Mail locked but not sent

localhorst · March 1, 2022, 2:09pm

[y] I have read intro post
[y] I have read the tutorials, help and searched for similar issues
[y] I provide relevant information about my server (component names and versions, etc.)

Debian GNU/Linux 10 (buster) using download.passbolt.com/ce/debian's package 
PHP 7.3.31-1~deb10u1 (cli) (built: Oct 24 2021 15:18:08) ( NTS )
mysql  Ver 15.1 Distrib 10.3.31-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
nginx/1.14.2
Passbolt CE 3.5.0
Cakephp 4.2.9

[y] I provide a copy of my logs and healthcheck

Healthcheck shell
 Environment

 [PASS] PHP version 7.3.31-1~deb10u1.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://pw.redacted.com
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [PASS] SSL peer certificate validates
 [PASS] Hostname is matching in SSL certificate.
 [PASS] Not using a self-signed certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 26 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.
 [PASS] The server public key format is Gopengpg compatible.
 [PASS] The server private key format is Gopengpg compatible.

 Application configuration

 [PASS] Using latest passbolt version (3.5.0).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [PASS] The /etc/passbolt/jwt/ directory is not writable.
 [PASS] A valid JWT key pair was found

 [PASS] No error found. Nice one sparky!

data check:

Data check shell
[PASS] Data integrity for AuthenticationTokens.
  [PASS] Can validate: 1467/1467
[PASS] Data integrity for Comments.
  [PASS] Can validate: 0/0
[PASS] Data integrity for Favorites.
  [PASS] Can validate: 0/0
[PASS] Data integrity for Gpgkeys.
  [PASS] Can encrypt: 7/7
  [PASS] Can validate: 7/7
  [PASS] Is not expired: 7/7
  [PASS] Is armored key format valid: 7/7
  [PASS] Is email unique: 7/7
[PASS] Data integrity for Groups.
  [PASS] Can validate: 0/0
[PASS] Data integrity for Profiles.
  [PASS] Can validate: 15/15
[PASS] Data integrity for Resources.
  [PASS] Can validate: 254/254
[PASS] Data integrity for Secrets.
  [PASS] Can validate: 287/287
[PASS] Data integrity for Users.
  [PASS] Can validate: 15/15

[y] I describe the steps I have taken to trouble shoot the problem

When using
sudo su -s /bin/bash -c “/usr/share/php/passbolt/bin/cake EmailQueue.sender clear_locks” followed by
sudo su -s /bin/bash -c “/usr/share/php/passbolt/bin/cake EmailQueue.sender -l 200” some mails are sent. Some mails still fail and go into locked state without being sent. I have checked the /var/mail/www-data. It contains the following lines when an email goes into this failed state:


Subject: Cron <www-data@redacted> /var/www/passbolt/bin/cake EmailQueue.sender
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/home/www-data>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=www-data>

Notice Error: unserialize(): Error at offset 0 of 3095 bytes in [/var/www/passbolt/vendor/lorenzo/cakephp-email-queue/src/Database/Type/SerializeType.php, line 22]

2022-03-01 13:42:01 Notice: Notice (8): unserialize(): Error at offset 0 of 3095 bytes in [/var/www/passbolt/vendor/lorenzo/cakephp-email-queue/src/Database/Type/SerializeType.php, line 22]


Notice Error: unserialize(): Error at offset 0 of 35 bytes in [/var/www/passbolt/vendor/lorenzo/cakephp-email-queue/src/Database/Type/SerializeType.php, line 22]

2022-03-01 13:42:01 Notice: Notice (8): unserialize(): Error at offset 0 of 35 bytes in [/var/www/passbolt/vendor/lorenzo/cakephp-email-queue/src/Database/Type/SerializeType.php, line 22]


Notice Error: unserialize(): Error at offset 0 of 2 bytes in [/var/www/passbolt/vendor/lorenzo/cakephp-email-queue/src/Database/Type/SerializeType.php, line 22]

2022-03-01 13:42:01 Notice: Notice (8): unserialize(): Error at offset 0 of 2 bytes in [/var/www/passbolt/vendor/lorenzo/cakephp-email-queue/src/Database/Type/SerializeType.php, line 22]


Notice Error: Undefined variable: body in [/var/www/passbolt/src/Template/Email/html/LU/resource_create.ctp, line 19]

2022-03-01 13:42:01 Notice: Notice (8): Undefined variable: body in [/var/www/passbolt/src/Template/Email/html/LU/resource_create.ctp, line 19]


Notice Error: Undefined variable: body in [/var/www/passbolt/src/Template/Email/html/LU/resource_create.ctp, line 21]

2022-03-01 13:42:01 Notice: Notice (8): Undefined variable: body in [/var/www/passbolt/src/Template/Email/html/LU/resource_create.ctp, line 21]


Notice Error: Undefined variable: body in [/var/www/passbolt/src/Template/Email/html/LU/resource_create.ctp, line 22]

2022-03-01 13:42:01 Notice: Notice (8): Undefined variable: body in [/var/www/passbolt/src/Template/Email/html/LU/resource_create.ctp, line 22]


Notice Error: Undefined variable: body in [/var/www/passbolt/src/Template/Email/html/LU/resource_create.ctp, line 23]

2022-03-01 13:42:01 Notice: Notice (8): Undefined variable: body in [/var/www/passbolt/src/Template/Email/html/LU/resource_create.ctp, line 23]


Notice Error: Undefined variable: body in [/var/www/passbolt/src/Template/Email/html/LU/resource_create.ctp, line 24]

2022-03-01 13:42:01 Notice: Notice (8): Undefined variable: body in [/var/www/passbolt/src/Template/Email/html/LU/resource_create.ctp, line 24]


Notice Error: Undefined variable: body in [/var/www/passbolt/src/Template/Email/html/LU/resource_create.ctp, line 25]

2022-03-01 13:42:01 Notice: Notice (8): Undefined variable: body in [/var/www/passbolt/src/Template/Email/html/LU/resource_create.ctp, line 25]


Notice Error: Undefined variable: body in [/var/www/passbolt/src/Template/Email/html/LU/resource_create.ctp, line 26]

2022-03-01 13:42:01 Notice: Notice (8): Undefined variable: body in [/var/www/passbolt/src/Template/Email/html/LU/resource_create.ctp, line 26]


Notice Error: Trying to get property 'profile' of non-object in [/var/www/passbolt/src/Template/Email/html/LU/resource_create.ctp, line 29]

2022-03-01 13:42:01 Notice: Notice (8): Trying to get property 'profile' of non-object in [/var/www/passbolt/src/Template/Email/html/LU/resource_create.ctp, line 29]


Notice Error: Trying to get property 'avatar' of non-object in [/var/www/passbolt/src/Template/Email/html/LU/resource_create.ctp, line 29]

2022-03-01 13:42:01 Notice: Notice (8): Trying to get property 'avatar' of non-object in [/var/www/passbolt/src/Template/Email/html/LU/resource_create.ctp, line 29]


Exception: Argument 1 passed to App\View\Helper\AvatarHelper::getAvatarUrl() must be an instance of App\Model\Entity\Avatar, null given, called in /var/www/passbolt/src/Template/Email/html/LU/resource_create.ctp on line 29 in [/var/www/passbolt/src/View/Helper/AvatarHelper.php, line 16]

Even when using the -v flag cake gives no error and exists with code 0 when executed on commandline.

[y] I describe the steps on how to reproduce the issue

I changed the email notification to send on creation and created a one dummy password at a time, watched the cronjob either send me the mail or fail with this message described earlier.

mysql -uroot -p -e “select id,subject,sent,locked,error,send_tries from sqcpassboltdb.email_queue;”

+-----+----------------------------------------------------------------------------------------+------+--------+-------+------------+
| id  | subject                                                                                | sent | locked | error | send_tries |
+-----+----------------------------------------------------------------------------------------+------+--------+-------+------------+
[....]
| 190 | You added the password Email Notification Test 3                                       |    1 |      0 | NULL  |          0 |
| 191 | You added the password Email Notification Test 4                                       |    1 |      0 | NULL  |          0 |
| 192 | Admin deleted the password Email Notification Test                                     |    1 |      0 | NULL  |          0 |
| 193 | You added the password test6                                                           |    0 |      1 | NULL  |          0 |
| 194 | You added the password test7                                                           |    0 |      1 | NULL  |          0 |

garrett · March 1, 2022, 8:48pm

Hi @localhorst This is just a guess given what you provided:

By chance were you upgrading to the package before this problem arose? The reason I ask is because I notice that you are indicating an instance of passbolt in the /var/www/passbolt directory - this location is associated with an older old script-install approach. However, you are also showing the commands associated with the /usr/share/php/passbolt location which is established on a package install.

If so, this is the reference for an upgrade from a source install to a package install on Debian. Starting with Step 7 in the guide, NGINX will need to be reconfigured…and by Step 9 the /var/www/passbolt location is removed.

localhorst · March 2, 2022, 11:01am

This instance was setup using only the package on a Debian 10, as far as I’m aware I have not used the script to set it up. It was setup in September 2020 though, maybe the methods have changed over time. Would deleting the directory help? It seems like the cronjob relies on this

E: I just logged into www-data using su and it does have an crontab entry with /var/www/passbolt/bin/cake, so I assume this is the one actually throwing the errors. I will try to disable it and see if the /usr/share/php/passbolt/bin/cron program takes over the sending of mails instead

E2: It just delivered an email successfully and I will continue to monitor the situation, maybe the error was due to these two cronjobs competing.

E3: Email are being sent as configured, so the solution was to disable to crontab added as www-data user and just keep the crontab executing /usr/share/php/passbolt/bin from /etc/cron.d. Thanks for your insight.