Issues Configuring Passbolt with Gmail SMTP on AlmaLinux 9.4

Hello everyone,

I’m trying to set up a Passbolt server (on AlmaLinux 9.4) using Gmail’s SMTP service, but I’m facing some issues. I can’t access the Passbolt web interface because I’m not receiving the password recovery email. Below is my current configuration in the **passbolt.php** file:

'EmailTransport' => [
    'default' => [
        'host' => 'smtp.gmail.com', // SMTP Server
        'port' => 587,
        'username' => 'password@web.com', // SMTP User
        'password' => 'Application-specific_password',
        'className' => 'Smtp',
        'tls' => true,
    ],
],

When I run the following command to test email sending:

sudo -u nginx /usr/share/php/passbolt/bin/cake passbolt send_test_email --recipient=jsuarez@web.com

I get the following log output:

[root@ip28 ~]# sudo -u nginx /usr/share/php/passbolt/bin/cake passbolt send_test_email --recipient=jsuarez@web.com

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
 Debug email shell
-------------------------------------------------------------------------------
Email configuration
-------------------------------------------------------------------------------
Host: smtp.gmail.com
Port: 587
Username: password@web.com
Password: *********
TLS: true
Sending email from: Password <password@web.com>
Sending email to: jsuarez@web.com
-------------------------------------------------------------------------------
Trace
[220] smtp.gmail.com ESMTP 6a1803df08f44-6c162d21759sm59312896d6.25 - gsmtp
 EHLO localhost
[250] smtp.gmail.com at your service, [54.39.92.28]
[250] SIZE 35882577
[250] 8BITMIME
[250] STARTTLS
[250] ENHANCEDSTATUSCODES
[250] PIPELINING
[250] CHUNKING
[250] SMTPUTF8
 STARTTLS
[220] 2.0.0 Ready to start TLS
 EHLO localhost
[250] smtp.gmail.com at your service, [54.39.92.28]
[250] SIZE 35882577
[250] 8BITMIME
[250] AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
[250] ENHANCEDSTATUSCODES
[250] PIPELINING
[250] CHUNKING
[250] SMTPUTF8
 AUTH PLAIN *****
[534] 5.7.9 Application-specific password required. For more information, go to
[534] 5.7.9  https://support.google.com/mail/?p=InvalidSecondFactor 6a1803df08f44-6c162d21759sm59312896d6.25 - gsmtp
Could not send the test email.
Error: SMTP Error: 530 5.7.0  https://support.google.com/mail/?p=WantAuthError 6a1803df08f44-6c162d21759sm59312896d6.25 - gsmtp

It seems that the issue is related to Gmail’s application-specific password. However, I have already disabled the firewall to rule out any network issues. Interestingly, when using the same credentials on the GMass SMTP Test tool, everything seems to work fine.

Could someone help me figure out what might be going wrong? I appreciate any suggestions in advance.

Hello @jesussuarz,

I have investigated the issues and I am not able to reproduce it.

[vagrant@almalinux9 ~]$ sudo -u nginx /usr/share/php/passbolt/bin/cake passbolt send_test_email  --recipient=DEPRECATED

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
 Debug email shell
-------------------------------------------------------------------------------
Email configuration
-------------------------------------------------------------------------------
Host: smtp.gmail.com
Port: 587
Username: DEPRECATED
Password: *********
TLS: true
Sending email from: Passbolt <you@localhost.test>
Sending email to: DEPRECATED
-------------------------------------------------------------------------------
Trace
[220] smtp.gmail.com ESMTP a640c23a62f3a-a86e549cb8esm202545466b.67 - gsmtp
 EHLO localhost
[250] smtp.gmail.com at your service, [193.32.126.240]
[250] SIZE 35882577
[250] 8BITMIME
[250] STARTTLS
[250] ENHANCEDSTATUSCODES
[250] PIPELINING
[250] CHUNKING
[250] SMTPUTF8
 STARTTLS
[220] 2.0.0 Ready to start TLS
 EHLO localhost
[250] smtp.gmail.com at your service, [193.32.126.240]
[250] SIZE 35882577
[250] 8BITMIME
[250] AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
[250] ENHANCEDSTATUSCODES
[250] PIPELINING
[250] CHUNKING
[250] SMTPUTF8
 AUTH PLAIN *****
[235] 2.7.0 Accepted
 MAIL FROM:<you@localhost.test>
[250] 2.1.0 OK a640c23a62f3a-a86e549cb8esm202545466b.67 - gsmtp
 RCPT TO:<*****>
[250] 2.1.5 OK a640c23a62f3a-a86e549cb8esm202545466b.67 - gsmtp
 DATA
[354] Go ahead a640c23a62f3a-a86e549cb8esm202545466b.67 - gsmtp
 From: Passbolt <you@localhost.test>
To: *****
Date: Wed, 28 Aug 2024 06:55:46 +0000
Message-ID: <59c4808ce7c044b79b6e59aec3678d0f@almalinux9>
Subject: Passbolt test email
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Congratulations!
If you receive this email, it means that your passbolt smtp configuration is working fine.




.
[250] 2.0.0 OK  1724828748 a640c23a62f3a-a86e549cb8esm202545466b.67 - gsmtp
 QUIT
The message has been successfully sent!
[vagrant@almalinux9 ~]$ sudo cat /etc/passbolt/passbolt.php | grep -i -A 9 EmailTransport
    'EmailTransport' => [
    'default' => [
        'host' => 'smtp.gmail.com', 
        'port' => 587,
        'username' => 'DEPRECATED', 
        'password' => 'DEPRECATED',
        'className' => 'Smtp',
        'tls' => true,
    ],
],

I was thinking about an issues with the credentials since it complains about Application-specific password required, they are usually displayed one time only and can’t be accessed afterwards. Have you tried create another app password to confirm as mentioned in our dedicated guide?