Activation email not working

Checklist
[X] I have read intro post: About the Installation Issues category
[X] I have read the tutorials, help and searched for similar issues
[X] I provide relevant information about my server (component names and versions, etc.)
[X] I provide a copy of my logs and healthcheck
[X] I describe the steps I have taken to trouble shoot the problem
[X] I describe the steps on how to reproduce the issue

Hi.

I have installed Passbolt on Ubuntu 18.04.3 LTS and I have a problem with the activation emails.

The email test is working fine. This is the log:

 Open source password manager for teams
---------------------------------------------------------------
 Debug email shell
---------------------------------------------------------------

Email configuration
---------------------------------------------------------------
Host: 192.168.0.XX
Port: 2525
Username:
Password: *********
TLS: false

Sending email from: Passbolt <administrador@XXXX.es>
Sending email to: XXXX@XXXX.es
---------------------------------------------------------------

Trace
[220] Internal_CPD-Exchange.Dani.local Microsoft ESMTP MAIL Service ready at Tue, 4 Feb 2020 09:59:22 +0100
> EHLO localhost
[250] Internal_CPD-Exchange.Dani.local Hello [XXXX]
[250] SIZE 15728640
[250] PIPELINING
[250] DSN
[250] ENHANCEDSTATUSCODES
[250] AUTH
[250] 8BITMIME
[250] BINARYMIME
[250] CHUNKING
[250] XEXCH50
[250] XSHADOW
> MAIL FROM:<administrador@XXXX.es>
[250] 2.1.0 Sender OK
> RCPT TO:<XXXX@XXXX.es>
[250] 2.1.5 Recipient OK
> DATA
[354] Start mail input; end with <CRLF>.<CRLF>
> From: Passbolt <XXXX@XXXX.es>
To: XXXX@XXXX.es
Date: Tue, 04 Feb 2020 08:59:25 +0000
Message-ID: <953a405011774599b8fb471d3c2c009c@CPD-PASS>
Subject: Passbolt test email
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Congratulations!
If you receive this email, it means that your passbolt smtp configuration is working fine.




.
[250] 2.6.0 <953a405011774599b8fb471d3c2c009c@CPD-PASS> [InternalId=4490577] Queued mail for delivery
> QUIT

The message has been successfully sent!

But when I add an user in users section it says Activation pending.

2020-02-04 11_04_01-Passbolt _ Open source password manager for teams

I guess that an activation email have benn sent to the user but we have checked the email and no one has been received.

The sudo su -s /bin/bash -c "./bin/cake passbolt healthcheck" www-data command says this:

Healthcheck shell
    ---------------------------------------------------------------

     Environment

     [PASS] PHP version 7.2.24-0ubuntu0.18.04.2.
     [PASS] PCRE compiled with unicode support.
     [FAIL] The temporary directory and its content are not writable.
      [HELP] Ensure the temporary directory and its content are writable by the webserver user.
      [HELP] you can try:
      [HELP] sudo chown -R www-data:www-data /var/www/passbolt/tmp/
      [HELP] sudo chmod 775 $(find /var/www/passbolt/tmp/ -type d)
      [HELP] sudo chmod 664 $(find /var/www/passbolt/tmp/ -type f)
     [PASS] The public image directory and its content are writable.
     [PASS] The logs directory and its content are writable.
     [PASS] GD or Imagick extension is installed.
     [PASS] Intl extension is installed.
     [PASS] Mbstring extension is installed.

     Config files

     [PASS] The application config file is present
     [PASS] The passbolt config file is present

     Core config

     [PASS] Debug mode is off.
     [PASS] Cache is working.
     [PASS] Unique value set for security.salt
     [PASS] Full base url is set to http://192.168.0.43
     [PASS] App.fullBaseUrl validation OK.
     [PASS] /healthcheck/status is reachable.

     SSL Certificate

     [PASS] SSL peer certificate validates
     [PASS] Hostname is matching in SSL certificate.
     [PASS] Not using a self-signed certificate

     Database

     [PASS] The application is able to connect to the database
     [PASS] 23 tables found
     [PASS] Some default content is present
     [PASS] The database schema up to date.

     GPG Configuration

     [PASS] PHP GPG Module is installed and loaded.
     [PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
     [PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
     [PASS] The server gpg key is not the default one
     [PASS] The public key file is defined in config/passbolt.php and readable.
     [PASS] The private key file is defined in config/passbolt.php and readable.
     [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
     [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
     [PASS] There is a valid email id defined for the server key.
     [PASS] The public key can be used to encrypt a message.
     [PASS] The private key can be used to sign a message.
     [PASS] The public and private keys can be used to encrypt and sign a message.
     [PASS] The private key can be used to decrypt a message.
     [PASS] The private key can be used to decrypt and verify a message.
     [PASS] The public key can be used to verify a signature.

     Application configuration

     [PASS] Using latest passbolt version (2.12.0).
     [FAIL] Passbolt is not configured to force SSL use.
      [HELP] Set passbolt.ssl.force to true in config/passbolt.php.
     [FAIL] App.fullBaseUrl is not set to HTTPS.
      [HELP] Check App.fullBaseUrl url scheme in config/passbolt.php.
     [PASS] Selenium API endpoints are disabled.
     [PASS] Search engine robots are told not to index content.
     [PASS] Registration is closed, only administrators can add users.
     [PASS] Serving the compiled version of the javascript app
     [PASS] All email notifications will be sent.

      3 error(s) found. Hang in there!

Hi @joshdejuan, have you confirmed the CRON job is running?

This is what service cron status command say:

cron.service - Regular background program processing daemon
   Loaded: loaded (/lib/systemd/system/cron.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2020-02-04 13:38:53 CET; 3min 30s ago
     Docs: man:cron(8)
 Main PID: 4832 (cron)
    Tasks: 1 (limit: 3533)
   CGroup: /system.slice/cron.service
           └─4832 /usr/sbin/cron -f

feb 04 13:40:01 CPD-PASS CRON[4957]: (CRON) info (No MTA installed, discarding output)
feb 04 13:40:01 CPD-PASS CRON[4957]: pam_unix(cron:session): session closed for user www-data
feb 04 13:41:01 CPD-PASS CRON[4971]: pam_unix(cron:session): session opened for user www-data by (uid=0)
feb 04 13:41:01 CPD-PASS CRON[4973]: (www-data) CMD (/var/www/passbolt/bin/cake EmailQueue.sender)
feb 04 13:41:02 CPD-PASS CRON[4971]: (CRON) info (No MTA installed, discarding output)
feb 04 13:41:02 CPD-PASS CRON[4971]: pam_unix(cron:session): session closed for user www-data
feb 04 13:42:01 CPD-PASS CRON[4986]: pam_unix(cron:session): session opened for user www-data by (uid=0)
feb 04 13:42:01 CPD-PASS CRON[4987]: (www-data) CMD (/var/www/passbolt/bin/cake EmailQueue.sender)
feb 04 13:42:01 CPD-PASS CRON[4986]: (CRON) info (No MTA installed, discarding output)
feb 04 13:42:01 CPD-PASS CRON[4986]: pam_unix(cron:session): session closed for user www-data

@joshdejuan Try which sendmail to see if sendmail is already installed. I thought it came with a default install. If you don’t have it you will need it or something similar. You are delivering locally, so if you have sendmail then you need it to be listening on 2525, or change the port on the passbolt config to the one that sendmail is already listening on.

With the apt list --installed | grep sendmail command, I have found:

libmail-sendmail-perl/bionic,bionic,now 0.80-1 all [instalado, automático]

I don’t know if this is the packet of sendmail.

Also I have searched for sendmail.cf file to change the port but I don’t found it.

  • If this means that I don’t have it installed, how can I install and cofigure it?
  • It’s strange that Passbolt’s own package doesn’t have it installed… is it?
  • Is it possible that there is another service that takes care of sending the emails?

@joshdejuan, Passbolt is ready to connect to a mail server via SMTP, but does not install something like sendmail.

It’s hard to tell with what you posted because you xxxx’d out the domains, but can you describe the desired mail flow in your setup:

  • are you wanting the server on which passbolt is installed on to be the actual sender of the email, or do you want it to sign in to a remote mail service, and then have that service send the mail for you?
  • when the email gets received, is it going to be a mailbox of a local server user or an inbox of the user’s company or personal email?

Sorry @garrett, here you have the complete log of sudo bin/cake passbolt send_test_email --recipient=joshua@dani.es command.

Open source password manager for teams
---------------------------------------------------------------
 Debug email shell
---------------------------------------------------------------

Email configuration
---------------------------------------------------------------
Host: 192.168.0.42
Port: 2525
Username:
Password: *********
TLS: false

Sending email from: Passbolt <administrador@dani.es>
Sending email to: joshua@dani.es
---------------------------------------------------------------

Trace
[220] Internal_CPD-Exchange.Dani.local Microsoft ESMTP MAIL Service ready at Thu, 6 Feb 2020 08:46:15 +0100
> EHLO localhost
[250] Internal_CPD-Exchange.Dani.local Hello [192.168.0.43]
[250] SIZE 15728640
[250] PIPELINING
[250] DSN
[250] ENHANCEDSTATUSCODES
[250] AUTH
[250] 8BITMIME
[250] BINARYMIME
[250] CHUNKING
[250] XEXCH50
[250] XSHADOW
> MAIL FROM:<administrador@dani.es>
[250] 2.1.0 Sender OK
> RCPT TO:<joshua@dani.es>
[250] 2.1.5 Recipient OK
> DATA
[354] Start mail input; end with <CRLF>.<CRLF>
> From: Passbolt <administrador@dani.es>
To: joshua@dani.es
Date: Thu, 06 Feb 2020 07:46:19 +0000
Message-ID: <0598ba3693bf441ea12c8188051e6296@CPD-PASS>
Subject: Passbolt test email
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Congratulations!
If you receive this email, it means that your passbolt smtp configuration is working fine.




.
[250] 2.6.0 <0598ba3693bf441ea12c8188051e6296@CPD-PASS> [InternalId=4503102] Queued mail for delivery
> QUIT

The message has been successfully sent!

And here is the email received:
2020-02-06 08_56_10-Passbolt - joshua@dani.es - Outlook

What I want is for my colleagues in the IT department to receive the invitation email to register on the Passbolt server with his company email (xxxx@dani.es). Right now I’m the only one who can log in.

@joshdejuan Ok, so it sounds like the activation emails are working. To me, you are describing a problem more like “How to enable users to receive activation emails”, or maybe “How to enable users to send themselves activation emails”. If so, one of these two things is not set to enabled:

  1. when you create a new user, no email notification is sent. If it’s this, check administration settings page and toggle the appropriate option to on.
  2. a user cannot register on their own to get their own email.
    https://help.passbolt.com/configure/reference has the different variables for the passbolt.php config file.

PASSBOLT_REGISTRATION_PUBLIC can be set to true.

Does this help?

@garrett OK, I have changed this line to true on passbolt.php file.

'registration' => [
            'public' => true,
        ],

But look at this:

My colleague has tried to register with this info but, although the system says that an email has been sent, he has not received anything.

Do you understand the problem?

I do understand. You got the email but your colleague did not.

However, this doesn’t make sense to me, especially if you are sure the email didn’t go to his spam folder. What does the passbolt log say?

I propose you try to create a user with an email outside of your domain. If it works, I suspect it’s an email server issue and not passbolt.

@garrett This is what log says:

Healthcheck shell
---------------------------------------------------------------

 Environment

 [PASS] PHP version 7.2.24-0ubuntu0.18.04.2.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable.
 [PASS] The public image directory and its content are writable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to http://192.168.0.43
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [PASS] SSL peer certificate validates
 [PASS] Hostname is matching in SSL certificate.
 [PASS] Not using a self-signed certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 23 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
 [PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server gpg key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.

 Application configuration

 [PASS] Using latest passbolt version (2.12.0).
 [FAIL] Passbolt is not configured to force SSL use.
  [HELP] Set passbolt.ssl.force to true in config/passbolt.php.
 [FAIL] App.fullBaseUrl is not set to HTTPS.
  [HELP] Check App.fullBaseUrl url scheme in config/passbolt.php.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [WARN] Registration is open to everyone.
  [HELP] Make sure this instance is not publicly available on the internet.
  [HELP] Or set passbolt.registration.public to false in config/passbolt.php.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

  2 error(s) found. Hang in there!

I’ve also tried to send the email to a xxx@gmail.com account but the email also doesn’t arrive. So I think it’s a Passbolt error.

What about the logs/error.log file?

error.log

2020-02-04 08:43:51 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/var/www/passbolt/src/Auth/GpgAuthenticate.php:85)
Request URL: /auth/is-authenticated.json


2020-02-04 08:44:20 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/var/www/passbolt/src/Auth/GpgAuthenticate.php:85)
Request URL: /auth/is-authenticated.json


2020-02-04 08:50:13 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/var/www/passbolt/src/Auth/GpgAuthenticate.php:85)
Request URL: /auth/is-authenticated.json


2020-02-04 09:20:21 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/var/www/passbolt/src/Auth/GpgAuthenticate.php:85)
Request URL: /auth/is-authenticated.json


2020-02-04 09:21:32 Error: [Cake\Routing\Exception\MissingRouteException] A route matching "/start" could not be found. (/var/www/passbolt/vendor/cakephp/cakephp/src/Routing/RouteCollection.php:216)
Request URL: /start


2020-02-04 09:24:04 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/var/www/passbolt/src/Auth/GpgAuthenticate.php:85)
Request URL: /auth/is-authenticated.json


2020-02-04 13:04:40 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/var/www/passbolt/src/Auth/GpgAuthenticate.php:85)
Request URL: /auth/is-authenticated.json


2020-02-05 06:59:08 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/var/www/passbolt/src/Auth/GpgAuthenticate.php:85)
Request URL: /auth/is-authenticated.json


2020-02-05 07:00:08 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/var/www/passbolt/src/Auth/GpgAuthenticate.php:85)
Request URL: /auth/is-authenticated.json


2020-02-05 17:26:50 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/var/www/passbolt/src/Auth/GpgAuthenticate.php:85)
Request URL: /auth/is-authenticated.json


2020-02-05 17:27:50 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/var/www/passbolt/src/Auth/GpgAuthenticate.php:85)
Request URL: /auth/is-authenticated.json


2020-02-06 08:13:13 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/var/www/passbolt/src/Auth/GpgAuthenticate.php:85)
Request URL: /auth/is-authenticated.json


2020-02-06 08:39:21 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/var/www/passbolt/src/Auth/GpgAuthenticate.php:85)
Request URL: /auth/is-authenticated.json


2020-02-06 09:06:13 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/var/www/passbolt/src/Auth/GpgAuthenticate.php:85)
Request URL: /auth/is-authenticated.json


2020-02-06 09:56:39 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/var/www/passbolt/src/Auth/GpgAuthenticate.php:85)
Request URL: /auth/is-authenticated.json


2020-02-06 15:32:24 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/var/www/passbolt/src/Auth/GpgAuthenticate.php:85)
Request URL: /auth/is-authenticated.json


2020-02-07 06:59:10 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/var/www/passbolt/src/Auth/GpgAuthenticate.php:85)
Request URL: /auth/is-authenticated.json


2020-02-07 07:00:10 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/var/www/passbolt/src/Auth/GpgAuthenticate.php:85)
Request URL: /auth/is-authenticated.json


2020-02-07 09:19:22 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/var/www/passbolt/src/Auth/GpgAuthenticate.php:85)
Request URL: /auth/is-authenticated.json

Make sure you have notification for new passwords turned on, and then add a new password. Do you get the notification?

Maybe this, it’s similar. Manually clear out email queue.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.

The community passbolt forum is explanatory and descriptive indeed.I have been facing the same consequences regarding the activation email.The following manuals provided are very illustrative and explanatory.It is really working out.I have to include that I am unable to stream videos of my Arlo Ultra from my Linus and opera browser for a couple of days.I have followed out the manuals as directed by the arlo app for pc .
Guide us what we missed out to include?