Some e-mail safety issue

  1. It seems my SMTP would send infinite verification e-mails if a user constantly click “create user”. That feels dangerous. I would like it to only response to certain e-mail suffix, or something like FAILED_LOGIN_RATE_LIMIT ?
  2. Seems my SMTP only works when set to use 25 port, and when set to 465(SSL) nothing happens. It’s that a problem from my SMTP provider?
  3. And nothing happens either if I change my NO_REPLY_EMAIL, I suppose that is my SMTP provider’s restriction?

Good idea, we should indeed rate-limit this.

AFAIK SMTP+SSL over 465 is deprecated; usually you would use port 587 with STARTTLS. We currently do not expose a setting to use SSL without STARTTLS.

Did you restart uwsgi (and indico-celery)? Otherwise config file changes are not taken into account

Seems my email provider is little old-fashioned :thinking: They only provide 25 and 465 for SMTP.

Yes, I restarted every service. I think they limited it to avoid spam mails.

STARTTLS may be possible on port 25 as well; i’d give that a try