
      MAILER_SMTP_HOST: "poczta.ftdl.pl"
      MAILER_SMTP_USER: "xxxxxxxxxxxxxxx@ftdl.pl"
      MAILER_SMTP_PASSWORD: "xxxxxxxxxxxxxxxx"
      KEILA_USER: "vvvvvvvvvvvvv@ftdl.pl"

      DISABLE_REGISTRATION: "false"
      SECRET_KEY_BASE: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
      USER_CONTENT_DIR: "/uploads"

[wmnnd]

Could you try also setting MAILER_SMTP_PORT and MAILER_SMTP_FROM_EMAIL?

[piotr-sikora-v]

same problem.

This is log from keila conteiner:

12:33:14.455 [warning] hCaptcha not configured.,
Keila will fall back to using hCaptcha’s staging configuration.,
,
To configure hCaptcha, use the following environment variables:,
,
- HCAPTCHA_SITE_KEY,
- HCAPTCHA_SECRET_KEY,
- HCAPTCHA_URL (defaults to https://hcaptcha.com/siteverify),
,
12:33:14.456 [warning] You have not configured a Hashid salt. Defaulting to,
:crypto.hash(:sha256, SECRET_KEY_BASE <> "hashid_salt") |> Base.url_encode64(),
,
12:33:14.457 [warning] You have not configured a separate URL for untrusted content uploaded by,
users.,
,
If you serve user uploads on a different domain, you can set,
USER_CONTENT_BASE_URL,
,
12:33:14.804 [info] Migrations already up,
12:33:14.971 [info] Database already populated, not populating database.,
12:33:15.763 [info] Running KeilaWeb.Endpoint with cowboy 2.9.0 at 0.0.0.0:4000 (http),
12:33:15.768 [info] Access KeilaWeb.Endpoint at https://xxxxxxxx,
12:33:18.862 [info] tzdata release in place is from a file last modified Fri, 22 Oct 2021 02:20:47 GMT. Release file on server was last modified Tue, 28 Mar 2023 20:25:39 GMT.,
12:33:21.302 [info] Tzdata has updated the release from 2021e to 2023c,
12:33:23.616 request_id=F1JsxNWo0YHb12kAABvB [info] GET /,
12:33:23.640 request_id=F1JsxNWo0YHb12kAABvB [info] Sent 302 in 23ms,
12:33:23.647 request_id=F1JsxNd4XMdpFKYAABxB [info] GET /auth/login,
12:33:23.651 request_id=F1JsxNd4XMdpFKYAABxB [info] Sent 200 in 4ms,
12:33:27.528 request_id=F1Jsxb7O9c7CLQoAAByB [info] GET /auth/reset,
12:33:27.532 request_id=F1Jsxb7O9c7CLQoAAByB [info] Sent 200 in 4ms,
12:33:32.132 request_id=F1JsxtE7xuJVLAAAABzB [info] POST /auth/reset,
12:33:36.012 request_id=F1JsxtE7xuJVLAAAABzB [warning] Description: 'Server authenticity is not verified since certificate path validation is not enabled',
     Reason: 'The option {verify, verify_peer} and one of the options \'cacertfile\' or \'cacerts\' are required to enable this.',
,
12:33:36.095 request_id=F1JsxtE7xuJVLAAAABzB [info] Sent 500 in 3963ms,
12:33:36.096 [error] #PID<0.2637.0> running KeilaWeb.Endpoint (connection #PID<0.2629.0>, stream id 8) terminated,
Server: keila.ftdl.pl:80 (http),
Request: POST /auth/reset,
** (exit) an exception was raised:,
    ** (Swoosh.DeliveryError) delivery error: {:send, {:permanent_failure, '195.117.15.104', "504 5.5.2 <62d6dee7e1b8>: Helo command rejected: need fully-qualified hostname\r\n"}},
        (keila 0.11.2) lib/keila/mailer.ex:2: Keila.Mailer.deliver!/2,
        (keila 0.11.2) lib/keila/auth/auth.ex:630: Keila.Auth.send_password_reset_link/2,
        (keila 0.11.2) lib/keila_web/controllers/auth_controller.ex:110: KeilaWeb.AuthController.post_reset/2,
        (keila 0.11.2) lib/keila_web/controllers/auth_controller.ex:1: KeilaWeb.AuthController.action/2,
        (keila 0.11.2) lib/keila_web/controllers/auth_controller.ex:1: KeilaWeb.AuthController.phoenix_controller_pipeline/2,
        (phoenix 1.6.11) lib/phoenix/router.ex:354: Phoenix.Router.__call__/2,
        (keila 0.11.2) lib/keila_web/endpoint.ex:1: KeilaWeb.Endpoint.plug_builder_call/2,
        (keila 0.11.2) lib/keila_web/endpoint.ex:1: KeilaWeb.Endpoint.call/2,

[wmnnd]

I’m afraid I think there is an issue with your server’s DNS configuration then. One last thing to try and debug if this might be an issue with Keila would be to connect to the Keila console and run the following command:

Connect to the console: /opt/app/bin/keila remote

Inspect the mailer config: Application.get_env(:keila, Keila.Mailer)

[piotr-sikora-v]

It can be... but it's docker, so default hostname is random. I changed now to my reverse IP and I have new error:

        (keila 0.11.2) lib/keila_web/controllers/auth_controller.ex:1: KeilaWeb.AuthController.action/2,
     Reason: 'The option {verify, verify_peer} and one of the options \'cacertfile\' or \'cacerts\' are required to enable this.',
13:23:31.451 request_id=F1JvgSaFn6PyA7cAABvB [info] POST /auth/reset,
13:23:31.616 request_id=F1JvgSaFn6PyA7cAABvB [warning] Description: 'Server authenticity is not verified since certificate path validation is not enabled',
13:23:32.565 request_id=F1JvgSaFn6PyA7cAABvB [info] Sent 500 in 1114ms,
13:23:32.566 [error] #PID<0.2625.0> running KeilaWeb.Endpoint (connection #PID<0.2624.0>, stream id 1) terminated,
Server: keila.ftdl.pl:80 (http),
Request: POST /auth/reset,
** (exit) an exception was raised:,
    ** (Swoosh.DeliveryError) delivery error: {:send, {:permanent_failure, '195.117.15.104', "554 5.7.1 This message does not meet our delivery requirements\r\n"}},
        (keila 0.11.2) lib/keila/mailer.ex:2: Keila.Mailer.deliver!/2,
        (keila 0.11.2) lib/keila/auth/auth.ex:630: Keila.Auth.send_password_reset_link/2,
        (keila 0.11.2) lib/keila_web/controllers/auth_controller.ex:110: KeilaWeb.AuthController.post_reset/2,
        (keila 0.11.2) lib/keila_web/controllers/auth_controller.ex:1: KeilaWeb.AuthController.phoenix_controller_pipeline/2,
        (phoenix 1.6.11) lib/phoenix/router.ex:354: Phoenix.Router.__call__/2,
        (keila 0.11.2) lib/keila_web/endpoint.ex:1: KeilaWeb.Endpoint.call/2,
        (keila 0.11.2) lib/keila_web/endpoint.ex:1: KeilaWeb.Endpoint.plug_builder_call/2,
13:23:32.582 [info] Tzdata has updated the release from 2021e to 2023c

Output from mailer config:

/opt/app # /opt/app/bin/keila remote
Erlang/OTP 25 [erts-13.1.3] [source] [64-bit] [smp:24:1] [ds:24:1:10] [async-threads:1] [jit]

Interactive Elixir (1.14.3) - press Ctrl+C to exit (type h() ENTER for help)
iex(keila@c5b6f20c65a3)1> Application.get_env(:keila, Keila.Mailer)
[
  adapter: Swoosh.Adapters.SMTP,
  relay: "poczta.ftdl.pl",
  username: "aaaa@ftdl.pl",
  password: "xxxxxxxxx",
  from_email: "aaaa@ftdl.pl"
]
iex(keila@c5b6f20c65a3)2> 

Still for me is intresting that is working with campaning using same smtp :)

[wmnnd]

The output looks like MAILER_SMTP_PORT is still missing, though.

[piotr-sikora-v]

@wmnnd Thanks! :) I make a typeo in MAILER_SMTP_PORT. ... after setting it to 587 everything work.

And now I can remove hostname parameter from docker-compose sercive :)