diff --git a/src/docs/user/configuration/configuring_outbound_email.diviner b/src/docs/user/configuration/configuring_outbound_email.diviner index b8b3835e18..4d18ba0eb2 100644 --- a/src/docs/user/configuration/configuring_outbound_email.diviner +++ b/src/docs/user/configuration/configuring_outbound_email.diviner @@ -1,353 +1,441 @@ @title Configuring Outbound Email @group config -Instructions for configuring Phabricator to send mail. +Instructions for configuring Phabricator to send email and other types of +messages, like text messages. Overview ======== -Phabricator can send outbound email through several different mail services, +Phabricator sends outbound messages through "mailers". Most mailers send +email and most messages are email messages, but mailers may also send other +types of messages (like text messages). + +Phabricator can send outbound messages through multiple different mailers, including a local mailer or various third-party services. Options include: -| Send Mail With | Setup | Cost | Inbound | Notes | -|---------|-------|------|---------|-------| -| Postmark | Easy | Cheap | Yes | Recommended | -| Mailgun | Easy | Cheap | Yes | Recommended | -| Amazon SES | Easy | Cheap | No | Recommended | -| SendGrid | Medium | Cheap | Yes | Discouraged | -| External SMTP | Medium | Varies | No | Gmail, etc. | -| Local SMTP | Hard | Free | No | sendmail, postfix, etc | -| Custom | Hard | Free | No | Write a custom mailer for some other service. | -| Drop in a Hole | Easy | Free | No | Drops mail in a deep, dark hole. | +| Send Mail With | Setup | Cost | Inbound | Media | Notes | +|----------------|-------|------|---------|-------|-------| +| Postmark | Easy | Cheap | Yes | Email | Recommended | +| Mailgun | Easy | Cheap | Yes | Email | Recommended | +| Amazon SES | Easy | Cheap | No | Email | | +| SendGrid | Medium | Cheap | Yes | Email | | +| Twilio | Easy | Cheap | No | SMS | Recommended | +| Amazon SNS | Easy | Cheap | No | SMS | Recommended | +| External SMTP | Medium | Varies | No | Email | Gmail, etc. | +| Local SMTP | Hard | Free | No | Email | sendmail, postfix, etc | +| Custom | Hard | Free | No | All | Write a custom mailer. | +| Drop in a Hole | Easy | Free | No | All | Drops mail in a deep, dark hole. | See below for details on how to select and configure mail delivery for each mailer. -Overall, Postmark and Mailgun are much easier to set up, and using one of them -is recommended. Both will also let you set up inbound email easily. +For email, Postmark or Mailgun are recommended because they make it easy to +set up inbound and outbound mail and have good track records in our production +services. Other services will also generally work well, but they may be more +difficult to set up. + +For SMS, Twilio or SNS are recommended. They're also your only upstream +options. -If you have some internal mail service you'd like to use you can also write a -custom mailer, but this requires digging into the code. +If you have some internal mail or messaging service you'd like to use you can +also write a custom mailer, but this requires digging into the code. Phabricator sends mail in the background, so the daemons need to be running for it to be able to deliver mail. You should receive setup warnings if they are not. For more information on using daemons, see @{article:Managing Daemons with phd}. Basics ====== Before configuring outbound mail, you should first set up `metamta.default-address` in Configuration. This determines where mail is sent "From" by default. If your domain is `example.org`, set this to something like `noreply@example.org`. Ideally, this should be a valid, deliverable address that doesn't bounce if users accidentally send mail to it. Configuring Mailers =================== Configure one or more mailers by listing them in the the `cluster.mailers` configuration option. Most installs only need to configure one mailer, but you can configure multiple mailers to provide greater availability in the event of a service disruption. A valid `cluster.mailers` configuration looks something like this: ```lang=json [ { "key": "mycompany-mailgun", "type": "mailgun", "options": { "domain": "mycompany.com", "api-key": "..." } }, ... ] ``` The supported keys for each mailer are: - `key`: Required string. A unique name for this mailer. - `type`: Required string. Identifies the type of mailer. See below for options. - `priority`: Optional string. Advanced option which controls load balancing and failover behavior. See below for details. - `options`: Optional map. Additional options for the mailer type. - `inbound`: Optional bool. Use `false` to prevent this mailer from being used to receive inbound mail. - `outbound`: Optional bool. Use `false` to prevent this mailer from being used to send outbound mail. - `media`: Optional list. Some mailers support delivering multiple types of messages (like Email and SMS). If you want to configure a mailer to support only a subset of possible message types, list only those message types. Normally, you do not need to configure this. See below for a list of media types. -The `type` field can be used to select these third-party mailers: +The `type` field can be used to select these mailer services: - `mailgun`: Use Mailgun. - `ses`: Use Amazon SES. - `sendgrid`: Use SendGrid. - `postmark`: Use Postmark. - - `sns`: Use Amazon SNS (only for sending SMS messages). + - `twilio`: Use Twilio. + - `sns`: Use Amazon SNS. It also supports these local mailers: - `sendmail`: Use the local `sendmail` binary. - `smtp`: Connect directly to an SMTP server. - `test`: Internal mailer for testing. Does not send mail. You can also write your own mailer by extending `PhabricatorMailAdapter`. The `media` field supports these values: - `email`: Configure this mailer for email. - `sms`: Configure this mailer for SMS. Once you've selected a mailer, find the corresponding section below for instructions on configuring it. Setting Complex Configuration ============================= Mailers can not be edited from the web UI. If mailers could be edited from the web UI, it would give an attacker who compromised an administrator account a lot of power: they could redirect mail to a server they control and then intercept mail for any other account, including password reset mail. For more information about locked configuration options, see @{article:Configuration Guide: Locked and Hidden Configuration}. Setting `cluster.mailers` from the command line using `bin/config set` can be tricky because of shell escaping. The easiest way to do it is to use the `--stdin` flag. First, put your desired configuration in a file like this: ```lang=json, name=mailers.json [ { "key": "test-mailer", "type": "test" } ] ``` Then set the value like this: ``` phabricator/ $ ./bin/config set --stdin cluster.mailers < mailers.json ``` For alternatives and more information on configuration, see @{article:Configuration User Guide: Advanced Configuration} Mailer: Postmark ================ +| Media | Email +|---------| +| Inbound | Yes +|---------| + + Postmark is a third-party email delivery service. You can learn more at . To use this mailer, set `type` to `postmark`, then configure these `options`: - `access-token`: Required string. Your Postmark access token. - `inbound-addresses`: Optional list. Address ranges which you will accept inbound Postmark HTTP webook requests from. The default address list is preconfigured with Postmark's address range, so you generally will not need to set or adjust it. The option accepts a list of CIDR ranges, like `1.2.3.4/16` (IPv4) or `::ffff:0:0/96` (IPv6). The default ranges are: ```lang=json [ "50.31.156.6/32", "50.31.156.77/32", "18.217.206.57/32" ] ``` The default address ranges were last updated in January 2019, and were documented at: Mailer: Mailgun =============== +| Media | Email +|---------| +| Inbound | Yes +|---------| + Mailgun is a third-party email delivery service. You can learn more at -. Mailgun is easy to configure and works well. +. Mailgun is easy to configure and works well. To use this mailer, set `type` to `mailgun`, then configure these `options`: - `api-key`: Required string. Your Mailgun API key. - `domain`: Required string. Your Mailgun domain. Mailer: Amazon SES ================== +| Media | Email +|---------| +| Inbound | No +|---------| + Amazon SES is Amazon's cloud email service. You can learn more at -. +. To use this mailer, set `type` to `ses`, then configure these `options`: - `access-key`: Required string. Your Amazon SES access key. - `secret-key`: Required string. Your Amazon SES secret key. - `endpoint`: Required string. Your Amazon SES endpoint. NOTE: Amazon SES **requires you to verify your "From" address**. Configure which "From" address to use by setting `metamta.default-address` in your config, then follow the Amazon SES verification process to verify it. You won't be able to send email until you do this! +Mailer: Twilio +================== + +| Media | SMS +|---------| +| Inbound | No +|---------| + +Twilio is a third-party notification service. You can learn more at +. + + +To use this mailer, set `type` to `twilio`, then configure these options: + + - `account-sid`: Your Twilio Account SID. + - `auth-token`: Your Twilio Auth Token. + - `from-number`: Number to send text messages from, in E.164 format + (like `+15551237890`). + Mailer: Amazon SNS ================== +| Media | SMS +|---------| +| Inbound | No +|---------| + + Amazon SNS is Amazon's cloud notification service. You can learn more at -. Note that this mailer is only able to send +. Note that this mailer is only able to send SMS messages, not emails. -To use this mailer, set `type` to `sns`, then configure the options similarly -to the SES configuration above. +To use this mailer, set `type` to `sns`, then configure these options: + + - `access-key`: Required string. Your Amazon SNS access key. + - `secret-key`: Required string. Your Amazon SNS secret key. + - `endpoint`: Required string. Your Amazon SNS endpoint. + - `region`: Required string. Your Amazon SNS region. + +You can find the correct `region` value for your endpoint in the SNS +documentation. Mailer: SendGrid ================ +| Media | Email +|---------| +| Inbound | Yes +|---------| + SendGrid is a third-party email delivery service. You can learn more at -. +. You can configure SendGrid in two ways: you can send via SMTP or via the REST API. To use SMTP, configure Phabricator to use an `smtp` mailer. To use the REST API mailer, set `type` to `sendgrid`, then configure these `options`: - `api-key`: Required string. Your SendGrid API key. Older versions of the SendGrid API used different sets of credentials, including an "API User". Make sure you're configuring your "API Key". Mailer: Sendmail ================ +| Media | Email +|---------| +| Inbound | Requires Configuration +|---------| + + This requires a `sendmail` binary to be installed on the system. Most MTAs -(e.g., sendmail, qmail, postfix) should do this, but your machine may not have -one installed by default. For install instructions, consult the documentation -for your favorite MTA. +(e.g., sendmail, qmail, postfix) should install one for you, but your machine +may not have one installed by default. For install instructions, consult the +documentation for your favorite MTA. Since you'll be sending the mail yourself, you are subject to things like SPF rules, blackholes, and MTA configuration which are beyond the scope of this document. If you can already send outbound email from the command line or know how to configure it, this option is straightforward. If you have no idea how to do any of this, strongly consider using Postmark or Mailgun instead. To use this mailer, set `type` to `sendmail`. There are no `options` to configure. Mailer: SMTP ============ +| Media | Email +|---------| +| Inbound | Requires Configuration +|---------| + You can use this adapter to send mail via an external SMTP server, like Gmail. To use this mailer, set `type` to `smtp`, then configure these `options`: - `host`: Required string. The hostname of your SMTP server. - `port`: Optional int. The port to connect to on your SMTP server. - `user`: Optional string. Username used for authentication. - `password`: Optional string. Password for authentication. - `protocol`: Optional string. Set to `tls` or `ssl` if necessary. Use `ssl` for Gmail. Disable Mail ============ -To disable mail, just don't configure any mailers. +| Media | All +|---------| +| Inbound | No +|---------| + + +To disable mail, just don't configure any mailers. (You can safely ignore the +setup warning reminding you to set up mailers if you don't plan to configure +any.) Testing and Debugging Outbound Email ==================================== You can use the `bin/mail` utility to test, debug, and examine outbound mail. In particular: phabricator/ $ ./bin/mail list-outbound # List outbound mail. phabricator/ $ ./bin/mail show-outbound # Show details about messages. phabricator/ $ ./bin/mail send-test # Send test messages. Run `bin/mail help ` for more help on using these commands. +By default, `bin/mail send-test` sends email messages, but you can use +the `--type` flag to send different types of messages. + You can monitor daemons using the Daemon Console (`/daemon/`, or click **Daemon Console** from the homepage). Priorities ========== By default, Phabricator will try each mailer in order: it will try the first mailer first. If that fails (for example, because the service is not available at the moment) it will try the second mailer, and so on. If you want to load balance between multiple mailers instead of using one as a primary, you can set `priority`. Phabricator will start with mailers in the highest priority group and go through them randomly, then fall back to the next group. For example, if you have two SMTP servers and you want to balance requests between them and then fall back to Mailgun if both fail, configure priorities like this: ```lang=json [ { "key": "smtp-uswest", "type": "smtp", "priority": 300, "options": "..." }, { "key": "smtp-useast", "type": "smtp", "priority": 300, "options": "..." }, { "key": "mailgun-fallback", "type": "mailgun", "options": "..." } } ``` Phabricator will start with servers in the highest priority group (the group with the **largest** `priority` number). In this example, the highest group is `300`, which has the two SMTP servers. They'll be tried in random order first. If both fail, Phabricator will move on to the next priority group. In this example, there are no other priority groups. If it still hasn't sent the mail, Phabricator will try servers which are not in any priority group, in the configured order. In this example there is only one such server, so it will try to send via Mailgun. Next Steps ========== Continue by: - @{article:Configuring Inbound Email} so users can reply to email they receive about revisions and tasks to interact with them; or - learning about daemons with @{article:Managing Daemons with phd}; or - returning to the @{article:Configuration Guide}.