Notification mails not send but Testmail working

matthias.graehn · February 4, 2021, 11:38am

Checklist
[x] I have read intro post: About the Installation Issues category
[x] I have read the tutorials, help and searched for similar issues
[x] I provide relevant information about my server (component names and versions, etc.)
[x] I provide a copy of healthcheck
[x ] I describe the steps I have taken to trouble shoot the problem
[ ] I describe the steps on how to reproduce the issue

Hi,
I installed the passbold (community edition) via installation script on a Ubuntu Server 18.04 (virtual machine) within a private Network (.local-Domain). With 2GB RAM
PHP is PHP 7.2.24, MariaDB Ver 15.1 Distrib 10.1.47-MariaDB, nginx/1.14.0, passbolt version 2.13.5

Check is ok:

 Open source password manager for teams
---------------------------------------------------------------
 Healthcheck shell       
---------------------------------------------------------------

 Environment

 [PASS] PHP version 7.2.24-0ubuntu0.18.04.7.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable.
 [PASS] The public image directory and its content are writable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://passbolt.edu-werkstatt.local
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [PASS] SSL peer certificate validates
 [PASS] Hostname is matching in SSL certificate.
 [WARN] Using a self-signed certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 23 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
 [PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server gpg key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.

 Application configuration

 [PASS] Using latest passbolt version (2.13.5).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

 No error found. Nice one sparky!

Emails send via sudo su -s /bin/bash -c "./bin/cake passbolt send_test_email is ok.

But all notification mails are not sent. Cronjob is running every minute. No errors are shown in /var/log/passbolt.log or /var/www/passbold/logs/error.log

Within the database the messages are locked (1) If I reset the locking to 0 they go into state 1 after the cron job has been running.

What ca I do about this?

Regards Matt

garrett · February 4, 2021, 1:35pm

@matthias.graehn Hi Matt, welcome to the forum!

Since this is a fresh install can you share your SMTP setup/config? Take out enough of the sensitive data to make it appropriate to post.

Maybe also check the mysql and syslog logs to see if there is anything there.

matthias.graehn · February 4, 2021, 2:00pm

That are the lines from config/passbold.php

// Email configuration.
'EmailTransport' => [
    'default' => [
        'host' => 'smtp.gmail.com',
        'port' => 587,
        'username' => 'support@edu-werkstatt.de',
        'password' => '*************',
        // Is this a secure connection? true if yes, null if no.
        'tls' => true,
        //'timeout' => 30,
        //'client' => null,
        //'url' => null,
    ],
],
'Email' => [
    'default' => [
        // Defines the default name and email of the sender of the emails.
        'from' => ['support@edu-werkstatt.de' => 'EDU-Werkstatt Support'],
        'charset' => 'utf-8',
        //'headerCharset' => 'utf-8',
    ],
],

Within syslog theres nothing suspicious just the regular messages from the cron job

Feb  4 13:52:01 edu-ws_vm_slave_duck CRON[74391]: (www-data) CMD (/var/www/passbolt/bin/cake EmailQueue.sender >> /var/log/passbolt.log)
Feb  4 13:53:01 edu-ws_vm_slave_duck CRON[74405]: (www-data) CMD (/var/www/passbolt/bin/cake EmailQueue.sender >> /var/log/passbolt.log)
Feb  4 13:54:01 edu-ws_vm_slave_duck CRON[74426]: (www-data) CMD (/var/www/passbolt/bin/cake EmailQueue.sender >> /var/log/passbolt.log)

The logfile /var/log/passbold.log is completely empty. Permissions seem to be ok.
The logfile from maiadb shows no error for today.

garrett · February 4, 2021, 2:09pm

@matthias.graehn Thanks, these look okay to me. Since you are running a local version, maybe you could try setting the client to a domain or ip address so Gmail has something to verify. It passes “localhost” by default and I think Gmail doesn’t like that. Another thought was about using an app password from Gmail.

matthias.graehn · February 4, 2021, 2:44pm

thanks for taking care of this:

I have already seen this post

and changed the config to the values suggested:

'EmailTransport' => [
    'default' => [
        'host' => 'smtp-relay.gmail.com',
        'port' => 587,
        'username' => 'support@edu-werkstatt.de',
        'password' => '*********************',
        // Is this a secure connection? true if yes, null if no.
        'tls' => true,
        //'timeout' => 30,
        'client' => '213.61.178.152',
        //'url' => null,
    ],
],

But still no luck.
What I do not understand is why is testmail working and the queue not. Is this a different process using another library or class? Or do I have to set up a MTA locally? But it should work right away, shouldn it?

Email configuration
---------------------------------------------------------------
Host: smtp-relay.gmail.com
Port: 587
Username: support@edu-werkstatt.de
Password: *********
TLS: true

Sending email from: EDU-Werkstatt Support <support@edu-werkstatt.de>
Sending email to: matthias.graehn@edu-werkstatt.de
---------------------------------------------------------------

Trace
[220] smtp-relay.gmail.com ESMTP j16sm327449wro.11 - gsmtp
> EHLO 213.61.178.152
[250] smtp-relay.gmail.com at your service, [213.61.178.154]
[250] SIZE 157286400
[250] 8BITMIME
[250] STARTTLS
[250] ENHANCEDSTATUSCODES
[250] PIPELINING
[250] CHUNKING
[250] SMTPUTF8
> STARTTLS
[220] 2.0.0 Ready to start TLS
> EHLO 213.61.178.152
[250] smtp-relay.gmail.com at your service, [213.61.178.154]
[250] SIZE 157286400
[250] 8BITMIME
[250] AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
[250] ENHANCEDSTATUSCODES
[250] PIPELINING
[250] CHUNKING
[250] SMTPUTF8
> AUTH LOGIN
[334] VXNlcm5hbWU6
> *****
[334] UGFzc3dvcmQ6
> *****
[235] 2.7.0 Accepted
> MAIL FROM:<*****>
[250] 2.1.0 OK j16sm327449wro.11 - gsmtp
> RCPT TO:<matthias.graehn@edu-werkstatt.de>
[250] 2.1.5 OK j16sm327449wro.11 - gsmtp
> DATA
[354] Go ahead j16sm327449wro.11 - gsmtp
> From: "EDU-Werkstatt Support" <*****>
To: matthias.graehn@edu-werkstatt.de
Date: Thu, 04 Feb 2021 14:27:11 +0000
Message-ID: <6a6aef38885f46beb59b72c8f140bbb4@edu-ws_vm_slave_duck>
Subject: Passbolt test email
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Congratulations!
If you receive this email, it means that your passbolt smtp configuration is working fine.

I am wondering why the /var/log/passbold.log ist still empty if something went wrong.

Any further ideas? Maybe I sould debug the cake file to see whats going on there.

Thanks and Regards
Matt

garrett · February 4, 2021, 3:21pm

@matthias.graehn Ah, okay so you are using smtp-relay and not smtp. No local MTA should be needed.

Most of the recent discussion around smtp-relay at Gmail was in the scenario of no-auth setups which is different than your case.

Passbolt Help | Why are my emails not being sent? mentions the setttings from within the app itself - are email notifications enabled?

matthias.graehn · February 4, 2021, 4:09pm

yes I switched from smtp.gmail.com to smtp-relay.gmail.com which does work as well for the test mail but does not make any difference for the notifications.

I also checked all the points from the Passbolt Help | Why are my emails not being sent? before I created this post.

I had the error before

Exception: SQLSTATE[42S22]: Column not found: 1054 Unknown column ‘EmailQueue.to’ in ‘field list’ ...

but was able to get rid of it through some other posts. Remove /vendor, clean cache etc.

Should I switch back to smtp.gmail.com then.

garrett · February 4, 2021, 7:08pm

@matthias.graehn Just to confirm: you are receiving an email to your matthias.graehn@edu-werkstatt.de account after the test email command, right? If you are, the notifications from the app should deliver okay.

The part you quoted above will show even if the mail server does not deliver the message for another reason - it might accept the message, but won’t deliver it. It might get quarantined, for example.

If your domain does not require smtp-relay then I would not use it.

You can also turn on debug temporarily as shown here. Maybe that will produce something. Check your /var/www/passbolt/logs folder for a debug.log file. If it’s not there you can create and grant permission to the web server.

Hugo7 · February 5, 2021, 8:17am

Hi,
Try to enter in the /usr/share/php/passbolt repertories and enter the following command:
./bin/cake cache clear_all
Then, try to resend it

matthias.graehn · February 5, 2021, 3:42pm

Hi there,

I found the problem and resolved it. For any reason the email, from_email , from_name in the table email_queue were empty. But I do not know how this happened. If I now do an action at least the email is filled within the Table. And since the values are there (in the mail) I guess they are taken from config . It is working now.

Thanks for your patience.

Regards
Matt