Emails will not be sent

Checklist
[x] I have read intro post: About the Installation Issues category
[x] I have read the tutorials, help and searched for similar issues
[x] I provide relevant information about my server (component names and versions, etc.)
[x] I provide a copy of my logs and healthcheck
[x] I describe the steps I have taken to trouble shoot the problem
[x] I describe the steps on how to reproduce the issue

1. Provide your system information:

  • Kubernetes (Minikube)

  • Passbolt Container (https://hub.docker.com/r/passbolt/passbolt/) without any volume mounts and an adjusted app.php for allowing self signed certificates.

    ‘url’ => env(‘EMAIL_TRANSPORT_DEFAULT_URL’, null),
    ‘context’ => [
    ‘ssl’ => [
    ‘verify_peer’ => env(‘EMAIL_TRANSPORT_VERIFY_PEER’, true),
    ‘verify_peer_name’ => env(‘EMAIL_TRANSPORT_VERIFY_NAME’, true),
    ‘allow_self_signed’ => env(‘EMAIL_TRANSPORT_ALLOW_SELF_SIGNED’, false),
    ]
    ],

  • Version 2.12.0

2. Provide a copy of your healthcheck running as the web server user

./bin/cake passbolt healthcheck

root@passbolt:/var/www/passbolt# su -s /bin/bash -c “./bin/cake passbolt healthcheck” www-data
Warning Error: SplFileInfo::openFile(/var/www/passbolt/tmp/cache/persistent/myapp_cake_core_translations_cake_console_en__u_s): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 405]

Warning Error: SplFileInfo::openFile(/var/www/passbolt/tmp/cache/persistent/myapp_cake_core_translations_cake_console_en__u_s): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 405]

 ____                  __          ____  
/ __ \____  _____ ____/ /_  ____  / / /_ 

/ // / __ `/ / / __ / __ / / _/
/ / // ( |
) /
/ / /
/ / / /
/
/ _
,
/
//./_//__/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 7.3.14.
[PASS] PCRE compiled with unicode support.
[FAIL] The temporary directory and its content are not writable.
[HELP] Ensure the temporary directory and its content are writable by the webserver user.
[HELP] you can try:
[HELP] sudo chown -R www-data:www-data /var/www/passbolt/tmp/
[HELP] sudo chmod 775 (find /var/www/passbolt/tmp/ -type d) [HELP] sudo chmod 664 (find /var/www/passbolt/tmp/ -type f)
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[WARN] The passbolt config file is missing in /var/www/passbolt/config/
[HELP] Copy /var/www/passbolt/config/passbolt.php.default to /var/www/passbolt/config/passbolt.php
[HELP] The passbolt config file is not required if passbolt is configured with environment variables

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to http://{passbolt.domain}
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 23 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
[PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
[FAIL] The server gpg key is not set
[HELP] Create a key, export it and add the fingerprint to config/passbolt.php
[HELP] See. {link removed}
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[FAIL] The server key fingerprint doesn’t match the one defined in config/passbolt.php.
[HELP] Double check the key fingerprint, example:
[HELP] sudo su -s /bin/bash -c “gpg --list-keys --fingerprint --home /home/www-data/.gnupg” www-data | grep -i -B 2 ‘SERVER_KEY_EMAIL’
[HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
[HELP] See. {link removed}
[FAIL] The server public key defined in the config/passbolt.php (or environment variables) is not in the keyring
[HELP] Import the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c “gpg --home /home/www-data/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private.asc” www-data
[FAIL] The server key does not have a valid email id.
[HELP] Edit or generate another key with a valid email id.

Application configuration

[FAIL] Could not connect to passbolt repository to check versions. It is not possible check if your version is up to date.
[HELP] Check the network configuration to allow this script to check for updates.
[PASS] Passbolt is configured to force SSL use.
[FAIL] App.fullBaseUrl is not set to HTTPS.
[HELP] Check App.fullBaseUrl url scheme in config/passbolt.php.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

7 error(s) found. Hang in there!

root@passbolt:/var/www/passbolt#

./bin/cake passbolt send_test_email

root@passbolt:/var/www/passbolt# ./bin/cake passbolt send_test_email -r {user email}

 ____                  __          ____  
/ __ \____  _____ ____/ /_  ____  / / /_ 

/ // / __ `/ / / __ / __ / / _/
/ / // ( |
) /
/ / /
/ / / /
/
/ _
,
/
//./_//__/

Open source password manager for teams

Debug email shell

Email configuration

Host: {host}
Port: 25
Username: {username}
Password: *********
TLS: true

Sending email from: {from email}
Sending email to: {user email}

Trace
[220] Default Frontend {host}

EHLO localhost
[250] {host} Hello [{ip}]
[250] SIZE 37748736
[250] PIPELINING
[250] DSN
[250] ENHANCEDSTATUSCODES
[250] STARTTLS
[250] 8BITMIME
[250] BINARYMIME
[250] CHUNKING
STARTTLS
[220] 2.0.0 SMTP server ready
EHLO localhost
[250] {host} Hello [{ip}]
[250] SIZE 37748736
[250] PIPELINING
[250] DSN
[250] ENHANCEDSTATUSCODES
[250] AUTH LOGIN
[250] 8BITMIME
[250] BINARYMIME
[250] CHUNKING
AUTH LOGIN
[334] VXNlcm5hbWU6


[334] UGFzc3dvcmQ6


[235] 2.7.0 Authentication successful

MAIL FROM:{email}
[250] 2.1.0 Sender OK
RCPT TO:{user email}
[250] 2.1.5 Recipient OK
DATA
[354] Start mail input; end with .
From: {email}
To: {user email}
Date: Wed, 29 Jan 2020 16:34:10 +0000
Message-ID: <271d289d27b24a678671671fdef10543 @ passbolt>
Subject: Passbolt test email
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Congratulations!
If you receive this email, it means that your passbolt smtp configuration is working fine.

.
[250] 2.6.0 <271d289d27b24a678671671fdef10543 @ passbolt> [InternalId=109190953567210, Hostname={host}] 1522 bytes in 0.129, 11,508 KB/sec Queued mail for delivery

QUIT

The message has been successfully sent!
root@passbolt:/var/www/passbolt#

Environment variables

APP_FULL_BASE_URL: http://{passbolt.domain}
DATASOURCES_DEFAULT_HOST: {db ip}
DATASOURCES_DEFAULT_PASSWORD: {db password}
DATASOURCES_DEFAULT_USERNAME: {db user}
DATASOURCES_DEFAULT_DATABASE: {db}
EMAIL_TRANSPORT_DEFAULT_CLASS_NAME: Smtp
EMAIL_DEFAULT_FROM: {from email}
EMAIL_TRANSPORT_DEFAULT_HOST: {smtp host}
EMAIL_TRANSPORT_DEFAULT_PORT: “25”
EMAIL_TRANSPORT_DEFAULT_USERNAME: “{email user}”
EMAIL_TRANSPORT_DEFAULT_PASSWORD: “{email password}”
EMAIL_TRANSPORT_DEFAULT_TLS: “1”
EMAIL_TRANSPORT_VERIFY_PEER: “0”
EMAIL_TRANSPORT_VERIFY_PEER_NAME: “0”
EMAIL_TRANSPORT_ALLOW_SELF_SIGNED: “1”

3. Describe the problem thoroughly with as much details as possible so that people can reproduce the issues.
– What steps did you take?

  • I already fixed the permission issues in the container for the temp folder, but no luck
  • The cli email check is working (the test email is also received)

– What happened?

  • The email message will not be sent to the users
  • No logs are written by passbolt to /var/www/passbolt/logs

– What did you expect instead?

  • Emails will be sent or an error should be shown

Hi @erdnussflips, I may be misunderstanding but the environment variables you show would be for certs that are NOT self signed. For example, you would want verify to be false.

The URL… Are you attempting to send locally from postfix or something like that or are you going to sign in to a remote server? Credentials are needed for remote servers. For local mail servers the URL can be 127.0.0.1.

Hi @garrett, thanks for your response.
Did you mean the default values in the app.php or my posted environment variables?
My environment variables overwrite the default values from app.php and verify is false (‘0’). If I use “true/false” instead of “0/1” ./bin/cake passbolt send_test_email fails.

EMAIL_TRANSPORT_VERIFY_PEER: “0” // <- this is false
EMAIL_TRANSPORT_VERIFY_PEER_NAME: “0” // <- this is false
EMAIL_TRANSPORT_ALLOW_SELF_SIGNED: “1” // <- this is true

I attempting to send through a remote company inhouse SMTP server. I see in my last post, the credentials are empty, but in my config the credentials are present. So that’s not the problem. However the command ./bin/cake passbolt send_test_email is working fine.

EDIT: @garrett I corrected the first post.

You are right…if you use the environment variables, then Passbolt works off of those. The app.php notes you have which say you adjusted them for self-signed certs…those settings are showing the opposite of your environment variables. That was my confusion. Changes there would not be needed…but it’s clear you know that. My fault, sorry.

If I understand correctly, you have the correct IP address of the remote server and credentials to access it, and that remote mail server is configured to receive SMPT on port 25 (and not port 587) and the send_test_email is working fine…but you are saying that ultimately when an end Passbolt user should be getting an email, they are not.

And that makes sense, then, that there would be no logs on the Passbolt server, because it does not appear to be a problem with your Passbolt server. The mail server is either not sending out the messages, or it is but they are going to spam, or its getting blocked by other mail servers, etc. That’s my guess.

(And, final thought, make sure you have the CRON job set to run as well.)

No problem. :slight_smile:

Yes, that’s correct, the server receives SMTP on port 25 and not 587. Yes, send_test_email is working fine but an end Passbolt user is not getting any email.

Good point. I will check this with my colleagues.

I hope, that the CRON job is executed by the official docker image?
But I also fired the cron job manually with su -c "source /etc/environment ; /var/www/passbolt/bin/cake EmailQueue.sender". But no output and users also getting no emails.

Some interesting part is, that su -c "source /etc/environment ; /var/www/passbolt/bin/cake EmailQueue.preview" shows multiple emails. I assume these have not yet been sent?

And the Passbolt server hasn’t internet access, because it’s behind a corporate proxy. I don’t know, whether this is relevant. But the email server (also in the same corporate network) has internet access. :wink:

I would agree with your assumption.

For the URL to the mail server…are you using an IP address or domain? If domain, then the domain and IP may need to be added to the /etc/hosts file. If IP, then I think it’s okay as-is.

Also, there may be a firewall on the mail server that is blocking incoming from the docker IP (since it’s internal use only). Might want to look along those lines too.

Hi @garrett,

it’s working now. I think it has also worked before, because I haven’t changed anything.
But the email delivery was disabled. I enabled it, and now the emails are sent.

Thanks for your help. :slight_smile:

Fantastic! What did you do to “enable email” so it worked?

Under “Administration > Email Notification Settings” all email notifications were disabled. Especially: “Registration & Recovery”.

1 Like

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.