When the following is true:
- User attempts to create an account
- Instance has “require registration application” enabled
- Instance’s email is not working/unavailable
the application seems to get lost, the user never receives an email (even after email functionality is restored), nor can that email/username be used going forward to re-submit the account creation request.
Additionally, since the user never verifies their email, the instance admin never gets a registration application.
It’s not currently an issue for me, however, would it be possible to delete these ghost users? If you lookup the profile/username in the database, you can view it via the web UI, but the only options appear to be either blocking the user or banning them. It might be good to be able to completely delete the accounts, no?
I caught this in testing as well today.
That said i removed my test accounts in SQL directly
DELETE FROM local_user WHERE person_id=‘someusernumer’
Where someusernumber is their actual ID.
Used this thread as a resource:https://normalcity.life/post/13018
Awesome, that’s super helpful, thank you!
I guess I’ll also look into an SMTP relay. That could be useful I guess.
In my tshooting today, i dont think it will help. I think the error is hitting in the lemmy app container, and not getting passed to my postfix relay. So even if i say…setup postfix as a dedicated relay (which I have done plenty of), not sure it would help.
I put more here: https://github.com/LemmyNet/lemmy-ansible/issues/105
I was actually testing email, when I stumbled on this. When i tried another account with the same address I got an error that the address already exists. Prompting me to go cleanup my DB and use something else to test email realy (forgotten passwords in my case).
It’s because the postfix docker container is not connected to a docker network that has access to the “lemmy” or “lemmy-ui” container, it’s being connected to the “default” docker network. I submitted a pull request for it here that should fix it.
To make it work in the meantime:
-
cd into the Lemmy install directory and run
docker compose down
-
Edit docker-compose.yml in the same directory, and in the postfix section, put this just below the
postfix:
line:networks: - lemmyinternal - lemmyexternalproxy
-
Run
docker compose up -d
The indentation of that code is very important. Your postfix section should look like this when it’s done:
That should connect the “postfix” container in to a docker network that can communicate with the “lemmy” and “lemmy” UI containers. There’s another bug in the default config that doesn’t assign a hostname to all the containers, but it doesn’t always manifest all the time. You can fix that by making sure each service has a hostname assigned to it, like
hostname: lemmy
,hostname: lemmy-ui
,hostname: postfix
etc in the respective service’s section of theservice:
section of the docker compose file.yep that did the trick.
Heres what I am now using for postfix. This will output logs to ./volumes/postfix/mail.log so its easily parsable as well. May be worth adding it to your PR.
Docker at this depth is a bit new to me. Curious. Why does it need to be bound to the lemmyinternal and lemmyexternalproxy nets, and not just internal?
Docker at this depth is a bit new to me. Curious. Why does it need to be bound to the lemmyinternal and lemmyexternalproxy nets, and not just internal?
Because the “lemmyinternal” network is set as an
internal
type network in the Docker compose file, which is exactly what it sounds like: internal-only. Postfix wouldn’t have a way to egress to the WAN if not connected to the “lemmyexternal” network, so the initial connection step to send the mail from the “lemmy” container would work, but postfix sending it would fail, as it doesn’t have a route out to the Internet.Makes sense. Thanks for the quick explainer (and especially for the tip in the first place.
Just getting logs in a format I’m used to out of docker had me on a bit of a tangent.
You’re welcome! Docker/Docker Compose are a great tools once your wrap your brain around them and why containers are ephemeral, etc. Docker’s docs could really use improvement though, you never know if what you’re looking for is in the section that’s dedicated to to that feature, or if the only mention of it is buried deep in the 10th sentence of the 20th paragraph on a completely different page that has absolutely nothing to do with what you’re looking for.
I get an error that the network ‘lemmyinternal’ doesn’t exist when making this change in docker-compose.yml - anything I’m missing?
Make sure the
networks
section at the top of your docker compose file looks like this:Thanks! Somehow missed that in the original post - that worked but I am now seeing “email_not_sent” when trying to test forgot password, how can I get to the postfix log to see what the issue is?
Make sure the postfix container is connected to the lemmyexternalproxy network.
-
My problem with email was a transient issue in resolving “smtp.sendgrid.net” inside my Kubernetes cluster.
I think setting up a relay would resolve the issue for me, but I’m not sure.
Saying that, I thought I had resolved the issue, but I didn’t get an email notification for your reply. I don’t think my SMTP issues are fixed lol.
I would bet if you set a /etc/hosts record for smtp.sendgrid.net that may help within the lemmy app container.
Because Im not using a relay that may be a problem. Frankly i think the app just has a bug. I dont use email much so i just closed registration and called it a day for now. May continue troubleshooting.
You CAN setup a relay though gmail with sasl but i would use a throwaway account if its a big instance.
I changed Kubernetes’ coredns config to forward *.sendgrid.net to 1.1.1.1 rather than my internal Pi-Hole servers, which did seem to help a bit.
Haven’t tried since updating to 0.18.0, so it could be an internal issue as well.
See the response in this chain here, that got it working for me.: https://r.rosettast0ned.com/comment/69757
I’m using Kubernetes, not docker compose, so this doesn’t exactly apply to my implementation.
I got a systemd timer going that executes an SQL query to remove those accounts every 24 hours. Works fine so far.
What’s the sql query you are using? And which table do you remove them from? (Looks to me they show up in multiple tables)
They def do. I second this @NettoHikari@social.fossware.space would love to see the SQL. I did a basic delete of a couple accounts today using the basic SQL
DELETE FROM local_user WHERE person_id=‘123456’
However I still see some of those users in in the server counts in the sidebar:
Hey, sorry. Kinda overlooked your comment. This is the query I’m using:
DELETE FROM local_user WHERE email_verified = 'f' AND validator_time < NOW() - INTERVAL '$DELETE_INTERVAL';
- $DELETE_INTERVAL is a variable in the bash script. You could use
1 days
, for example - I’m not 100% sure if validator_time is the account creation date, but it seemed like it when I implemented this
- If you wanted it to be cleaner, you’d also have to delete the record from the “people” table by comparing
loal_user_id
- $DELETE_INTERVAL is a variable in the bash script. You could use
On top of this, would manually deleting the user from the database be a good idea? I’m assuming not.
If you use a local postfix relay it should queue messages and retry to send on failures.
I feel like that doesn’t really resolve the issue at all… it is merely a workaround.
My email is broken since the 0.18 upgrade and its not postfix related that I can tell. The lemmy app/container itself is tossing errors before it ever hits postfix.
Steps taken so far are here: https://github.com/LemmyNet/lemmy-ansible/issues/105
Something like this happened to me on my badbrainstorm.ml account.
Had an established account from September, hundreds of post. I was attempting to set up 2FA and suddenly I get a notice about not being on version .18 Now it doesn’t recognize me as a registered user. Could someone help me with 2FA, account recovery?Because of this, I pretty much force-disabled the 2FA feature on my instance. It’s borked.
You’d have to talk to the your instance admin, they should be able to go into the database and fix your account.