jocke/bilhej
1
0
Fork 0
Code Issues Pull requests 2 Projects Releases 1 Packages Wiki Activity Actions
bilhej/docs/production-email-checklist.md
Joakim Mörling bce2447238 Rework contact page emails and simplify mailto actions. 
- Add support@bilhej.se for orders and technical issues
- Move complaints to klagomal@bilhej.se instead of personal Gmail
- Show one mailto chip per card instead of duplicate link and button
- Update ContactPage tests and production email checklist for all @bilhej.se addresses

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-22 13:51:20 +02:00

83 lines
3.2 KiB
Markdown
Raw Permalink Blame History

# Production email with Resend (operator)
BilHej sends password-reset mail via **SMTP** (Spring `JavaMailSender`). You do **not** need the
Resend Java SDK from their onboarding snippet—only env vars on the server.
## Security
- Never commit `re_...` keys to git. Put them only in the server `.env`.
- If an API key was pasted in chat or logs, **revoke it** in Resend → API Keys and create a new one.
## 1. Verify bilhej.se in Resend
1. [Resend](https://resend.com) → **Domains** → add `bilhej.se`
2. Add the DNS records Resend shows (SPF, DKIM; DMARC optional) at your domain registrar
3. Wait until status is **Verified**
Until the domain is verified, `MAIL_FROM=noreply@bilhej.se` will fail. For a quick API test only,
Resend allows `onboarding@resend.dev` → your own inbox—not for production.
## 2. Production `.env` (SMTP, not SDK)
On the server (file used by `docker-compose.prod.yml`):
```bash
APP_PUBLIC_BASE_URL=https://bilhej.se
MAIL_HOST=smtp.resend.com
MAIL_PORT=587
MAIL_USERNAME=resend
MAIL_PASSWORD=re_your_new_api_key_here
MAIL_FROM=noreply@bilhej.se
```
| Variable | Resend value |
|----------|----------------|
| `MAIL_USERNAME` | Always the literal string `resend` |
| `MAIL_PASSWORD` | Your API key (`re_...`) |
| `MAIL_FROM` | Any address on **verified** domain, e.g. `noreply@bilhej.se` |
## 3. Deploy
Run **Deploy to Production** in Forgejo (pipeline only—no manual rsync).
## 4. Smoke test
1. https://bilhej.se/logga-in → **Glömt lösenord?**
2. Email that exists in `users`
3. Check inbox and spam
4. Resend dashboard → **Emails** should show the send
5. On failure: `docker logs bilhej-backend-prod 2>&1 | grep -i mail`
Fallback: reset links still log when `MAIL_HOST` is empty.
## Local dev
Keep using Mailpit (`docker compose up`, http://localhost:8025). Do not point local Docker at
Resend unless you intend to send real mail.
## 5. Inbound email on bilhej.se
Inbound mail uses **Resend Receiving** on the root domain `bilhej.se`. No mailbox is created in
Strato; the MX record routes all `@bilhej.se` addresses to Resend. You do not create each address
separately in Resend.
**Setup (done once):**
1. Resend → **Domains**`bilhej.se` → enable **Receiving**
2. Strato → **DNS** → add the receiving MX record (e.g. `inbound-smtp.eu-west-1.amazonaws.com`)
3. Wait until Resend shows receiving as **Verified**
4. Send test mail to `support@bilhej.se` and `kontakt@bilhej.se`; confirm both appear under **Emails → Receiving**
**Reading mail:** open the [Resend Receiving inbox](https://resend.com/emails/receiving). There is
no automatic forward to Gmail unless you add a webhook handler later.
| Address | Purpose | Where mail goes |
|---------|---------|-----------------|
| `support@bilhej.se` | Orders, Swish, status, technical issues | Resend dashboard |
| `kontakt@bilhej.se` | General contact, printed letter footer | Resend dashboard |
| `klagomal@bilhej.se` | Complaints (shown on `/kontakt`) | Resend dashboard |
| `noreply@bilhej.se` | Outbound only (password reset) | Not an inbox |
**Optional later (same Resend inbox, no extra DNS):** `abuse@bilhej.se` if you want a published
address for misuse reports; `privacy@bilhej.se` if integritetspolicy asks for a dedicated
data-protection contact.
Reference in a new issue View git blame Copy permalink