Feature #21456
openSwitching to SMTP for outgoing email
0%
Description
Following up on our conversation last week, we need to make a decision about how outgoing email will be sent in the Reclaim environment. I see three options:
1. Continue to send email using PHP and the system mail program
2. Use a transactional provider
3. Use SMTP
Items 1 and 2 both require MX DNS changes. Option 1 will require special vigilance, since Reclaim IP addresses will be sending cuny.edu email (presumably transactional providers are more used to setting this sort of thing up). Option 2 also costs money.
So I think that option 3 is probably the best. Emails will continue to be sent through the Graduate Center, so there should be no DNS changes, and there should be no additional spam problems. The one hitch is that we'll need an email account that can be used for this purpose. We already have commons@gc.cuny.edu, but it's already in use for other purposes. We also have a gmail account we use for inbound RBE, but this is not a gc.cuny.edu account, so it will face spam issues. So I think we'll need to request a new account. Then we need to decide which WP plugin to use - there's a number of them that would probably be fine.
Reclaim's team has also recommended SMTP, for what it's worth.
Ray, can you think about the reasoning above and let me know whether it seems right? If so, what are our next steps?
Related issues
Updated by Raymond Hoh 23 days ago
Option 3, SMTP, seems to be the path of least resistance. I guess the next step is to see whether we can get another @gc.cuny.edu
email address for use with Reclaim. Are @gc.cuny.edu
email addresses provisioned the same way as CUNYFirst? If so, we might run into problems with having to change the password every 180 days according to the following document: https://www.gc.cuny.edu/sites/default/files/2022-02/Microsoft-Modern-Authentication_1.pdf (see point 8).
Updated by Boone Gorges 20 days ago
Colin and Matt, a reminder that we should probably decide in advance what specific inbox we'll be asking for. It could be something quasi-technical like commons-sender@gc.cuny.edu
. Or something more detailed than the existing commons
, like cunyacademiccommons@gc.cuny.edu
.
A side note that I just had to have a conversation with the IT department at another organization about this very issue. They use Office 365 for email, and they use account delegation to grant access to organizational email addresses. As such, they don't hand out SMTP credentials for those accounts. I don't know if this is a technical issue or a policy one, but it's possible we'll get a similar answer from the Graduate Center.
Updated by Matt Gold 19 days ago
Hi Boone -- yes, you're right. As far as I know, GC IT discontinued SMTP access for email when it switched to Office365. I'm happy to ask to confirm, though, and I don't think it would be a big deal politically to ask the question. Let me know whether you want me to ask.
Updated by Boone Gorges 19 days ago
Hi Boone -- yes, you're right. As far as I know, GC IT discontinued SMTP access for email when it switched to Office365.
They discontinued SMTP access for delegated accounts, not for all accounts, right? The latter would be a much harder problem. In any case, yes, please go ahead and put in the request.
Updated by Boone Gorges 2 days ago
IT has set up our SMTP account and shared the credentials with me. The account is cuny-academic-commons@gc.cuny.edu.
In https://github.com/cuny-academic-commons/cac/commit/a8024fa9f93eeff976e0ac45a29115dc8c78d7a7 I added the wp-mail-smtp plugin. To configure it, the following goes in cac-env-config.php:
define( 'WPMS_ON', true ); define( 'WPMS_MAIL_FROM', 'cuny-academic-commons@gc.cuny.edu' ); define( 'WPMS_SMTP_HOST', 'relayauth.gc.cuny.edu' ); define( 'WPMS_SMTP_PORT', 587 ); define( 'WPMS_SSL', '' ); define( 'WPMS_SMTP_AUTOTLS', true ); define( 'WPMS_SMTP_AUTH', true ); define( 'WPMS_SMTP_USER', 'commonsmail.svc' ); define( 'WPMS_SMTP_PASS', ENTER PASSWORD HERE ); define( 'WPMS_MAILER', 'smtp' ); define( 'WPMS_MAIL_FROM_FORCE', true ); // GC SMTP will refuse to send emails from other addresses
I've got the password privately saved and I'll set it up when I'm ready to deploy to the new production site.
With this change, our old commons-not-reply Sender address will go away. This is necessary, because as a security precaution, the SMTP account is set up to send emails only with the Sender address of cuny-academic-commons@gc.cuny.edu
. I've removed this in https://github.com/cuny-academic-commons/cac/commit/93504fee415b26ee1c0166f8983937402422f175. I don't believe that these changes have any effect on Reply-To addresses, but this will need testing, especially in the context of RBE.
Ray, can you think about how RBE ties into this? I know you mentioned that now would be a good time to switch for incoming-mode. Perhaps you could start a new ticket, referencing this one so that we can coordinate, where you lay out the steps that need to be taken?
Updated by Raymond Hoh about 3 hours ago
- Related to Bug #16177: Switch to Inbound mode for RBE added
Updated by Raymond Hoh about 3 hours ago
Ray, can you think about how RBE ties into this?
I don't anticipate issues with WP Email SMTP. I've used RBE with basic PHPMailer SMTP settings and it worked, but I'll do some local testing with WP Email SMTP to be sure.
I know you mentioned that now would be a good time to switch for incoming-mode. Perhaps you could start a new ticket, referencing this one so that we can coordinate, where you lay out the steps that need to be taken?
I've already set up a ticket for this -- #16177. Basically, what needs to be done next is to set up an auto-replier in our existing GMail IMAP account and then in the RBE admin settings page in WordPress, switch from IMAP mode to Inbound mode. I'll ping both you and Colin to proofread the copy for the auto-replier I have so far and then we can move forward.