jocke/bilhej
1
0
Fork 0
Code Issues Pull requests 2 Projects Releases 1 Packages Wiki Activity Actions
bilhej/docs/production-email-checklist.md
Joakim Mörling 255095e6bd Document kontakt@bilhej.se receiving and fix stale contact address in requirements. 
- Add production checklist section for Resend inbound on bilhej.se
- Note that mail is read in the Resend dashboard unless a webhook is added later
- Update GDPR letter footer example in REQUIREMENTS.md to kontakt@bilhej.se

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-22 12:59:49 +02:00

2.9 KiB
Raw Blame History

Production email with Resend (operator)

BilHej sends password-reset mail via SMTP (Spring JavaMailSender). You do not need the Resend Java SDK from their onboarding snippet—only env vars on the server.

Security

  • Never commit re_... keys to git. Put them only in the server .env.
  • If an API key was pasted in chat or logs, revoke it in Resend → API Keys and create a new one.

1. Verify bilhej.se in Resend

  1. ResendDomains → add bilhej.se
  2. Add the DNS records Resend shows (SPF, DKIM; DMARC optional) at your domain registrar
  3. Wait until status is Verified

Until the domain is verified, MAIL_FROM=noreply@bilhej.se will fail. For a quick API test only, Resend allows onboarding@resend.dev → your own inbox—not for production.

2. Production .env (SMTP, not SDK)

On the server (file used by docker-compose.prod.yml):

APP_PUBLIC_BASE_URL=https://bilhej.se
MAIL_HOST=smtp.resend.com
MAIL_PORT=587
MAIL_USERNAME=resend
MAIL_PASSWORD=re_your_new_api_key_here
MAIL_FROM=noreply@bilhej.se
Variable Resend value
MAIL_USERNAME Always the literal string resend
MAIL_PASSWORD Your API key (re_...)
MAIL_FROM Any address on verified domain, e.g. noreply@bilhej.se

3. Deploy

Run Deploy to Production in Forgejo (pipeline only—no manual rsync).

4. Smoke test

  1. https://bilhej.se/logga-inGlömt lösenord?
  2. Email that exists in users
  3. Check inbox and spam
  4. Resend dashboard → Emails should show the send
  5. On failure: docker logs bilhej-backend-prod 2>&1 | grep -i mail

Fallback: reset links still log when MAIL_HOST is empty.

Local dev

Keep using Mailpit (docker compose up, http://localhost:8025). Do not point local Docker at Resend unless you intend to send real mail.

5. Contact email (kontakt@bilhej.se)

Inbound mail uses Resend Receiving on the root domain bilhej.se. No mailbox is created in Strato; the MX record routes all @bilhej.se addresses to Resend.

Setup (done once):

  1. Resend → Domainsbilhej.se → enable Receiving
  2. Strato → DNS → add the receiving MX record (e.g. inbound-smtp.eu-west-1.amazonaws.com)
  3. Wait until Resend shows receiving as Verified
  4. Send a test mail to kontakt@bilhej.se and confirm it appears under Emails → Receiving

Reading mail: open the Resend Receiving inbox. There is no automatic forward to Gmail unless you add a webhook handler later.

Address Purpose Where mail goes
kontakt@bilhej.se General questions (site, orders, support) Resend dashboard
jcamorling@gmail.com Complaints (shown on /kontakt only) Gmail directly
noreply@bilhej.se Outbound only (password reset) Not an inbox