Issue sending SMTP mails via SES

My passbolt instance is not sending any mails.I’ve checked the settings in the administration panel, all mails are allowed to sent.

Our Passbolt installation runs on Docker, current version. The selected mail provider is Amazon SES.

This is the output from the healthcheck:

Environment

 [PASS] PHP version 7.4.33.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://passbolt.ilgenfritz.biz
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [FAIL] SSL peer certificate does not validate
 [FAIL] Hostname does not match when validating certificates.
 [WARN] Using a self-signed certificate
 [HELP] Check https://help.passbolt.com/faq/hosting/troubleshoot-ssl
 [HELP] fopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fopen(): Failed to enable crypto
fopen(https://passbolt.ilgenfritz.biz/healthcheck/status.json): failed to open stream: operation failed

 Database

 [PASS] The application is able to connect to the database
 [PASS] 26 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.
 [PASS] The server public key format is Gopengpg compatible.
 [PASS] The server private key format is Gopengpg compatible.

 Application configuration

 [PASS] Using latest passbolt version (3.8.3).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [PASS] The /etc/passbolt/jwt/ directory is not writable.
 [PASS] A valid JWT key pair was found

 SMTP Settings

 [PASS] The SMTP Settings plugin is enabled.
 [PASS] SMTP Settings coherent. You may send a test email to validate them.
 [PASS] The SMTP Settings source is: database.

 [FAIL] 2 error(s) found. Hang in there!

And here is the output from the “send_test_email” function:

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
 Debug email shell
-------------------------------------------------------------------------------
Email configuration
-------------------------------------------------------------------------------
Host: email-smtp.eu-central-1.amazonaws.com
Port: 587
Username: ********* (censored)
Password: *********
TLS: true
Sending email from: Passbolt <noreply@passboltdomain.com>
Sending email to: no-reply@passbolt.com
-------------------------------------------------------------------------------
Trace
[220] email-smtp.amazonaws.com ESMTP SimpleEmailService-d-RFEKVBS9L AD2K3HzwcPSMhCBRCpfx
Could not send the test email.
Error: SMTP server did not accept the connection or trying to connect to non TLS SMTP server using TLS.

Hi @tobi,

could your issue be related to this post resp. be fixed by this?

Hi @pabloelcolombiano,

i tried your suggestion.

In our passbolt.php config file the parameter “client” is uncommented.

// Email configuration.
    'EmailTransport' => [
        'default' => [
            'host' => 'email-smtp.eu-central-1.amazonaws.com',
            'port' => 587,
            'username' => 'XXXX',
            'password' => 'XXXX',
            // Is this a secure connection? true if yes, null if no.
            'tls' => true,
            //'timeout' => 30,
            //'client' => null,
            //'url' => null,
        ],
    ],

We don’t have a “app.php” file. I deleted the database entry as described, but it has no effect. Passbolt still won’t send any mails.

mysql> DELETE FROM organization_settings WHERE property = "smtp";
Query OK, 1 row affected (0.02 sec)

Hello @tobi,

Just for clarification, did the email sending ever worked for you? Like was it working and an update or another operation broke it or you are setting it up and having a hard time to make it work?

Cheers,
Gérold.

Hello @Gerold,

Yes, it was working well for years. I think one of the latest updates broke it, even if we don’t changed anything on our site.

Cheers, Tobi

See my solution:
The problem is the client value being null. Once it is set to the actual IP address, all the servers including Gmail will start accepting your emails. I don’t know why this is hardly mentioned anywhere in the install instructions?!

Note: external article link being removed, solution is as noted here