3

I'm currently having trouble with the password reset mail created by make:auth in Laravel 5.6. My app is hosted on Heroku. In my local environment everything works fine. I have set the right values in the config vars in Heroku, same in my local .env file:

MAIL_DRIVER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=myMail@gmail.com
MAIL_PASSWORD=bla
MAIL_ENCRYPTION=tls

I have read here that I have to hard-code the values inside app/mail.php instead of referencing the .env file because Heroku wouldn't recognize/understand this reference

'password' => env('MAIL_PASSWORD')

But then my data would be visible inside the GitHub repo.

What am I doing wrong here?

EDIT:

The accepted answer is the way to go, one should use an Add-On for sending mails in Heroku. Still I found a way to make it work with gmail after setting up sendgrid ;)

- Use `Port 465 with ssl` as encryption. 

- Allow `less secure apps` access to my account.

- Visit `http://www.google.com/accounts/DisplayUnlockCaptcha` and sign in with your Gmail username and password.

After these steps, it worked. Maybe this is helpful for others.

EDIT2:

I migrated Laravel from version 5.x to 8 and I ran into problems again, so I had to change my approach again with gmail.

I had to:

- Allow `less secure apps` access to my account.
- Enable two step verification and create an App Password like in the accepted answer of this question: https://stackoverflow.com/questions/42558903/expected-response-code-250-but-got-code-535-with-message-535-5-7-8-username
- Change Port back to 587 and tls again
- Visit `http://www.google.com/accounts/DisplayUnlockCaptcha` and sign in with your Gmail username and password.
dombg
  • 311
  • 3
  • 18

1 Answers1

4

Don't use Gmail in production¹.

Gmail isn't designed to act as an SMTP gateway for your application. Instead, use one of the many mail addons that Heroku recommends. Mailgun and SendGrid are both very popular options, but there are lots of others.

These tools are designed to send mail for applications. They'll be a lot less likely to reject your mail and, when configured properly, make it a lot less likely for your mail to get caught in spam filters. Most of them have walkthroughs for setting things up, and I encourage you to follow them. Make sure not to skip the SPF and DKIM anti-spam features.

I have read here that I have to hard-code the values inside app/mail.php instead of referencing the .env file because Heroku wouldn't recognize/understand this reference

'password' => env('MAIL_PASSWORD')

This is incorrect.

You say that you've set config variables on Heroku, and that populates the environment. The .env file is just a convenient local workaround for doing the same thing. Whichever mail addon you choose will automatically set one or more environment variables for you, and you should use those in your code.

¹You probably shouldn't be using it in development, either, but it's less of a problem there. I urge you to use something like Mailtrap (cloud) or Mailcatcher (local) instead.

Community
  • 1
  • 1
ChrisGPT was on strike
  • 127,765
  • 105
  • 273
  • 257
  • Thank you for your help. I only want to use gmail for the password reset link nothing more. I don't understand why it wouldn't work? I took a look at mailgun and I have to give my credit card credentials if I want to send mails to anybody. This is not really convenient. Is this normal? I understand the spamer protection thought behind it, but still – dombg Mar 19 '19 at 15:57
  • It doesn't work because that's not what it's designed to do. To prevent people from using their SMTP servers for spam, Google almost certainly detects requests coming from popular cloud hosts (like Heroku, which runs on AWS) and refuses to handle them. Setting up Sendgrid is extremely easy, and if you're just using it for occasional password reset links you'll probably be fine with their free plan. If you don't want to use either of these services you're free to find another that's designed to deliver email for applications (not people). But don't use Gmail, or things like it. – ChrisGPT was on strike Mar 19 '19 at 16:15
  • Makes sense, thank you! It definitely looks easy yes. So Laravel will automatically use sendgrid after setting it up and adding the config vars/api keys? Do I have to change any of my php code or do something else besides that? – dombg Mar 19 '19 at 16:22
  • I'm not entirely sure what you'll need to change, but switching from Gmail to something like Sendgrid or Mailgun is definitely the solution. There [appear to be lots of options supported natively by Laravel](https://laravel.com/docs/5.8/mail#introduction) and [SendGrid support looks relatively straightforward, too](https://sendgrid.com/docs/for-developers/sending-email/laravel/). If you get stuck during implementation feel free to come back and ask a concrete question about the problem, ideally providing the code you've tried. – ChrisGPT was on strike Mar 19 '19 at 16:25