Inivitation Mail not send. Only Test Mails

Habogus · November 17, 2025, 10:16pm

Passbolt CE Edtition on Ubutnu 24.0.4 LTS, HyperV VM w. vTPM, was working great

I had the CE EDiton installed, everything was working well. Today i registered some more users, or they answered the invitation mails (send last week). but this is not working anymore. i can send testmails from bash or gui, working fine. switched from TLS to plain and back, still not working. Updatet Passbolt, to 5.7.2-1 from the previous version. Still not working. Read through the older Issues here, but no luck as they were going more into another direction. using self signed for now. tried to invite to google, speedpartner,exchange online mails - any test worked, but not a single invitation. since like 3 days.

not to good at the bash or linux anymore, so i realy appriciate any help with this.

API Check

Passbolt API Status

Environment

PHP version 8.3.6

PCRE compiled with unicode support

The temporary directory and its content are writable and not executable

The logs directory and its content are writable

GD or Imagick extension is installed

Intl extension is installed

Mbstring extension is installed

Config files

The application config file is present

The passbolt config file is present

Core config

Cache is working

Unique value set for security.salt

Full base url is set to https://xxxx.domain.local

App.fullBaseUrl validation OK

/healthcheck/status is reachable

SSL Certificate

SSL peer certificate does not validate

Hostname does not match when validating certificates

Using a self-signed certificate

Database

The application is able to connect to the database

35 tables found

Some default content is present

GPG Configuration

PHP GPG Module is installed and loaded

The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg

The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user

The public key file is defined in /etc/passbolt/passbolt.php and readable.

The private key file is defined in /etc/passbolt/passbolt.php and readable.

The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php

The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is in the keyring

There is a valid email id defined for the server key

The public key can be used to encrypt a message

The public key can be used to sign a message

The public and private keys can be used to encrypt and sign a message

The private key can be used to decrypt and verify a message

The public key can be used to verify a signature

The server public key format is Gopengpg compatible

The server private key format is Gopengpg compatible

Application configuration

Using latest passbolt version (5.7.2)

Passbolt is configured to force SSL use

App.fullBaseUrl is set to HTTPS

Selenium API endpoints are disabled

Search engine robots are told not to index content

The Self Registration plugin is enabled

The Self Registration provider is: Email domain safe list

The deprecated self registration public settings was not found in /etc/passbolt/passbolt.php

Host availability checking is disabled

Serving the compiled version of the javascript app

Some email notifications are disabled by the administrators

SMTP Settings

The SMTP Settings plugin is enabled

SMTP Settings coherent. You may send a test email to validate them

The SMTP Settings source is: database

The SMTP Settings plugin endpoints are enabled

Metadata

The server does not have access to the server metadata private key in Zero-knowledge mode

/bin/bash -c “./bin/cake EmailQueue.sender” www

gives nothing back

gyaresu · November 18, 2025, 12:37am

G’day Habogus.
You’re focussed on the passbolt side here with what you’ve shared but the mail server side is just as important.

You mention google, speedpartner, exchange online, which are the user’s mail servers but you don’t mention which mail server passbolt is sending to and whether you’re seeing connection logs.

Do you know if your mail server is using Implicit or Explicit TLS?
https://www.passbolt.com/docs/admin/emails/email-server/#configure-smtp-with-passbolt-373-or-earlier-version

The comment about moving from TLS and back makes me think there’s a configuration error.

Happy to help if you can share more information.

Cheers
Gareth

Habogus · November 18, 2025, 12:46pm

Hi Gareth,

thanks for your reply.

Your question: Do you know if your mail server is using Implicit or Explicit TLS?:
The provider does support both (im/explicit), the smtp server is hosted by speedpartner.de .

i just talked to them and besides the test mail and registration mails ( from invitations that got send out last week, but accepted today ), they did not see any contact from passbolt towards their smtp while testing live with them (tested with 25/tls and 587/tls). Now it is set to 587 with User/pw auth. Looked at /etc/passbolt/passbolt.php, there are only parts for the Database connection and the GPG Configuration.
And as i mentioned, it was working well and i did not do anything on the bash/ubuntu side. just creating User, Groups, iniviting and stuff at the GUI…

Regarding tht Link u send me:
If your email provider supports TLS encryption your setup should look like this in config/passbolt.php:

Is it this file: /etc/passbolt/passbolt.php ?

there are no parts like shown at the link/website whatsoever… so maybe i got the wrong file ?
Just parts for Database configuration. and GPG Configuration.

I am kind of confused by the documentation most of the time, regarding the pathes of items..sry for that.
I am also still searching for some solid ways/commands, to have a full check on settings and logs for regular base health checks on passbolt..

If you need anything else, please just let me know.

br, florian