Merge pull request #99 from makeplane/intake-email-setup

Intake email setup

Author: danciaclara

mint.json

@@ -90,6 +90,7 @@
             ]
         },
         "self-hosting/govern/communication",
+        "self-hosting/govern/configure-dns-email-service",
         "self-hosting/govern/database-and-storage",
         "self-hosting/govern/custom-domain",
         "self-hosting/govern/private-bucket",

self-hosting/govern/communication.mdx

@@ -1,6 +1,6 @@
 ---
-title : Email notifications
-sidebarTitle: Email
+title : Configure SMTP for email notifications
+sidebarTitle: SMTP for Email
 description: Either during your set-up or sometime later, you will want to set SMTP settings to let your users get emails to reset passwords, onboard themselves right, and get notifications for changes, and receive exports of your data.
 ---
 

self-hosting/govern/configure-dns-email-service.mdx

@@ -0,0 +1,172 @@
+---
+title: Configure DNS for Intake Email
+sidebarTitle: DNS for Intake Email
+description: Configure DNS records to enable automatic conversion of incoming emails into work items in your project's Intake section.
+---
+
+This guide explains how to configure DNS settings to enable the [Intake Email](https://docs.plane.so/intake/intake-email) feature for your self-hosted Plane instance. These configurations enable your server to accept messages sent to your project's dedicated Intake address, which are then  converted into work items in your project's Intake section.
+
+## Prerequisites
+
+Ensure that the Plane server allows outbound traffic on the following email-related ports: 25, 465, and 587.
+
+If any of these ports are currently in use, you can free them by running:
+
+    ```bash
+    fuser -k 25/tcp 465/tcp 587/tcp
+    ```
+
+This is necessary for email functionality (e.g., sending invites, notifications) to work properly.
+
+## Generate SSL/TLS Certificate for Email Domain 
+<Warning>
+For Docker Compose deployments only
+</Warning>
+Before configuring DNS records for Intake Email, secure your email domain with an SSL/TLS certificate. This ensures encrypted communication between mail servers and improves email trust and deliverability.
+
+1. **Install Certbot**   
+Update your system and install Certbot.
+    ```bash
+    sudo apt update && sudo apt install certbot
+    ```
+    For NGINX:
+    ```bash
+    sudo apt install python3-certbot-nginx
+    ```
+    For Apache:
+    ```bash
+    sudo apt install python3-certbot-apache
+    ```
+
+2. **Generate SSL Certificate**  
+Choose the method that matches your web server setup:
+
+    For NGINX:
+    ```bash
+    sudo certbot --nginx -d <mail-domain>
+    ```
+
+    For Apache:
+    ```bash
+    sudo certbot --apache -d <mail-domain>
+    ```
+
+    For standalone (no web server):
+    ```bash
+    sudo certbot certonly --standalone -d <mail-domain>
+    ```
+
+3. **Copy Certificate Files**  
+Copy the generated certificate files to Plane's expected directory:
+
+    ```bash
+    sudo cp /etc/letsencrypt/live/<mail-domain>/fullchain.pem /opt/plane/data/email/tls/cert.pem 
+    sudo cp /etc/letsencrypt/live/<mail-domain>/privkey.pem /opt/plane/data/email/tls/key.pem
+    ```
+
+4. **Configure Environment Variables**  
+Add the following settings to your plane.env file:
+
+    ```bash
+    # If using SMTP_DOMAIN as FQDN (e.g., intake.example.com),
+    # generate a valid SSL certificate and set these paths accordingly.
+    SMTP_DOMAIN=intake.example.com
+    TLS_CERT_PATH=tls/cert.pem
+    TLS_PRIV_KEY_PATH=tls/key.pem
+    INTAKE_EMAIL_DOMAIN=intake.example.com
+    ```
+
+    <Warning>
+    Important: `SMTP_DOMAIN` and `INTAKE_EMAIL_DOMAIN` must be identical.
+    </Warning>
+
+
+## Configure DNS records
+
+1. **Create an A Record**  
+This record points to the server running your email service.
+
+    ```bash
+    Type: A
+    Host: <host-domain>           # Example: plane.example.com
+    Value: <public-ip-address>    # Your server's public IP address
+    TTL: Auto | 3600
+    ``` 
+
+    <Tip> 
+    You can alternatively use a CNAME record if you're using a cloud load balancer.
+    </Tip>
+
+2. **Add an MX Record**  
+This record directs email traffic to your mail server.
+    ```bash
+    Type: MX
+    Host: <mail-domain>           # Example: intake.example.com
+    Value: <host-domain>          # Same as your A record host
+    Priority: 10
+    TTL: Auto | 3600
+    ```
+
+3. **Configure an SPF Record**  
+This record helps prevent email spoofing.
+
+    ```bash
+    Type: TXT
+    Host: <mail-domain>           # Example: intake.example.com
+    Value: "v=spf1 ip4:<A-record-ip-host-domain> -all"
+    TTL: Auto | 3600
+    ``` 
+4. **Set Up a DMARC record**  
+This record specifies how receiving mail servers should handle authentication failures.
+
+    ```bash
+    Type: TXT
+    Host: _dmarc.<mail-domain>    # Example: _dmarc.intake.example.com
+    Value: "v=DMARC1; p=reject; rua=mailto:<valid-email-addr>"
+    TTL: Auto | 3600
+    ```
+## Verify your configuration
+After setting up your DNS records, verify that they're correctly configured:
+
+    ```bash
+    # Verify A record
+    dig A <mail-domain>
+
+    # Verify MX record
+    dig MX <mail-domain>
+
+    # Verify SPF record
+    dig TXT <mail-domain>
+
+    # Verify DMARC record
+    dig TXT _dmarc.<mail-domain>
+    ```
+
+    You can also use [MXToolbox](https://mxtoolbox.com) to check for any issues with your DNS configuration.
+
+## Test your mail server
+Once your DNS records have propagated, test your SMTP connections:
+
+    ```bash
+    # Test SMTP connection on standard ports
+    telnet <host-domain> 25
+    telnet <host-domain> 465
+    telnet <host-domain> 587
+    ```
+
+## Troubleshooting
+
+- MX Record issues
+
+    - Ensure there's a proper dot at the end of the domain.
+    - Check that the priority number is correct (lower = higher priority).
+    - Allow 24-48 hours for DNS changes to fully propagate.
+
+- A Record issues
+
+    - Verify that the IP address is correct.
+    - Ensure your mail subdomain matches the MX record.
+
+## See also
+
+[Intake Email](https://docs.plane.so/intake/intake-email)

self-hosting/methods/kubernetes.mdx

@@ -20,7 +20,7 @@ Plane One and Plane Pro are enabled on this edition, so the Free plan on this ed
     1. Open terminal or any other command-line app that has access to Kubernetes tools on your local system.
     2. Set the following environment variables:
         ```bash
-        PLANE_VERSION=v1.9.1
+        PLANE_VERSION=v1.10.0
         ```
         ```bash
         DOMAIN_NAME=<subdomain.domain.tld or domain.tld>
@@ -77,7 +77,7 @@ Plane One and Plane Pro are enabled on this edition, so the Free plan on this ed
             ```
 
             Make sure you set the required environment variables listed below:
-            - `planeVersion: v1.9.1`
+            - `planeVersion: v1.10.0`
             - `license.licenseDomain: <The domain you have specified to host Plane>`
             - `license.licenseServer: https://prime.plane.so`
             - `ingress.enabled: <true | false>`
@@ -107,7 +107,7 @@ If you want to upgrade to a paid plan, see [Plan upgrades](https://docs.plane.so
 
     | Setting | Default | Required | Description |
     |---|:---:|:---:|---|
-    | planeVersion | v1.9.1	 | Yes |  Specifies the version of Plane to be deployed. Copy this from `prime.plane.so.` |
+    | planeVersion | v1.10.0	 | Yes |  Specifies the version of Plane to be deployed. Copy this from `prime.plane.so.` |
     | license.licenseServer | `https://prime.plane.so` | Yes | Sets the value of the `licenseServer` that gets you your license and validates it periodically. Don't change this. |
     | license.licenseDomain | 'plane.example.com' | Yes | The fully-qualified domain name (FQDN) in the format `sudomain.domain.tld` or `domain.tld` that the license is bound to. It is also attached to your `ingress` host to access Plane. |