Passbolt SMTP TLS Problems

Hi Folks, i was successful in installing and running passbolt on Ubuntu 20.04, also the https Url in my internal network is working great with a self signed certificate by my windows CA. The issue i have is that passbolt is not sending e-mails.

I already set up the e-mail configuration in passbolt.php but first of all im using an internal smtp relay server on port 25 with anonymus access so there is no need for an user.

If i am using the command

./bin/cake passbolt send_test_email --recipient=mymail@mail.com

im getting following error:

A test email could not be sent.
Error: SMTP server did not accept the connection or trying to connect to non TLS SMTP server using TLS.

my passbolt.php configuration is the following for email:

 // Email configuration.
    'EmailTransport' => [
        'default' => [
            'host' => 'relayserver',
            'port' => 25,
            'username' => null,
            'password' => null,
            // Is this a secure connection? true if yes, null if no.
            'tls' => true,

Can someone help me please cause im going ot of ideas how to fix that!

cheers

No one can help? im still cant find any solution for that and passbolt ist not working without email

Can you tell a bit more about what protocol / port / options you are trying to configure it for? Like foes your SMTP relay have TLS or not?

  • If not: did you try setting 'tls'=> null as indicated in the file?
  • If yes: did you make sure the self signed root CA / whichever certificate chain is included on the passbolt server?

the smtp relay is using TLS (port 25) and working well with several other internal servers for notifications.

i already tried it with ‘tls’=> null the passbolt Server then returns that TLS is activated on the smtp relay

what i did is to implement the self signed root CA in to the Ubuntu 20.04 system. When i am reaching https://passboltserver the certificate and also the chain is visible and working
do i have to put the root ca in to another place especially for passbolt?

Sending email to: example@mail.com

Warning Error: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in [/usr/share/php/passbolt/vendor/cak ephp/cakephp/src/Network/Socket.php, line 503]

2021-04-23 14:47:08 Warning: Warning (2): stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error me ssages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in [/usr/share/php/passbolt/vendor/cak ephp/cakephp/src/Network/Socket.php, line 503]

Trace
[220] ml-if-smtprelay.muc.intrafind.de Microsoft ESMTP MAIL Service, Version: 8.5.9600.16384 ready at Fri, 23 Apr 2021 16: 47:08 +0200

EHLO localhost
[250] internalsmtprelaysrv Hello [192.168.10.15]
[250] TURN
[250] SIZE 33554432
[250] ETRN
[250] PIPELINING
[250] DSN
[250] ENHANCEDSTATUSCODES
[250] 8bitmime
[250] BINARYMIME
[250] CHUNKING
[250] VRFY
[250] TLS
[250] STARTTLS
[250] OK
STARTTLS
[220] 2.0.0 SMTP server ready

A test email could not be sent.
Error: SMTP server did not accept the connection or trying to connect to non TLS SMTP server using TLS.

Hello,

Indeed there seems to be an issue with certificate validation in the context of PHP CLI with OpenSSL. I’m not sure how the custom certificate chain can be provided, I suspect either through PHP cli configuration and/or OpenSSL.

The team look into it next week if we have time.

Hello, I have the same problem, has something been advanced?