Correctly setup email for WordPress

willowen100 asked:

I have finally got WordPress setup and working on my VPS using WP-CLI. It wasn’t until I wanted to change my Administration Email Address found under Settings > General when I realised I wasn’t receiving any emails at the new email address, when reality the server wasn’t sending out emails to begin with. At the moment I partially have emails working on my server, but WordPress is behaving odd and I don’t think I have covered everything. I’ve spent the last three days trying to research this and I’ve done as much homework as possible but I can’t find a definitive answer, so I’m now asking for some advise.

As far as I know WordPress uses the PHP mail function. After searching the keywords wordpress, mail on Google all the web search results come back with using a SMTP plugin with WordPress to get the mail function working. I don’t want to use any third-party plugins and instead I would like to use what is already in place but in a working order.

I have Apache 2.4 installed and have opted to use the FPM version of PHP over mod_php as it’s faster but at a cost of more memory. Below are the commands I have used to setup PHP-FMP for use with Apache 2.4

# Install PHP-FPM
sudo apt install php-fpm -y
sudo apt install libapache2-mod-fcgid -y

# Enable FPM
sudo a2enconf php7.4-fpm

# Enable HTTP proxy module
sudo a2enmod proxy

# Enable the FastCGI proxy module
sudo a2enmod proxy_fcgi

I am able to confirm the correct version of PHP by accessing a file from my domain through a web browser

echo "<?php phpinfo(); ?>" | sudo tee /var/www/example.com/info.php

Below are the steps I followed to install Postfix

# Install Postfix
debconf-set-selections <<< "postfix postfix/mailname string example.com"
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
sudo apt-get install libsasl2-modules mailutils postfix -y

# Allow app passwords in Google Suite
1) Go to Google Admin Console (https://security.google.com/settings/security/apppasswords)
2) Click `Security > Basic Settings`
3) Look for `Less Secure apps`
4) Check `Allow users to manage less secure apps`
5) Click Save
6) Generate Google app password for Postfix

# Create credentials files
cat <<'EOF' | sudo tee /etc/postfix/sasl/sasl_passwd
[smtp.gmail.com]:465 [email protected]:password1234
EOF

# Create the hash db file for Postfix
sudo postmap /etc/postfix/sasl/sasl_passwd

# Secure Postfix hash database and email password files
sudo chown root:root /etc/postfix/sasl/sasl_passwd /etc/postfix/sasl/sasl_passwd.db
sudo chmod 0600 /etc/postfix/sasl/sasl_passwd /etc/postfix/sasl/sasl_passwd.db

/etc/postfix/main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may

smtp_tls_CApath=/etc/ssl/certs
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, example.com, localhost
relayhost = [smtp.gmail.com]:465
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

# Enable SASL authentication
smtp_sasl_auth_enable = yes
# Disallow methods that allow anonymous authentication
smtp_sasl_security_options = noanonymous
# Location of sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
# Enable STARTTLS encryption
smtp_tls_security_level = encrypt
# Location of CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
EOF

With this in place I’m able to send out an email from the server and receive it at my personal email account using the following command

echo "This is a test email" | mail -s "Test email" [email protected]

I’m also able to execute a PHP file from my domain at `example.com/test.php’ and receive the email on my personal email account too

<?php
$to      = '[email protected]';
$subject = 'Test email';
$message = 'hello world';
$headers = 'From: [email protected]' . "\r\n" .
    'Reply-To: [email protected]' . "\r\n" .
    'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);
?>

In WordPress I’m able to enter my personal email into the Administration Email Address field found under Settings > General and receive the email at my personal email account. I know Postfix and WordPress are working because if I stop the Postfix service with sudo systemctl stop postfix and enter another personal email account into the Administration Email Address field, nothing comes through. As soon as I start the Postfix service back up with sudo systemctl start postfix, the email comes through within seconds.

I currently have an email setup with Google Suite with the main email being [email protected]. Additionally, I have an alias setup set as [email protected]. The problem I have is I never seem to receive an email at either info or webmaster when I enter them into the Administration Email Address field on WordPress.

During my research I started discovering people talking about checking/modifying the mail section of the php.ini file. Below is the unmodified file.

/etc/php/7.4/fpm/php.ini

[mail function]
; For Win32 only.
; http://php.net/smtp
SMTP = localhost
; http://php.net/smtp-port
smtp_port = 25

; For Win32 only.
; http://php.net/sendmail-from
;sendmail_from = [email protected]

; For Unix only.  You may supply arguments as well (default: "sendmail -t -i").
; http://php.net/sendmail-path
;sendmail_path =

; Force the addition of the specified parameters to be passed as extra parameters
; to the sendmail binary. These parameters will always replace the value of
; the 5th parameter to mail().
;mail.force_extra_parameters =

; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
mail.add_x_header = Off

; The path to a log file that will log all mail() calls. Log entries include
; the full path of the script, line number, To address and headers.
;mail.log =
; Log mail to syslog (Event Log on Windows).
;mail.log = syslog

My WordPress also uses the Contactform7 plugin that also requires a working email to be able to forward the results from submitted forms to an admin etc. After looking through the help documentation there is mention of preparing a WordPress email here under the header Prepare a real “WordPress” email address

It is recommended you prepare a real [email protected]{your-site-domain} address on your host. Because the default mail template of Contact Form 7 uses this address in its From field, someone might try to send mail to this address. Some hosts also block outgoing mail from this address if it doesn’t exist.
WordPress also uses the [email protected]{your-site-domain} address in its notification mail, including comment notification and new user notification. It doesn’t hurt to make this address even if you don’t use Contact Form 7.

Sadly the email never comes through on my email inbox after submitting the form on my website, despite checking over the mail tab found on Contactform7.

Essentially I would like all server and WordPress emails to come from my alias email account [email protected] so I need some guidance on setting that up, but more importantly to try and diagnose why I never receive an email at the newly changed WordPress administration email and whether there is anything wrong my setup/configuration.

Update 1

After rebooting my server the mail log started working again at /var/log/mail.log and I can see a potential culprit. My Apache server is being run as the www-data user which is identical to the email prefix I can see in the log.

Oct  7 14:57:40 example postfix/pickup[1795]: 95F023FFF7: uid=33 from=<www-data>
Oct  7 14:57:40 example postfix/cleanup[2024]: 95F023FFF7: message-id=<[email protected]>
Oct  7 14:57:40 example postfix/qmgr[1796]: 95F023FFF7: from=<[email protected]>, size=708, nrcpt=1 (queue active)
Oct  7 14:57:40 example postfix/local[2026]: 95F023FFF7: to=<[email protected]>, relay=local, delay=0.03, delays=0.02/0/0/0.01, dsn=5.1.1, status=bounced (unknown user: "info")
Oct  7 14:57:40 example postfix/cleanup[2024]: 9BEC23FFF8: message-id=<[email protected]>
Oct  7 14:57:40 example postfix/qmgr[1796]: 9BEC23FFF8: from=<>, size=2676, nrcpt=1 (queue active)
Oct  7 14:57:40 example postfix/bounce[2027]: 95F023FFF7: sender non-delivery notification: 9BEC23FFF8
Oct  7 14:57:40 example postfix/qmgr[1796]: 95F023FFF7: removed
Oct  7 14:57:40 example postfix/local[2026]: 9BEC23FFF8: to=<[email protected]>, relay=local, delay=0, delays=0/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
Oct  7 14:57:40 example postfix/qmgr[1796]: 9BEC23FFF8: removed

My answer:


Do not set your system hostname to your naked domain name. Do not set Postfix’s mailname to the naked domain name. Do not add the naked domain name to Postfix’s mydestination, or to any other Postfix configuration option. Doing any of these will cause Postfix to try to deliver the mail locally rather than sending it out to the Internet.

Name the system with a subdomain of your domain name. Give the fully qualified domain name, including subdomain, as the Postfix mailname. For example you might call your system capacitor and the FQDN would be capacitor.example.com. Mail for example.com would then be delivered wherever it is supposed to go. And only mail for someone @ capacitor.example.com would be delivered locally (unless you forward it somewhere, of course).


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.