Email issues when trying to recover lost or new password

andrewm659 · November 7, 2018, 5:45pm

I have the latest community version of passbolt working. However If I add a user to this and want reset their password (mine for instance) it should send an email.

Here is my email config:
// Email configuration.
‘EmailTransport’ => [
‘default’ => [
‘host’ => ‘10.1.6.82’,
‘port’ => 25,
// ‘username’ => ‘’,
// ‘password’ => ‘’,
// Is this a secure connection? true if yes, null if no.
‘tls’ => null,
‘timeout’ => 30,
//‘client’ => null,
//‘url’ => null,
],
],

When I go to check my mailq nothing is there. However if I run the following, it pushes through all the mail I have sitting in the queue.
bin/cake EmailQueue.sender ./logs/mail.log

Why isn’t it being sent? I can’t find the logs that say where the problem lies.

Some of the other posts related to this issue were user error, but I don’t see a lot on sending email. I’m also new to cakePHP. Should there be a transport declarative in there?

Below is my healthcheck. I have this setup for dev purposes so no https.

bash-4.2$ ./bin/cake passbolt healthcheck

 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__  |__  ) /_/ / /_/ / / /
/_/    \__,_/____/____/_.___/\____/_/\__/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 7.2.11.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to http://passbolt01.stl1.gatewayblend.net
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 18 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The server gpg key is not the default one
[PASS] The environment variable GNUPGHOME is set to /var/lib/nginx/.gnupg.
[PASS] The directory /var/lib/nginx/.gnupg containing the keyring is writable by the webserver user.
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.

Application configuration

[PASS] Using latest passbolt version (2.4.0).
[FAIL] Passbot is not configured to force SSL use.
[HELP] Set passbolt.ssl.force to true in config/passbolt.php.
[FAIL] App.fullBaseUrl is not set to HTTPS.
[HELP] Check App.fullBaseUrl url scheme in config/passbolt.php.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

2 error(s) found. Hang in there!

bash-4.2$

Checklist
[X ] I have read intro post: About the Installation Issues category
[X ] I have read the tutorials, help and searched for similar issues
[X ] I provide relevant information about my server (component names and versions, etc.)
[ X] I provide a copy of my logs and healthcheck
[ x] I describe the steps I have taken to trouble shoot the problem
[x ] I describe the steps on how to reproduce the issue

cedric · November 8, 2018, 11:35am

Hello @andrewm659,

You can test your connection to the email server with the following command, it will give you more details.
./bin/cake passbolt send_test_email --recipient=youremail@domain.com

Hope it will help you.

I can see that your username and password properties are commented, you can also try to define them as empty.

andrewm659 · November 8, 2018, 2:47pm

So I uncommented the username and password and tried again. I got this:
bash-4.2$ ./bin/cake EmailQueue.sender
SMTP Error: 503 5.5.1 Error: authentication not enabled
Email 1 was not sent
SMTP Error: 503 5.5.1 Error: authentication not enabled
Email 2 was not sent
bash-4.2$

Then I tried putting null in the username and password fields, and got the same result.

cedric · November 9, 2018, 6:48am

Can you please provide us with the full output of the command ./bin/cake passbolt send_test_email --recipient=youremail@domain.com

andrewm659 · November 9, 2018, 3:42pm

Username and password are commented out in the config/passbolt.php. If I take out the host, will it drop to local postfix?

// Email configuration.
'EmailTransport' => [
    'default' => [
        'host' => '10.1.6.82',
        'port' => 25,
//            'username' => '',
//            'password' => '',
        // Is this a secure connection? true if yes, null if no.
        'tls' => null,
        'timeout' => 30,
        //'client' => null,
        //'url' => null,
    ],
],
bash-4.2$ ./bin/cake passbolt send_test_email --recipient=andrew.meyer@gatewayblend.com

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
---------------------------------------------------------------
 Debug email shell
---------------------------------------------------------------

Email configuration
---------------------------------------------------------------
Host: 10.1.6.82
Port: 25
Username:
Password: *********
TLS: false

Sending email from: Passbolt <passbolt@gatewayblend.com>
Sending email to: andrew.meyer@gatewayblend.com
---------------------------------------------------------------

Trace
[220] mail01 ESMTP
> EHLO localhost
[250] mail01
[250] PIPELINING
[250] SIZE 10485760
[250] VRFY
[250] ETRN
[250] ENHANCEDSTATUSCODES
[250] 8BITMIME
[250] DSN
> MAIL FROM:<passbolt@gatewayblend.com>
[250] 2.1.0 Ok
> RCPT TO:<andrew.meyer@gatewayblend.com>
[250] 2.1.5 Ok
> DATA
[354] End data with <CR><LF>.<CR><LF>
> From: Passbolt <passbolt@gatewayblend.com>
To: andrew.meyer@gatewayblend.com
Date: Fri, 09 Nov 2018 15:40:11 +0000
Message-ID: <c51b334000234dd8959ea947bf4bd781@passbolt01.stl1.gatewayblend.net>
Subject: Passbolt test email
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Congratulations!
If you receive this email, it means that your passbolt smtp configuration is working fine.




.
[250] 2.0.0 Ok: queued as 62767A1B3D
> QUIT

The message has been successfully sent!
bash-4.2$

andrewm659 · November 14, 2018, 8:43pm

Hi I haven’t heard back from anyone on this. Any help is greatly appreciated.

cedric · November 15, 2018, 5:49am

Hello @andrewm659,

I’m not an expert in smtp server but I tried to setup a local postfix as a relay of my gmail account.
The postfix accept local connections without any authentication method, and my passbolt configuration looks like this :

    'EmailTransport' => [
        'default' => [
            'host' => 'stretch.localdomain',
            'port' => 25,
            'username' => null,
            'password' => null,
            // Is this a secure connection? true if yes, null if no.
            'tls' => null,
        ],
    ],

With this configuration I was able to send a test email, and passbolt is also sending emails properly. Note the username and password set to null.

Can you please describe your architecture so the community would be able to help you.

Cheers,

cedric · November 21, 2018, 6:23am

Hello @andrewm659,
is your issue solved? If yes can you explain us how did you do ?
Best regards
Cédric

andrewm659 · November 21, 2018, 3:03pm

This has not been resolved. I am still not getting the recovery emails when creating an account in passbolt.

My architecture is:
CentOS 7 latest.
10.x.x.x/23 network.
I have 2 mail servers on prem that I can use or it should go outbound from the host passbolt is running on.
I can drop down to the bash shell and send mail using mail or mailx and have it delivered just fine via postfix.