using actionmailer via SSL with joyent
If you're like me, you do your ruby development on a Mac at home. And if you're like me, your ISP blocks the SMTP port (port 25) in an effort to prevent spam.
While I applaud the anti-spam actions taken by ISP's, this setup means that you can't send email from your Mac via ruby's "ActionMailer" to Joyent's SMTP servers. You'll have to use the encrypted (TLS/SSL) port (which in our case was port 587).
SSL certificates
To connect with the TLS server on your Joyent environment, you'll need to use TLS/SSL. I found another great tutorial that outlines this.
Quoting that tutorial, the important steps are:
Retrieve the Thawte Premium Server CA from https://www.verisign.com/support/roots.html.
unzip -j roots.zip sudo mkdir /etc/postfix/certs cp ThawtePremiumServerCA.perm /etc/postfix/certs openssl x509 -inform der -in ThawtePremiumServerCA.cer -out ThawtePremiumServerCA.pem
postfix to the rescue
The added complexity of involving TLS is not something you want to import to your ruby, especially since it's a development-environment hack that is irrelevant to your production server. The best place to do this sort of configuration is in your Mac's postfix environment.
Here's how.
Following the lead of this excellent tutorial, set up your postfix environment with the appropriate pointers to Joyent's TLS-enabled port. In my case, the relevant entries to the different configuration files are as follows:
/etc/postfix/main.cf
myhostname = mymac.ourdomain.co.jp mydomain = ourdomain.co.jp myorigin = $mydomain smtp_use_tls=yes smtp_sasl_auth_enable=yes smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd tls_random_source=dev:/dev/urandom sender_dependent_relayhost_maps=hash:/etc/postfix/sender_relay smtp_tls_CApath = /etc/postfix/certs smtp_tls_session_cache_database = btree:/etc/postfix/smtp_scache smtp_tls_session_cache_timeout = 3600s smtp_tls_loglevel = 1 smtp_tls_security_level = may smtp_sasl_security_options = noanonymous
/etc/postfix/sender_relay
@ourdomain.co.jp [oursharedhost.joyent.us]:587
Note the space between the '@ourdomain.co.jp' and the rest of the line. This space also appears in the file below, which specifies the user account.
/etc/postfix/sasl_passwd
orusharedhost.joyent.us:587 username:password
Again, following Vance's instructions, you have to make hash tables from the latter two files, and change the permissions on the latter to protect the password.
$ sudo postmap /etc/postfix/sasl_passwd $ sudo postmap /etc/postfix/sender_relay $ sudo chown 600 /etc/postfix/sasl_passwd $ sudo chown 600 /etc/postfix/sasl_passwd.db
The first two commends make the .db files are referenced by the postfix software.
With all of that done, it's time to start postfix with "sudo postfix start". Do this in advance whenever you want to test your email-sending software.
Tweaking your Joyent configuration
Chances are, your Mac's webserver is running under a username that doesn't appear in your list of users &aliases on your Joyent config. To ensure that your Joyent mail server will receive mail from these users, make aliases of those usernames in your Joyent aliases table. In my case, I had to make a 'root' alias. That's it!
Configuring rails
This is the final portion. Adopting the complexity of certificates and postfix really pays off here because this part is very simple.
First, create a new initializer. This will be picked up whenever you start up your rails environment. I called mine "config/initializers/mail.rb". Clever, ne? Here's what it looks like.
ActionMailer::Base.delivery_method = :sendmail
ActionMailer::Base.raise_delivery_errors = true
ActionMailer::Base.default_charset = "utf-8"
ActionMailer::Base.sendmail_settings = {
:location => '/usr/sbin/sendmail',
:arguments => '-i -t'
}
Again, it's simple, it's got no embedded server config or passwords, and it does away with all of the "config.action_mailer" entries in your development.rb. We only need the "utf-8" remark because we send email in Japanese.
Naturally, you must make sure that actionmailer is installed.
sudo gem install actionmailer
You're done.
Please note that you can't use this for sending spam. It requires a legitimate domain name and legitimate users on a web server that you own.
subscribe
