Good morning, first of all, I would like to apologize if I’m repeating a posted issue because I was searching the forum for a problem like mine but couldn’t find it even though there are also some issues with the email posted.
My issue is related to sending emails to external users not hosted on the same machine as the Passbolt server. The emails are sending correctly as all logs and checks say, but they are lost on the way to the mailboxes.
This was working in the past but I can’t remember if this left working after an update or before migrating from CE to Pro version because normally I don’t use an external email.
I have installed Passbolt Pro v3.7.1 from source code in my server running Debian 10, Apache/2.4.38 and PHP v8.0.22. Here is my healthcheck command output:
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
Healthcheck shell
-------------------------------------------------------------------------------
Environment
[PASS] PHP version 8.0.22.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://passbolt.domain.co
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.
SSL Certificate
[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate
Database
[PASS] The application is able to connect to the database
[PASS] 44 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/passbolt/.gnupg.
[PASS] The directory /home/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.
Application configuration
[PASS] Using latest passbolt version (3.7.1).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.
JWT Authentication
[PASS] The JWT Authentication plugin is enabled
[PASS] The /home/passbolt/public_html/config/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found
[PASS] No error found. Nice one sparky!
As I have found on other posts and at Passbolt Help | Why are my emails not being sent?, I have tried to send test emails to my own address hosted on the same server (this account is able to send and receive emails without problems) and to an external address. The result inside the server is the same for both, but when searching in the mailboxes I got just the internal address one. Here are the tests:
Internal email address:
root@server:~# sudo -H -u passbolt bash -c "/home/passbolt/public_html/bin/cake passbolt send_test_email --recipient=test@domain.co"
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
Debug email shell
-------------------------------------------------------------------------------
Email configuration
-------------------------------------------------------------------------------
Host: localhost
Port: 25
Username: pbt@passbolt.domain.co
Password: *********
TLS: false
Sending email from: Passbolt <pbt@passbolt.domain.co>
Sending email to: test@domain.co
-------------------------------------------------------------------------------
Trace
[220] server.domain.co ESMTP Postfix (Debian/GNU)
> EHLO passbolt.domain.co
[250] server.domain.co
[250] PIPELINING
[250] SIZE 52428800
[250] VRFY
[250] ETRN
[250] STARTTLS
[250] AUTH PLAIN LOGIN
[250] AUTH=PLAIN LOGIN
[250] ENHANCEDSTATUSCODES
[250] 8BITMIME
[250] DSN
[250] SMTPUTF8
[250] CHUNKING
> AUTH PLAIN AHBidEBwYnQuZGllZ29zci5lcwB5LHprRDZxO2xHYzNIQ1Mp
[235] 2.7.0 Authentication successful
> MAIL FROM:<*****>
[250] 2.1.0 Ok
> RCPT TO:<test@domain.co>
[250] 2.1.5 Ok
> DATA
[354] End data with <CR><LF>.<CR><LF>
> From: Passbolt <*****>
To: test@domain.co
Date: Fri, 09 Sep 2022 07:26:54 +0000
Message-ID: <cc70f16cd8cf4a1bbaaf5e2fcd469e06@server.domain.co>
Subject: Passbolt test email
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Congratulations!
If you receive this email, it means that your passbolt smtp configuration is working fine.
.
[250] 2.0.0 Ok: queued as 04E598298A
> QUIT
The message has been successfully sent!
External email address:
root@server:~# sudo -H -u passbolt bash -c "/home/passbolt/public_html/bin/cake passbolt send_test_email --recipient=external@gmail.com"
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
Debug email shell
-------------------------------------------------------------------------------
Email configuration
-------------------------------------------------------------------------------
Host: localhost
Port: 25
Username: pbt@passbolt.domain.co
Password: *********
TLS: false
Sending email from: Passbolt <pbt@passbolt.domain.co>
Sending email to: external@gmail.com
-------------------------------------------------------------------------------
Trace
[220] server.domain.co ESMTP Postfix (Debian/GNU)
> EHLO passbolt.domain.co
[250] server.domain.co
[250] PIPELINING
[250] SIZE 52428800
[250] VRFY
[250] ETRN
[250] STARTTLS
[250] AUTH PLAIN LOGIN
[250] AUTH=PLAIN LOGIN
[250] ENHANCEDSTATUSCODES
[250] 8BITMIME
[250] DSN
[250] SMTPUTF8
[250] CHUNKING
> AUTH PLAIN AHBidEBwYnQuZGllZ29zci5lcwB5LHprRDZxO2xHYzNIQ1Mp
[235] 2.7.0 Authentication successful
> MAIL FROM:<*****>
[250] 2.1.0 Ok
> RCPT TO:<external@gmail.com>
[250] 2.1.5 Ok
> DATA
[354] End data with <CR><LF>.<CR><LF>
> From: Passbolt <*****>
To: external@gmail.com
Date: Fri, 09 Sep 2022 07:28:06 +0000
Message-ID: <5708db7cee6241edb469fad51a955c43@server.domain.co>
Subject: Passbolt test email
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Congratulations!
If you receive this email, it means that your passbolt smtp configuration is working fine.
.
[250] 2.0.0 Ok: queued as 247B48298A
> QUIT
The message has been successfully sent!
I also checked cron service journal:
root@server:~# sudo journalctl -fu cron.service
-- Logs begin at Fri 2022-09-09 05:21:18 CEST. --
Sep 09 09:27:01 server.domain.co CRON[30383]: (passbolt) CMD (/home/passbolt/public_html/bin/cake EmailQueue.sender >> /var/log/passbolt-email.log 2>&1)
Sep 09 09:27:01 server.domain.co CRON[30385]: (passbolt) CMD (/home/passbolt/public_html/bin/cron >> /var/log/passbolt.log)
Sep 09 09:27:02 server.domain.co CRON[30382]: pam_unix(cron:session): session closed for user passbolt
Sep 09 09:27:02 server.domain.co CRON[30381]: pam_unix(cron:session): session closed for user passbolt
Sep 09 09:28:01 server.domain.co CRON[30424]: pam_unix(cron:session): session opened for user passbolt by (uid=0)
Sep 09 09:28:01 server.domain.co CRON[30426]: (passbolt) CMD (/home/passbolt/public_html/bin/cake EmailQueue.sender >> /var/log/passbolt-email.log 2>&1)
Sep 09 09:28:01 server.domain.co CRON[30425]: pam_unix(cron:session): session opened for user passbolt by (uid=0)
Sep 09 09:28:01 server.domain.co CRON[30427]: (passbolt) CMD (/home/passbolt/public_html/bin/cron >> /var/log/passbolt.log)
Sep 09 09:28:01 server.domain.co CRON[30425]: pam_unix(cron:session): session closed for user passbolt
Sep 09 09:28:01 server.domain.co CRON[30424]: pam_unix(cron:session): session closed for user passbolt
And passbolt log:
root@server:~# tail /var/log/passbolt.log
Email 399 was sent
Email 400 was sent
Email 401 was sent
Email 402 was sent
Email 403 was sent
Email 404 was sent
Email 405 was sent
Email 406 was sent
Email 407 was sent
Email 408 was sent
This is the SMTP config at ~/config/passbolt.php:
// Email configuration.
'EmailTransport' => [
'default' => [
'host' => 'localhost',
'port' => 25,
'username' => 'pbt@passbolt.domain.co',
'password' => 'password',
// Is this a secure connection? true if yes, null if no.
'tls' => null,
//'timeout' => 30,
'client' => 'passbolt.domain.co',
//'url' => null,
],
],
'Email' => [
'default' => [
// Defines the default name and email of the sender of the emails.
'from' => ['pbt@passbolt.domain.co' => 'Passbolt'],
//'charset' => 'utf-8',
//'headerCharset' => 'utf-8',
],
],
Do you have any idea why is it not working?
If you need more information, do not hesitate to ask for it