Search code examples
djangonginxgunicorndigital-oceanmezzanine

Mezzanine contact form produces "upstream prematurely closed" error

My website uses Mezzanine 4.2.3 with Django-Oscar 1.5.2 and Django 1.10.8, running on Ubuntu 16.04 on Digitalocean. When I use the Mezzanine contact form on the demo page created with createdb, and from my own computer, it successfully sends out emails. But when I test it on my Digitalocean droplet running Ubuntu 16.04, I get 502 bad gateway.

The nginx error log records this error: *13 upstream prematurely closed connection while reading response header from upstream, client: [an IP I can't identify], server: [my website url], request: "POST /contact/ HTTP/1.1", upstream: "http://unix:/home/my-django-app/my-django-app.sock:/contact/", host: "[my website url]", referrer: "[my website url]/contact/". The number varies between *1, *7, and *13, but the text is the same.

I googled this and found various possible solutions:

  • Increasing the timeout for nginx proxy_pass. This involved adding proxy_connect_timeout 75s; and proxy_read_timeout 300s; to nginx config, and then adding --timeout 300 to gunicorn. This produced an actual timeout error: *21 upstream timed out (110: Connection timed out) while reading response header from upstream,

  • Uncommenting precedence ::ffff:0:0/96 100 in /etc/gai.conf..

  • Allowing port 587 in UFW. This shouldn't matter because if I'm using gmail, then this should be a port on Google's side of things, right? I'm only doing this because I see various solutions (most unresolved) talking about the need to unblock this port.

  • Making nginx listen on port 587: server {listen 80; listen 587; ... list 443 ssl; ...}.

With nginx listening on port 587, sudo netstat -tulnp | grep 587 shows: 

tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      12815/nginx -g daem

My email settings seem fine:

EMAIL_USE_TLS = True
EMAIL_HOST = "smtp.gmail.com"
EMAIL_HOST_USER = "!#%%&&*%^#$^*%@gmail.com"
EMAIL_HOST_PASSWORD = "^*#^@#$%&@$%%#$"
EMAIL_PORT = 587
EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"

I tried SSL with port 465 too. It worked with my local copy but not on the server. Same error message of 502.

I think "upstream" means gunicorn, so I set an error log for it, but all it recorded were status codes 200 and 302 when the page loaded. It didn't log anything when 502 happened.

I'm out of ideas. What am I missing?

Update 3 June 2018:

$ telnet smtp.gmail.com 587
Trying 108.177.96.109...
Trying 108.177.96.108...
Trying 2a00:1450:4013:c01::6c...
telnet: Unable to connect to remote host: Network is unreachable

Tried this with 465 and 25 too. Does this mean Digitalocean is blocking the connection? There's precedent.

Solution

  • Yes, Digitalocean blocks SMTP. Their reply to my email:

    To assist with the restriction of SMTP services on your account, can you please let us know the following:

    1. Your name.
    2. What business or individual you are going to send mail on behalf of as well as their website (if one exists).
    3. What kind of mail you're going to be sending (password resets, newsletters, marketing mail, transactional mail such as order confirmations).
    4. If you're sending on behalf of a business or an individual that is not yourself, what is your relationship to that business or individual.

    Also, as we are a US based company, I'd like to make sure you understand that we require all users of our network to follow both the requirements of the CAN-SPAM ( https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business )act in regards to any non-transactional mail sent to any subscriber anywhere in the world, as well as the CASL ( http://fightspam.gc.ca/eic/site/030.nsf/eng/home ) for any email you send to any subscribers in Canada.

    Additionally, there are additional restrictions to sending email to users in Europe created by both the EU itself and its member countries, and would recommend that you investigate and follow all relevant guidelines for the countries of any European subscribers you may have.

    I answered them and they replied:

    Thank you for the information you have provided.

    We've reviewed the information and have removed the SMTP block from your account.

    Just to reiterate - we require our subscribers to follow the CAN-SPAM act for all email, and the CASL for any email sent to a subscriber in Canada.

    If you do not, and we receive complaints of violations, we can revoke access to SMTP at our discretion with no further warning.