Passbolt settings for postfix SMTP (send-only)

I have setup a Postfix send-only server on Ubuntu, based on this guide:

I can send test emails successfully (they don’t go to spam), but I can’t get it to work with my Passbolt installation. It’s always the error ‘connection refused’, for tcp://localhost:587. Any particular settings you can recommend? Thanks in advance.

Hello, welcome to the forum! :slight_smile:

We need more informations about what is happening.

Could you please fill the checklist?

I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

With thoses informations, it will be easier for me to reproduce your issue.

Thanks in advance


Thank you for the prompt response! Here are the relevant information regarding our setup:
OS: Ubuntu 22.04.1 LTS

nginx 1.18.0-6ubuntu14.3
mysql 5.8+1.0.8
php 8.1
passbolt-ce-server/focal,now 3.8.3-1

postfix 3.6.4-1ubuntu1

The installation instructions, I got from the official Passbolt help:

My SMTP settings are as follows:
Email provider: Other
Authentication method: None
SMTP host: localhost
Use TLS: Yes
Port: 587

This is the error I get:
“stream_socket_client(): Unable to connect to tcp://localhost:587 (Connection refused)”

I suspect there is something wrong with my SMTP server settings for Passbolt, since I can send email via mail (bash) and ports 587 and 465 are allowed in the firewall.
Thanks in advance!

Hi @Bert if you are installing postfix locally, the firewall ports for incoming traffic do not need to be open, especially if you are attempting SMTP without authentication. The inet_interfaces setting to loopback should prevent postfix from listening on all ports, but no need to open ports that won’t be needed.

Postfix will listen on local ports and you might want to try for the host. Also, TLS would not be needed because you are connecting locally, compared to coming in from an external source.

Making these changes may not completely resolve the issue, but might get you different errors to pursue.