Cannot send email to Gmail SMTP-Relay

Checklist
[X] I have read intro post: About the Installation Issues category
[X] I have read the tutorials, help and searched for similar issues
[X] I provide relevant information about my server (component names and versions, etc.)
[X] I provide a copy of my logs and healthcheck
[X] I describe the steps I have taken to troubleshoot the problem
[X] I describe the steps on how to reproduce the issue

OS: Ubuntu 18.04.5 LTS
Webserver: Nginx 1.14.0
Php: 7.2.24
Database: MariaDB 10.1.47
Passbolt: …how do I figure this out? I can’t click the help button on my top navigation bar.

Healthcheck:
https://pastebin.com/AjWmR5FU

Troubleshooting Steps I’ve Taken:

  1. Checked our network’s firewall - outbound SMTP is permitted and I saw the connection for that server to smtp-relay.gmail.com as being passed, so it is indeed reaching Gmail.
  2. Checked our Gmail settings - TLS is not required, but I enable it wherever possible. I’ve tried TLS on and off for various ports (25, 465, 587), to no avail. Interestingly, 587 w/ TLS at least makes it to Gmail, whereas 25 w/o TLS or 465 w/ TLS just timing out.

Reproduce The Issue:
I run the $ ./bin/cake passbolt send_test_email --recipient=youremail@domain.com command to send a test email and get an error returned:

Hi @swebervna Welcome to the forum!

It would be really nice to resolve this issue - as of yet we haven’t done it.

I have been curious if setting “client” in the configuration would help - setting it to the IP address or domain that is whitelisted in the Gmail settings. Would you mind trying that and seeing if it helps?

Something like:

'EmailTransport' => [
    'client' => 'ip.add.re.ss'
]

Another thing I wanted to have someone try is using ssl://smtp.gmail.com as the host. We are kind of shooting in the dark, but some combination will probably work.

Regarding your healthcheck, the tmp folder needs write permissions granted to the webserver user. From the passbolt root folder:

chmod -R 775 tmp

should help.

1 Like

@swebervna Try commenting out username and password variables in the app.php file so they are not being sent, and set to port 587 with TLS as true. What happens then?

@swebervna We don’t recommended changing app.php normally so this was just for testing. But also first make sure your username and password are set to null in your passbolt.php. No double or single quotes around it.

If you didn’t solve this problem yet! I hade the same problem! the solution is to use:
smtp.gmail.com
istead of
smtp-relay.gmail.com

Hi @Ahmad the two services are slightly different. The use of smtp-relay.gmail.com is part of the requirement in the case of some organizations.

BUt I have get comfirmed that smtp-relay.gmail.com doesn’t work with Passbolt! I am not sure why!

I cannot use smtp.gmail.com, because that requires a user account to authenticate. smtp-relay.gmail.com, however, can authenticate by the IP address being whitelisted, so it doesn’t need a user account to authenticate. This is the ideal configuration I desire.

@garrett I tried uncommenting the username and password variables and I still got the same error. I’m tried your first suggestion here soon.

Using SSL://smtp-relay.gmail.com as the host:
image

Including ‘client’ => in the config WORKED!:

Thank you SO MUCH for your help @garrett ! :slight_smile:

2 Likes

@swebervna Right on! Thanks for testing that.

The problem is the client value being null. Once it is set to the actual IP address, all the servers including Gmail will start accepting your emails. I don’t know why this is hardly mentioned anywhere in the install instructions?!

Thank you @abrakadabra for your feedback and your blog post about how you solved this issue.

In fact, this specific issue with gmail is the point 5 of the email troubleshooting help page: Passbolt Help | Why are my emails not being sent?

We are aware the help site is very poor in terms of user experience and the fact you didn’t find the correct info confirm this.

I know a new help site is on the way, I hope it will be better than the current one in term of user XP.

Cheers,

1 Like

@abrakadabra I’ve edited the post and removed the link to the external article. As @AnatomicJC has noted, we have documented this solution and to be helpful to future users we prefer linking to our own documentation which we can control. It can become problematic when new users start following off-site installation guides, and although that was not the case this time, the content externally could change.

Thank you for being understanding with this, and I’m happy to hear you figured it out!