We're Hiring!

Mattermost Discussion Forums

Mail send to SPAM folder with Gsuite

Hi,
I’ve deploy Mattermost on Ubuntu server, everything is ok but Email is not send to Inbox folder. It’s always marked as SPAM (Gmail). But when run on my local server with self-sign certificate, it’s OK (all mails is sent to INBOX folder). These are difference between them:

This is message was SUCCESS sent to INBOX:

And this is message was sent to SPAM:
(New user can only put one media, error!!!)

I found out that only one thing difference between them is:

The success message were sent from “209.85.220.41”, but spam message were: “209.85.220.65”

I also found out that there is only thing difference between my local config and my remote server config:

// This is config on LOCAL, with self-sign certificate
"ConnectionSecurity": "TLS",
        "TLSCertFile": "./localhost.crt",
        "TLSKeyFile": "./localhost.key",

And this is my Remote config:

"ListenAddress": ":4100",
        "ConnectionSecurity": "",
        "TLSCertFile": "",
        "TLSKeyFile": "",
        "TLSMinVer": "1.2",

I used Nginx as a proxy.

So I tried to change my Remote config to match local (use TLS). So I followings these instruction:
https://docs.mattermost.com/install/config-tls-mattermost.html
And change config to:

"ListenAddress": ":4001",
        "ConnectionSecurity": "TLS",
        "TLSCertFile": "path/to/LetsendcryptCert.crt",
        "TLSKeyFile": "path/to/LetsendcryptKey.key",
        "TLSMinVer": "1.2",
        "TLSStrictTransport": false,
        "TLSStrictTransportMaxAge": 63072000,
        "TLSOverwriteCiphers": [],
        "UseLetsEncrypt": true,
        "LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache",
        "Forward80To443": true,

Then Mattermost throw an error:

443: bind: address already in use

Can anyone tell me how to fix this problem? please!


This is SPAM message detail

Hi, @ladifire

At this point of time, I believe that you are trying to solve the following issue:

443: bind: address already in use

This usually indicates that there is already a process running on that specific port 443 and since you are using NGINX, I would think that it is already tied to that. Perhaps you can run the command below to confirm:

sudo netstat -tulpn | grep :443

Also, you have the Forward80To443 set to true. Since you are already using a proxy, I’d recommend you to set to false based on the configuration setting documentation.

@ahmaddanial
Thank you very much. When I run sudo netstat -tulpn | grep :443, this is output:

tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      101202/nginx: maste 
tcp6       0      0 :::443                  :::*                    LISTEN      101202/nginx: maste

In /etc/nginx/site-enabled, I also have some domain configs, eg:
// for MY_DOMAIN_1

server {
    listen                               443 ssl http2;
    listen                               [::]:443 ssl http2;
    server_name                          MY_DOMAIN_1;

    # SSL
    ssl_certificate                      /etc/letsencrypt/live/MY_DOMAIN_1/fullchain.pem;
    ssl_certificate_key                  /etc/letsencrypt/live/MY_DOMAIN_1/privkey.pem;
    ssl_trusted_certificate              /etc/letsencrypt/live/MY_DOMAIN_1/chain.pem;

    # ... some other configs
}

server {
    listen      80;
    listen      [::]:80;
    server_name MY_DOMAIN_1;
    include     nginxconfig.io/letsencrypt.conf;

    location / {
        return 301 https://$server_name$request_uri;
    }
}

And so on for MY_DOMAIN_2

server {
    listen                               443 ssl http2;
    listen                               [::]:443 ssl http2;
    server_name                          MY_DOMAIN_2;

    # SSL
    ssl_certificate                      /etc/letsencrypt/live/MY_DOMAIN_2/fullchain.pem;
    ssl_certificate_key                  /etc/letsencrypt/live/MY_DOMAIN_2/privkey.pem;
    ssl_trusted_certificate              /etc/letsencrypt/live/MY_DOMAIN_2/chain.pem;

    # ... some other configs
}

server {
    listen      80;
    listen      [::]:80;
    server_name MY_DOMAIN_2;
    include     nginxconfig.io/letsencrypt.conf;

    location / {
        return 301 https://$server_name$request_uri;
    }
}

I known that I MUST use these configs for Mattermost, to make GSuite send my Email to INBOX, not spam:

"ListenAddress": ":4001",
        "ConnectionSecurity": "TLS",
        "TLSCertFile": "path/to/LetsendcryptCert.crt",
        "TLSKeyFile": "path/to/LetsendcryptKey.key",
        "TLSMinVer": "1.2",
        "TLSStrictTransport": false,
        "TLSStrictTransportMaxAge": 63072000,
        "TLSOverwriteCiphers": [],
        "UseLetsEncrypt": true,
        "LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache",
        "Forward80To443": true,

I’ve changed my config.json to this, but still no luck:

"SiteURL": "https://MY_DOMAIN",
        "ConversationServerURL": "https://MY_DOMAIN",
        "SecretCode": "MY_SECRET",
        "WebsocketURL": "",
        "LicenseFileLocation": "",
        "ListenAddress": ":443",
        "ConnectionSecurity": "TLS",
        "TLSCertFile": "/etc/letsencrypt/live/MY_DOMAIN/fullchain.pem",
        "TLSKeyFile": "/etc/letsencrypt/live/MY_DOMAIN/privkey.pem",
        "TLSMinVer": "1.2",
        "TLSStrictTransport": false,
        "TLSStrictTransportMaxAge": 63072000,
        "TLSOverwriteCiphers": [],
        "UseLetsEncrypt": true,
        "LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache",
        "Forward80To443": false,
        "TrustedProxyIPHeader": [
            "X-Forwarded-For",
            "X-Real-IP"
        ],

(as you suggested, I’ve changed “Forward80To443”: false). But I think the problem is "ListenAddress": ":443", is confict with nginx config, but I don’t know how to fix it.

So can you tell me how to modify my Nginx Config, please!
Thank you very much!