mail__from environment variable ignored or overridden

[gemorgan]

Issue Summary

When self-hosting in docker, using the mail__from environment variable is ignored or overridden by Ghost when sending transactional (and probably newsletter) email. The system seems to automatically generate the from address using "noreply" string plus the domain string. When Ghost is self hosted on the same domain as the email server but using a subdomain, then the auto-generated email address is wrong and members cannot sign up or in.

Steps to Reproduce

1. Instantiate site using docker within a reversed proxied network via subdomains (https://ghost.mydomain.com). Be sure to include --env mail__from=[email protected]), Note: mail__options__auth__user must be [email protected] in order to log in.
2. Host email server on same domain (mx.mydomain.com)
3. Create email account for transactional SMTP ([email protected] or [email protected])
4. Finish install, site setup...
5. Try to subscribe any member or use admin to create a member and subsequently try to log in...
6. SMTP login is fine with mail__options__auth__user account, but mail logs show email was generated and attempted to be sent as [email protected] (added the ghost subdomain)
7. Further exploring by setting mail__from=[email protected] shows the email is still attempted to be sent from [email protected] implying that mail__from is not being honored.

UPDATE: I just added a bind mount to config.production.json to explicitly set the mail settings with the same results.
"mail": { "transport": "SMTP", "from": "[email protected]", "options": { "service:": "SMTP", "host": "mx.mydomain.com", "port": "587", "secureConnection": false, "requiresAuth": true, "auth": { "user": "[email protected]", "pass": "redacted" } } },

Ghost Version

5.62

Node.js Version

v18.17.1

How did you install Ghost?

docker, debian, lastest from docker hub

Database type

Other

Browser & OS version

any / all

Relevant log / error output

ep 10 21:02:25 mx postfix/submission/smtpd[5700]: NOQUEUE: reject: RCPT from unknown[192.168.0.1]: 554 5.7.1 <[email protected]>: Recipient address rejected: Sender is not same as SMTP authenticate username; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[127.0.0.1]>

Code of Conduct

• I agree to be friendly and polite to people in this repository

[markstos]

(fellow Ghost user here)

There are some places in the Ghost source code where noreply@ or ghost@ is currently used.

Also, the "mail domain" assumes it will match the URL, which might not always been true. See here:

https://github.com/TryGhost/Ghost/blob/main/ghost/core/core/server/services/settings-helpers/SettingsHelpers.js#L86

I've started to improve this area of the code with a pull request that at least merges the ghost@ and noreply@ cases:

#17966

But I agree that users should also be able to override the "mail domain". Besides your case of sub-domain vs top-level domain, sometimes organizations put a blog on a related domain, but what mail to go out through a relate domain.

Using config.mail.from in more places when it's defined seems like a logical improvement.

[daniellockyer]

I'm actually going to close this as a duplicate of #12802 - there's a much bigger discussion going on over there

[gemorgan]

Cool. Thanks for the pointer to main discussion.

…

On Fri, Sep 15 2023 at 01:06:21 AM -07:00:00, Daniel Lockyer ***@***.***> wrote: Closed #18047 <#18047> as not planned. — Reply to this email directly, view it on GitHub <#18047 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAHMDSR2MBVEIOFGV7AIHLX2QD73ANCNFSM6AAAAAA4SP3ZUQ>. You are receiving this because you authored the thread.Message ID: ***@***.***>