From an administrative account on GitHub Enterprise Server, in the upper-right corner of any page, click .
If you're not already on the "Site admin" page, in the upper-left corner, click Site admin.
At the top of the page, click Settings.
In the left sidebar, click Email.
Select Enable email. This will enable both outbound and inbound email, however for inbound email to work you will also need to configure your DNS settings as described below in "Configuring DNS and firewall settings to allow incoming emails."
Type the settings for your SMTP server.
- In the Server address field, type the address of your SMTP server.
- In the Port field, type the port that your SMTP server uses to send email.
- In the Domain field, type the domain name that your SMTP server will send with a HELO response, if any.
- Select the Authentication dropdown, and choose the type of encryption used by your SMTP server.
- In the No-reply email address field, type the email address to use in the From and To fields for all notification emails.
If you want to discard all incoming emails that are addressed to the no-reply email address, select Discard email addressed to the no-reply email address.
Under Support, choose a type of link to offer additional support to your users.
- Email: An internal email address.
- URL: A link to an internal support site. You must include either
At the top of the Email section, click Test email settings.
In the Send test email to field, type an address to send the test email to.
Click Send test email.
Tip: If SMTP errors occur while sending a test email—such as an immediate delivery failure or an outgoing mail configuration error—you will see them in the Test email settings dialog box.
If the test email fails, troubleshoot your email settings.
When the test email succeeds, at the bottom of the page, click Save settings.
Wait for the configuration run to complete.
If you want to allow email replies to notifications, you must configure your DNS settings.
- Ensure that port 25 on the instance is accessible to your SMTP server.
- Create an A record that points to
reply.[hostname]. Depending on your DNS provider and instance host configuration, you may be able to instead create a single A record that points to
- Create an MX record that points to
reply.[hostname]so that emails to that domain are routed to the instance.
- Create an MX record that points
[hostname]so that replies to the
ccaddress in notification emails are routed to the instance. For more information, see "Configuring notifications."
If you cannot determine what is wrong from the displayed error message, you can download a support bundle containing the entire SMTP conversation between your mail server and GitHub Enterprise Server. Once you've downloaded and extracted the bundle, check the entries in enterprise-manage-logs/unicorn.log for the entire SMTP conversation log and any related errors.
The unicorn log should show a transaction similar to the following:
This is a test email generated from https://10.0.0.68/setup/settings Connection opened: smtp.yourdomain.com:587 -> "220 smtp.yourdomain.com ESMTP nt3sm2942435pbc.14\r\n" <- "EHLO yourdomain.com\r\n" -> "250-smtp.yourdomain.com at your service, [188.8.131.52]\r\n" -> "250-SIZE 35882577\r\n" -> "250-8BITMIME\r\n" -> "250-STARTTLS\r\n" -> "250-ENHANCEDSTATUSCODES\r\n" -> "250 PIPELINING\r\n" <- "STARTTLS\r\n" -> "220 2.0.0 Ready to start TLS\r\n" TLS connection started <- "EHLO yourdomain.com\r\n" -> "250-smtp.yourdomain.com at your service, [184.108.40.206]\r\n" -> "250-SIZE 35882577\r\n" -> "250-8BITMIME\r\n" -> "250-AUTH LOGIN PLAIN XOAUTH\r\n" -> "250-ENHANCEDSTATUSCODES\r\n" -> "250 PIPELINING\r\n" <- "AUTH LOGIN\r\n" -> "334 VXNlcm5hbWU6\r\n" <- "dGhpc2lzbXlAYWRkcmVzcy5jb20=\r\n" -> "334 UGFzc3dvcmQ6\r\n" <- "aXRyZWFsbHl3YXM=\r\n" -> "535-5.7.1 Username and Password not accepted. Learn more at\r\n" -> "535 5.7.1 http://support.yourdomain.com/smtp/auth-not-accepted nt3sm2942435pbc.14\r\n"
This log shows that the appliance:
- Opened a connection with the SMTP server (
Connection opened: smtp.yourdomain.com:587).
- Successfully made a connection and chose to use TLS (
TLS connection started).
loginauthentication type was performed (
<- "AUTH LOGIN\r\n").
- The SMTP Server rejected the authentication as invalid (
-> "535-5.7.1 Username and Password not accepted.).
If you need to verify that your inbound email is functioning, there are two log files that you can examine on your instance: To verify that /var/log/mail.log and /var/log/mail-replies/metroplex.log.
/var/log/mail.log verifies that messages are reaching your server. Here's an example of a successful email reply:
Oct 30 00:47:18 54-171-144-1 postfix/smtpd: connect from st11p06mm-asmtp002.mac.com[220.127.116.11] Oct 30 00:47:19 54-171-144-1 postfix/smtpd: 51DC9163323: client=st11p06mm-asmtp002.mac.com[18.104.22.168] Oct 30 00:47:19 54-171-144-1 postfix/cleanup: 51DC9163323: message-id=<email@example.com> Oct 30 00:47:19 54-171-144-1 postfix/qmgr: 51DC9163323: from=<firstname.lastname@example.org>, size=5048, nrcpt=1 (queue active) Oct 30 00:47:19 54-171-144-1 postfix/virtual: 51DC9163323: to=<email@example.com>, relay=virtual, delay=0.12, delays=0.11/0/0/0, dsn=2.0.0, status=sent (delivered to maildir) Oct 30 00:47:19 54-171-144-1 postfix/qmgr: 51DC9163323: removed Oct 30 00:47:19 54-171-144-1 postfix/smtpd: disconnect from st11p06mm-asmtp002.mac.com[22.214.171.124]
Note that the client first connects; then, the queue becomes active. Then, the message is delivered, the client is removed from the queue, and the session disconnects.
/var/log/mail-replies/metroplex.log shows whether inbound emails are being processed to add to issues and pull requests as replies. Here's an example of a successful message:
[2014-10-30T00:47:23.306 INFO (5284) #] metroplex: processing <firstname.lastname@example.org> [2014-10-30T00:47:23.333 DEBUG (5284) #] Matched /data/user/mail/reply/new/1414630039.Vfc00I12000eM445784.ghe-tjl2-co-ie [2014-10-30T00:47:23.334 DEBUG (5284) #] Moving /data/user/mail/reply/new/1414630039.Vfc00I12000eM445784.ghe-tjl2-co-ie => /data/user/incoming-mail/success
You'll notice that
metroplex catches the inbound message, processes it, then moves the file over to
In order to properly process inbound emails, you must configure a valid A Record (or CNAME), as well as an MX Record. For more information, see "Configuring DNS and firewall settings to allow incoming emails."
If your GitHub Enterprise Server instance is behind a firewall or is being served through an AWS Security Group, make sure port 25 is open to all mail servers that send emails to
If you're still unable to resolve the problem, contact GitHub Enterprise Support. Please attach the output file from
http(s)://[hostname]/setup/diagnostics to your email to help us troubleshoot your problem.