Rails mailer / smtp - potential security issue? - ruby-on-rails-3

When using SMTP settings in Rails for sending e-mail, you need to provide a username and password for it to send email from your account. But isn't it a little dangerous to put your password to the site's email account in plain text in your code? Is there a more secure way to do this?
config.action_mailer.smtp_settings = {
:address => "address_here",
:port => 'port_#_here',
:domain => "example.com",
:authentication => :plain,
:user_name => "user#example.com",
:password => "foobar",
:enable_starttls_auto => true
}

This is probably not much of an issue for the development environment, as you might be using a server that doesn't require authentication or a dummy account of some sort.
For the production environment the pattern I have seen/used most often is to keep information like usernames, passwords etc. within the environment itself e.g.:
config.action_mailer.smtp_settings = {
:address => "address_here",
:port => 'port_#_here',
:domain => "example.com",
:authentication => :plain,
:user_name => ENV['EMAIL_USERNAME'],
:password => ENV['EMAIL_PASSWORD'],
:enable_starttls_auto => true
}
This way an attacker will have to gain access to your production box itself in order to get this info. If you're deploying your app to Heroku for example and using the Sendgrid plugin for you email - the plugin will make you follow that pattern.

Related

Rails Zoho configuration sending mails via console but not from mailer class

I have following smtp configuration on my development.rb
ActionMailer::Base.delivery_method = :smtp
ActionMailer::Base.smtp_settings = {
:address => "smtp.zoho.com",
:port => 465,
:user_name => "xxx#xxx.com",
:password => "xxxx",
:authentication => :login,
:ssl => true,
:tls => true,
:enable_starttls_auto => true
}
I works when I send via rails console , but gives error of
Net::SMTPAuthenticationError (535-5.7.8 Username and Password not accepted. Learn more at
):
when I send via mailer class.
It seems like gmail is blocking you temporarily while you are trying to reach through controller.
Kindly have a check with this link
https://support.google.com/mail/answer/7126229?visit_id=1-636342470835359266-2568809045&rd=1#cantsignin
Hope this helps.

ActionMailer works on localhost but doesn't in a public server

I built an application with Rails 3 and I made a simple contact us page to send mail through my SMTP server.
The problem is my app can send mail when I run it in my local host (my pc), but it doesn't work when I run the app in the hosted server (hostgator).
The funny stuff is that the smtp server is the same!
This is the config in my localhost(and it works!):
config/environments/developer.rb
# ActionMailer Config
config.action_mailer.default_url_options = { :host => 'localhost:3000' }
config.action_mailer.delivery_method = :smtp
config.action_mailer.perform_deliveries = true
config.action_mailer.raise_delivery_errors = true
config.action_mailer.default :charset => "utf-8"
config/initializers/setup_mail.rb
ActionMailer::Base.smtp_settings = {
:address => "mail.mydomain.org",
:port => 26,
:domain => "app.mydomain.org",
:user_name => "register#app.mydomain.org",
:password => "********",
:authentication => "plain",
:enable_starttls_auto => false
}
The url for my host server is app.mydomain.org, so in the hosted app I changed only this:
config/environments/development.rb
# ActionMailer Config
config.action_mailer.default_url_options = { :host => 'mydomain.org' }
...
In the host server, just for now I run the app with WEBrick in development mode.
And I get a timeout error:
....
Timeout::Error (execution expired):
app/controllers/contact_us_controller.rb:13:in `create'
...
Am I missing somenthing??
EDIT & SOLVED:
Hostgator support staff have just find out the cause of this issue.
In the ActionMailer setup, the :address has to be localhost, and not mail.mydomain.org. So the ActionMailer would be:
ActionMailer::Base.smtp_settings = {
:address => "localhost",
:port => 26,
:domain => "app.mydomain.org",
:user_name => "register#app.mydomain.org",
:password => "********",
:authentication => "plain",
:enable_starttls_auto => false
}
I think you mean development.rb, not developer.rb. This setting only runs in development and assuming you've set RAILS_ENV as production on the server, it will be production.rb, not development.rb, is going to be processed.
If the server is the same on both, you could move this to application.rb (or a script in config/initializers). You might want a different setup for production though, so that it's pointing to localhost. That may also fix the problem here, in case there's some DNS issue or server config preventing the outgoing SMTP request.

devise_invitable not sending mails in production mode

I am using devise_invitable to invite users, it is sending mails when i run the app in development mode, but in production mode it is not sending mails, also showing no errors. Other forgot password is sending mails.
i have setup a setup.rb in initializers
ActionMailer::Base.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:domain => 'mydomain',
:user_name => 'email#gmail.com',
:password => 'secret',
:authentication => 'plain',
:enable_starttls_auto => true
}
I tried setting this in production.rb in environments also but still not working :(
i am using rails 3
Try to enable delivering in action mailer for production environment:
config/environments/production.rb
config.action_mailer.perform_deliveries = true
config.action_mailer.delivery_method = :smtp
config.action_mailer.raise_delivery_errors = true
config.action_mailer.default_url_options = { :host => 'yoursite.com' }

Rails Cast: ActionMailer Email not sent to inbox

The server states that the email was sent to the correct address but I am not getting the message in my inbox.
My Setup_mail.rb file
ActionMailer::Base.smtp_settings ={
:address => "smtp.gmail.com",
:port => 587,
:domain => "gmail.com",
:user_name => "my_user_name#gmail.com",
:password => "my_password",
:authentication => "Plain",
:enable_starttls_auto => true
}
My development.rb file is:
# Don't care if the mailer can't send
config.action_mailer.raise_delivery_errors = true
config.action_mailer.perform_deliveries = true #default value
config.action_mailer.delivery_method = :smtp #default value
My test.rb file is:
config.action_mailer.delivery_method = :smtp
I have tried multiple variations and am lost. I am running on a Windows 7 machine. I am running Ruby 1.8.7 and Rails 3.0.7
Can anyone help?
Here is my create method:
def create
#user = User.new(params[:user])
if #user.save
UserMailer.registration_confirmation(#user).deliver
sign_in #user
redirect_to #user, :flash => { :success => "Welcome to the Sample App!" }
else
#title = "Sign up"
render 'new'
end
end
My user_mailer.rb
class UserMailer < ActionMailer::Base
default :from => "my_user_name#gmail.com"
def registration_confirmation(user)
mail(:to => user.email, :subject => "Thanks for registering")
end
end
Take a look at your server. I'm pretty sure that you can see in your logs that it's actually trying to send the mail.
The problem is that Google doesn't trust your local IP address and your mails won't get delivered (not even to the spam directory). There is no way to work around this but using a whitelisted server.
If you try your app in production this should normally work, for example deploy your app to heroku to test it.
Try putting in .deliver at the end. That fixed this issue for me:
mail(:to .....).deliver!
Try changing the authentication from a string to a symbol.
ActionMailer::Base.smtp_settings ={
:address => "smtp.gmail.com",
:port => 587,
:domain => "gmail.com",
:user_name => "my_user_name#gmail.com",
:password => "my_password",
:authentication => :plain,
:enable_starttls_auto => true
}
You should check that my_user_name#gmail.com has actually sent the email. We have had issues with this in the past when sending verification emails out through Gmail's SMTP server, since sending in bulk end up not sending at all.
I suggest you log into my_user_name#gmail.com and verify that there are no problems and that the emails are sent.
If not, you may want try a service like Send Grid to send outgoing emails.
I had this same issue, I was able to see that in my console mail was sent but in inbox nothing was appearing, one thing is that you can deploy your app on whitelisted server like heroku, or if you want to see just for testing purpose through your local just enable less secure apps in your browser and you should be able to see that email in your inbox
https://myaccount.google.com/lesssecureapps

gmail smtp with rails 3

I am trying to get a confirmation email sending using a gmail account. I have looked around and there is nothing that is obvious. There is no errors or anything, it just dosn't send
I have this as the initalizer:
ActionMailer::Base.delivery_method = :smtp
ActionMailer::Base.perform_deliveries = true
ActionMailer::Base.raise_delivery_errors = true
ActionMailer::Base.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:domain => "gmail.com",
:user_name => "<address>#gmail.com",
:password => "<password>",
:authentication => "plain",
:enable_starttls_auto => true
}
ActionMailer::Base.default_url_options[:host] = "localhost:3000"
You don't need tlsmail gem anymore at least with Rails 3.2
This will be sufficient
config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:domain => 'baci.lindsaar.net',
:user_name => '<username>',
:password => '<password>',
:authentication => 'plain',
:enable_starttls_auto => true }
From the all-mighty-guide ActionMailer configuration for gmail
add tlsmail to gemfile
gem 'tlsmail'
run :
bundle install
add these settings to config/envirnoments/development.rb file
YourApplicationName::Application.configure do
require 'tlsmail'
Net::SMTP.enable_tls(OpenSSL::SSL::VERIFY_NONE)
ActionMailer::Base.delivery_method = :smtp
ActionMailer::Base.perform_deliveries = true
ActionMailer::Base.raise_delivery_errors = true
ActionMailer::Base.smtp_settings = {
:address => "smtp.gmail.com",
:port => "587",
:domain => "gmail.com",
:enable_starttls_auto => true,
:authentication => :login,
:user_name => "<addreee>#gmail.com",
:password => "<password>"
}
config.action_mailer.raise_delivery_errors = true
You should check that my_user_name#gmail.com has actually sent the email. We have had issues with this in the past when sending verification emails out through Gmail's SMTP server, since sending in bulk end up not sending at all.
I suggest you log into my_user_name#gmail.com and verify that there are no problems and that the emails are sent.
If not, you may want try a service like Send Grid to send outgoing emails.
Alternatively, you can look into your server. Or if you are in development, have a look at log/development.log. I'm pretty sure that you can see in your logs that it's actually trying to send the mail.
The problem is that Google doesn't trust your local IP address and your mails won't get delivered (not even to the spam directory). There is no way to work around this but using a white-listed server.
You can try this out by deploying your app into a production server like Heroku and test it there.
config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:domain => 'baci.lindsaar.net',
:user_name => '<username>',
:password => '<password>',
:authentication => 'plain',
:enable_starttls_auto => true }
The <username> means to fill in your real username? So does the <password>