My PassBolt CE (Docker) edition is no longer sending emails (version 2)

I installed PassBolt CE (Docker) on our hosted Linux server in April and configured the email server settings using my GMail account. I received the test email and all was well.

Today, PassBolt will not send out any emails. I have tried using a Yahoo mail account and received the same failed results.

Below is the log from the test email settings, any help would be appreciated. I have masked my server IP address as xxx.xxx.xxx.xxx.

Hello @gseiber

Welcome to the community forum!

Please take a look at this link

If you do not find your answers in the link, please post the results from your server’s Passbolt Health-Check and logs.

Dear Duffman,

My apologies for being a newbie. I’m following these instructions as on Docker to run the healtcheck from the CLI on the container; see the image in the message.

Do I run the healtcheck from the CLI on the container for a

  1. On a root docker image?
    or
  2. Non root image?

What password is it prompting me for?

Thank-you for your help.
Greg S.

Please see the healthcheck output;
____ __ ____
/ __ ____ _____ / / ____ / / /
/ /
/ / __ `/ / / __ / __ / / _/
/ / // ( |
) /
/ / /
/ / / /
/
/ _
,
/
//./_//__/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 7.4.33.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[WARN] The passbolt config file is missing in /etc/passbolt/
[HELP] Copy /etc/passbolt/passbolt.default.php to /etc/passbolt/passbolt.php
[HELP] The passbolt config file is not required if passbolt is configured with environment variables

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://139-144-20-180.ip.linodeusercontent.com
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 30 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[FAIL] The server OpenPGP key is not set
[HELP] Create a key, export it and add the fingerprint to /etc/passbolt/passbolt.php
[HELP] See. Passbolt Help | Installation
[PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
[FAIL] The server key fingerprint doesn’t match the one defined in /etc/passbolt/passbolt.php.
[HELP] Double check the key fingerprint, example:
[HELP] sudo su -s /bin/bash -c ā€œgpg --list-keys --fingerprint --home /var/lib/passbolt/.gnupgā€ www-data | grep -i -B 2 ā€˜SERVER_KEY_EMAIL’
[HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
[HELP] See. Passbolt Help | Installation
[FAIL] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is not in the keyring [HELP] Import the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c ā€œgpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.ascā€ www-data
[FAIL] The server key does not have a valid email id.
[HELP] Edit or generate another key with a valid email id.

Application configuration

[FAIL] This installation is not up to date. Currently using 3.12.2 and it should be v4.1.1-rc.1.
[HELP] See. Passbolt Help | Update
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.

JWT Authentication

[PASS] The JWT Authentication plugin is enabled
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found

SMTP Settings

[PASS] The SMTP Settings plugin is enabled.
[FAIL] SMTP Setting errors: Argument 1 passed to App\Utility\OpenPGP\Backends\Gnupg::setDecryptKeyFromFingerprint() must be of the type string, null given, called in /usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetSettingsInDbService.php on line 109
[WARN] The SMTP Settings source is: undefined.
[HELP] It is recommended to set the SMTP Settings in the database through the administration section.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.

[FAIL] 6 error(s) found. Hang in there!

Hi @gseiber

Congratulations on running health-check. I am a noob too maybe a noob+. There is nothing wrong with asking questions so you can learn. That is how I do it!

I do not use Docker but I saw some issues in health-check. Someone else from the forum might be able to help you better but here is my advice.

I would look at the Passbolt Docker Instructions:

Docker trouble shooting:

From Health-Check:

It seems that a openPGP key needs to be setup:
[FAIL] The server OpenPGP key is not set
[HELP] Create a key, export it and add the fingerprint to /etc/passbolt/passbolt.php

Add the key to Passbolt:
[FAIL] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is not in the keyring [HELP] Import the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c ā€œgpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.ascā€ www-data

You will get Passbolt working soon @gseiber.

Keep up the good work! Let us know where in the setup up process you are now.

Just to be sure we aren’t chasing phantom GPG issues here, be sure to run the healthcheck as described in the troubleshooting page. If you run it without the source /etc/environment or the command for exporting the key we can get fails in the healthcheck related to GPG.

Since this is an email related issue this will be important to see since the email settings are stored in the database and encrypted with the GPG key so we’ll need to rule that out as the cause

1 Like

Dear Clayton,

I appreciate your response and I’m researching your reply.

I decided to deploy another PassBolt CE instance by using a package method, since I read that Docker is considered a somewhat advanced method. This seem to be working as expected. My reason for deploying PassBolt is strictly personal and educational purposes. Thanks for the responses.

1 Like