Open
Description
- I confirm I have searched the Docs, GitHub Discussions, and Discord.
- I confirm this is a bug with Supabase, not with my own application.
Describe the bug
UPDATE: I believe this bug is in the supabase/auth repo, I've included a potential fix in my error report there:
#1957
When one changes from the built-in Supabase email to using a Custom SMTP provider, Supabase may (under circumstances not determined) use the app user's email (e.g. [email protected]) as the from address rather than using the specified "from" under Customer SMTP (e.g. [email protected]).
The event message for the error in Auth looks like this:
{"auth_event":{"action":"user_recovery_requested","actor_id":"f1f5ecf2-573d-497d-baef-6a8b1117ab71","actor_username":"[email protected]","actor_via_sso":false,"log_type":"user"},"component":"api","error":"gomail: could not send email 1: 554 Message rejected: Email address is not verified. The following identities failed the check in region US-EAST-2: [email protected]","level":"error","method":"POST","msg":"500: Error sending recovery email","path":"/recover","referer":"https://some-address.netlify.app/reset-password","remote_addr":"151.211.27.38","request_id":"91e4000b41d2bf77-ATL","time":"2025-03-10T15:56:06Z"}
The metadata looks like:
[
{
"host": "db-afimbptvoogkfkosrisw",
"component": "api",
"_SYSTEMD_CGROUP": null,
"request_id": "91e4000b41d2bf77-ATL",
"mail_from": null,
"message": null,
"_SOURCE_REALTIME_TIMESTAMP": null,
"PRIORITY": null,
"_AUDIT_LOGINUID": null,
"panic": null,
"metering": null,
"UNIT": null,
"event": null,
"SYSLOG_FACILITY": null,
"msg": "500: Error sending recovery email",
"mail_type": null,
"EXECUTABLE": null,
"user_id": null,
"_CMDLINE": null,
"action": null,
"auth_event": [
{
"action": "user_recovery_requested",
"actor_id": "f1f5ecf2-573d-497d-baef-6a8b1117ab71",
"actor_name": null,
"actor_username": "[email protected]",
"actor_via_sso": false,
"log_type": "user",
"traits": []
}
],
"level": "error",
"_PID": null,
"path": "/recover",
"duration": null,
"_COMM": null,
"header": null,
"_MACHINE_ID": null,
"login_method": null,
"_STREAM_ID": null,
"source_type": null,
"_LINE_BREAK": null,
"_EXE": null,
"_AUDIT_SESSION": null,
"_TRANSPORT": null,
"x_forwarded_proto": null,
"time": null,
"mail_to": null,
"_GID": null,
"stack": null,
"x_forwarded_host": null,
"status": null,
"_UID": null,
"method": "POST",
"CODE_FILE": null,
"remote_addr": "151.210.97.34",
"provider": null,
"_SYSTEMD_UNIT": null,
"issuer": null,
"error": "gomail: could not send email 1: 554 Message rejected: Email address is not verified. The following identities failed the check in region US-EAST-2: [email protected]",
"client_id": null,
"MESSAGE_ID": null,
"referer": "https://some-address.netlify.app/reset-password",
"_SYSTEMD_INVOCATION_ID": null,
"CODE_FUNC": null,
"_BOOT_ID": null,
"INVOCATION_ID": null,
"__MONOTONIC_TIMESTAMP": null,
"timestamp": null,
"__REALTIME_TIMESTAMP": null,
"CODE_LINE": null,
"_SYSTEMD_SLICE": null,
"instance_id": null,
"args": [],
"SYSLOG_IDENTIFIER": null,
"metadata": [],
"_CAP_EFFECTIVE": null,
"factor_id": null,
"_SELINUX_CONTEXT": null,
"project": null
}
]
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
- Go to Authentication -> Emails -> SMTP Settings
- Enable Custom SMTP
- Enter sender email (e.g. [email protected]) and sender name (e.g. Admin Person)
- Enter SMTP provider settings (in this case I'm using SES)
- Click Save Changes.
- Go to your app and click on the forgot password link
- Enter your email
- An error message will likely display saying it failed to send the message
- Go to Logs -> Auth and you'll find an ERROR /recover | 500: Error sending recovery email message, it contains the info I shared above.
Expected behavior
After setting up Custom SMTP all emails sent via Supabase should use the Custom SMTP including using the sender email and sender name configurated under Custom SMTP.
System information
- OS: Windows 11
- Browser (if applies) Edge
- Version of supabase-js: 2.39.? and 2.49.1
- Version of Node.js: netlify's default