Cant setup Email Communication with Exchange on premise

pw-ka · December 6, 2023, 2:57pm

Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

Hi togehter,

at the moment I am testing passbolt in our enviroment. I followed the installationguide for debian systems. Passbolt Help | Install Passbolt CE on Debian 12 (Bookworm). Everything went fine except email setup. I already checked the forum and googled for similar errors but could not find anything applicable.

We have an exchange server 2019 on premise with user authentication. I tried different settings. Without TLS and port 587 I get this error:

sudo -H -u www-data bash -c “/usr/share/php/passbolt/bin/cake passbolt send_test_email --recipient=email@add.ress”

Could not send the test email.
Error: Unsupported auth type: GSSAPI NTLM

With no TLS and port 25 this is the result:

Could not send the test email.
Error: Unsupported auth type: NTLM

It seems that passbolt does not support NTLM or GSSAPI NTLM as authentication method, could this be true?
Is there a possibilty to solve this without anonymous sending?

Best regards
Patrick

clayton · December 6, 2023, 3:14pm

hey @pw-ka welcome to the forum!

Currently NTLM is not supported from the framework that we use(CakePHP) so it is also not supported in passbolt. If having this supported is something you think would be a good addition I’d suggest opening a Feature Request here for the community to discuss

pw-ka · December 7, 2023, 7:36am

Hey @clayton,

thank you very much!

Is there a recommendation on how to establish mail transfer with exchange enviroment? Do we have to enable anonymous sending for the passbolt server?

Best regards
Patrick

clayton · December 11, 2023, 8:06am

We don’t actually have a document for an on-premise exchange smtp configuration, this is a fairly uncommon set up these days. I believe you may need to set up anonymous sending to get this working.

3GLighting · December 11, 2023, 2:39pm

Uncommon? Where do you this idea? There are still millions of on-prem exchange servers out in the wild. In fact there are so many MS has been talking about Exchange 2025 off and on for the last year or so.

Thanks,

3GLighting · December 11, 2023, 2:45pm

@pw-ka

I don’t recall what I had to do for my on-prem exchange, but at the office we had to set do the following settings:

Email Provider: Other
Authentication method: None
SMTP host: internal IP address
Use TLS: no
Port: 25
Sender Name: passblot
sender email: passbolt@ourdomain.com

I think we had to enable relay on on the server by IP address putting in the IP of the Passbolt server.

Thanks,

clayton · December 11, 2023, 3:21pm

From talking to our users in support. It is one of the least common ones I hear about from users these days. Most are using o365 and google. I get that numerically there are still lots of Exchange servers being run, it just isn’t a hugely common one for our user base from what I have seen.

pw-ka · December 14, 2023, 9:30am

Thank you all!

We allowed anonymous sending (exchange as relay) for the IP of the system. Emails are now working.

Best regards
Patrick