Un-noticed(?) email config change in 4.15/16

It would be nice to get developer input or confirmation of this. After updating from 4.14 to 4.15.1 and 4.16 thereafter, I found that transactional emails through Mailgun stopped working entirely. The error given was the typical “SSL wrong version number” that many have issue with.

The workaround for that was to replace

"secureConnection": false
"secure": false

in your Ghost production configuration file. The problem is that key is now called secure and so this broke my website upon updating. This change is at least now reflected in the documentation.

edit: I’m bad at typing

My Ghost Mailgun config is still the same old "secureConnection": true and it works totally fine on 4.16 with "port": 465.

I think this is because it defaults to a secure connection, so it may be ignoring that line. If you’re not having SSL issues, nothing will have changed. SSL is like a black box and I don’t understand it at all. Google Cloud Platform doesn’t seem to like working with Mailgun.

I had a similar situation happen, and ended up just removing that line along with the port line and got back up and running. Sort of frustrating that I had to find out by having signup / transactional emails fail…

Agreed, this whole process could be better documented and the UX improved in future versions.

Hey all! :wave: Apologies for this, it’s a bug in our Nodemailer wrapper library. We had to update Nodemailer to fix a security vulnerability but I missed the case where secureConnection was set to false. We will be releasing a fix later this week.

As mentioned here, the workaround is to switch out secureConnection for secure (which is the actual option now). This will also work when the fix has been released.


The "secure": false, didn’t work for me. I’m trying now to remove that line together with the port one, as suggested in one of the comments above the one you linked to. But “Too many attempts try again in an hour”. So I’ll wait…

But “Too many attempts try again in an hour”. So I’ll wait…

You can get around this by making new test members in the Ghost admin panel.

I do think that you should be able to set the rate limit.

Any update @daniellockyer on when an update will be available to fix this? I’ve got this issue on 4.16.0 which AFAIK is the latest docker image available.

The “correct” change is to change secureConnection to secure in your config, but the accidental breaking change was fixed in Release 4.17.0 · TryGhost/Ghost · GitHub

The Ghost Docker image is maintained by Docker, so the 4.17.{0,1} image release timelines depend on them :slight_smile: