Cannot send email to Gmail SMTP-Relay

Checklist
[X] I have read intro post: About the Installation Issues category
[X] I have read the tutorials, help and searched for similar issues
[X] I provide relevant information about my server (component names and versions, etc.)
[X] I provide a copy of my logs and healthcheck
[X] I describe the steps I have taken to troubleshoot the problem
[X] I describe the steps on how to reproduce the issue

OS: Ubuntu 18.04.5 LTS
Webserver: Nginx 1.14.0
Php: 7.2.24
Database: MariaDB 10.1.47
Passbolt: …how do I figure this out? I can’t click the help button on my top navigation bar.

Healthcheck:
https://pastebin.com/AjWmR5FU

Troubleshooting Steps I’ve Taken:

  1. Checked our network’s firewall - outbound SMTP is permitted and I saw the connection for that server to smtp-relay.gmail.com as being passed, so it is indeed reaching Gmail.
  2. Checked our Gmail settings - TLS is not required, but I enable it wherever possible. I’ve tried TLS on and off for various ports (25, 465, 587), to no avail. Interestingly, 587 w/ TLS at least makes it to Gmail, whereas 25 w/o TLS or 465 w/ TLS just timing out.

Reproduce The Issue:
I run the $ ./bin/cake passbolt send_test_email --recipient=youremail@domain.com command to send a test email and get an error returned:

Hi @swebervna Welcome to the forum!

It would be really nice to resolve this issue - as of yet we haven’t done it.

I have been curious if setting “client” in the configuration would help - setting it to the IP address or domain that is whitelisted in the Gmail settings. Would you mind trying that and seeing if it helps?

Something like:

'EmailTransport' => [
    'client' => 'ip.add.re.ss'
]

Another thing I wanted to have someone try is using ssl://smtp.gmail.com as the host. We are kind of shooting in the dark, but some combination will probably work.

Regarding your healthcheck, the tmp folder needs write permissions granted to the webserver user. From the passbolt root folder:

chmod -R 775 tmp

should help.

1 Like

@swebervna Try commenting out username and password variables in the app.php file so they are not being sent, and set to port 587 with TLS as true. What happens then?

@swebervna We don’t recommended changing app.php normally so this was just for testing. But also first make sure your username and password are set to null in your passbolt.php. No double or single quotes around it.

If you didn’t solve this problem yet! I hade the same problem! the solution is to use:
smtp.gmail.com
istead of
smtp-relay.gmail.com

Hi @Ahmad the two services are slightly different. The use of smtp-relay.gmail.com is part of the requirement in the case of some organizations.

BUt I have get comfirmed that smtp-relay.gmail.com doesn’t work with Passbolt! I am not sure why!

I cannot use smtp.gmail.com, because that requires a user account to authenticate. smtp-relay.gmail.com, however, can authenticate by the IP address being whitelisted, so it doesn’t need a user account to authenticate. This is the ideal configuration I desire.

@garrett I tried uncommenting the username and password variables and I still got the same error. I’m tried your first suggestion here soon.

Using SSL://smtp-relay.gmail.com as the host:
image

Including ‘client’ => in the config WORKED!:

Thank you SO MUCH for your help @garrett ! :slight_smile:

2 Likes

@swebervna Right on! Thanks for testing that.