Problem with E-Mail after Update

Checklist
[X] I have read intro post: About the Installation Issues category
[X] I have read the tutorials, help and searched for similar issues
[X] I provide relevant information about my server (component names and versions, etc.)
[X] I provide a copy of my logs and healthcheck
[X] I describe the steps I have taken to trouble shoot the problem
[X] I describe the steps on how to reproduce the issue

Hello,

we are not able to receive emails from our passbolt server automatically.
We dont get mails for password updates, recovery link etc…
If we push it manually we receive the mail.

The boxes under “Administration” are checked.
We did a health check wit this command:
sudo -H -u www-data bash -c “/usr/share/php/passbolt/bin/cake passbolt healthcheck”

Everything alright except HTTPS config since we havent activated it yet.

We get a message in the error log but it doesnt look like it has something to do with mail:
Command: sudo cat /var/log/passbolt/error.log

Output:
2022-02-07 11:16:30 Error: [Authentication\Authenticator\UnauthenticatedException] Authentication is required to continue in /usr/share/php/passbolt/vendor/cakephp/authentication/src/Controller/Component/AuthenticationComponent.php on line 177
Request URL: /resources.json?api-version=v2
Client IP: x.x.x.x

We did all the steps provided in here:

We changed the permissions with these commands:
sudo chown -R www-data:www-data /var/www/passbolt/tmp/
sudo chmod 775 $(find /var/www/passbolt/tmp/ -type d)
sudo chmod 664 $(find /var/www/passbolt/tmp/ -type f)

It worked before we installed the new version.
The mail itself is ok because we can get emails sent manually.

Does someone have any ideas to the problem?

Best regards

Steve

Hi @Peakmedia and welcome to passbolt community forum

How do you push or send emails manually ?

Is your cron job running ? If yes, and as it seems you had to update permissions, I guess you still have file permissions issues as explained in reason 6 of our FAQ page.

Can you tell us on which operating system name and version is running your current passbolt instance: cat /etc/os-release
And also passbolt version: cat /var/www/passbolt/config/version.php

Best,

Hello,

thank you for the quick reply.

We can send test emails with this command:
./bin/cake passbolt send_test_email --recipient=youremail@domain.com

OS Version Output:
NAME=“Ubuntu”
VERSION=“20.04.3 LTS (Focal Fossa)”
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME=“Ubuntu 20.04.3 LTS”
VERSION_ID=“20.04”
HOME_URL=“URL”
SUPPORT_URL=URL"
BUG_REPORT_URL=“URL”
PRIVACY_POLICY_URL=“URL”
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

If we do this command:
cat /var/www/passbolt/config/version.php

We get:
‘passbolt’ => [
‘version’ => ‘2.12.1’,
‘name’ => ‘Never Gonna Give You Up’

If we do the healthcheck provided here:

sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"

We get:
[PASS] Using latest passbolt version (3.5.0).

If we do the healthcheck command provided on the healthcheck site of our server we get:

sudo su -s /bin/bash -c "./bin/cake passbolt \
            healthcheck" www-data

[FAIL] This installation is not up to date. Currently using 2.12.1 and it should be v3.5.0.

If we do the healthcheck over the domain link (ourservercom/healthcheck) we get:

Using latest passbolt version (3.5.0).

The output of my cron jobs for www-data looks like this:

cat /var/spool/cron/crontabs/www-data

• • • • • /var/www/passbolt/bin/cake EmailQueue.sender
• • • • • /var/www/passbolt/bin/cron >> /var/log/passbolt.log

ls -l /var/spool/cron/crontabs/www-data
-rwxrwxrwx 1 www-data crontab 318 Feb 7 10:38 /var/spool/cron/crontabs/www-data

If i have a look at the database there are all emails in the queue but send tries is 0 for all the emails after the update.

Here’s the command
SELECT id,subject,sent,send_tries FROM email_queue

Last 3 Rows of the Output:
±----±----------------------------------------------------------------------------------------±-----±-----------+
| id | subject | sent | send_tries |
±----±----------------------------------------------------------------------------------------±-----±-----------+
| 676 | Your account recovery, Steve! | 0 | 0 |
| 677 | Your account recovery, Steve! | 0 | 0 |
| 678 | Your account recovery, Steve! | 0 | 0 |
±----±----------------------------------------------------------------------------------------±-----±-----------+

I tried these commands as well since i found them on other topics regarding emails

**Clear composer cache**
composer clear-cache
**clear cakephp cache**
./bin/cake cache clear_all
**delete the content of /vendor**
rm -rf vendor
**run composer install again**
composer install

And then try again:
./cake EmailQueue.sender

Did not work…

Hi, I see 2 things in your posts above.

It seems you still have 2 passbolt instances on your server, one in /var/www/passbolt (2.12 version) and the other one in /usr/share/php/passbolt (3.5.0)

Which kind of update did you performed ? If you upgraded passbolt from the “from source install” to the “package install”, I guess you followed this documentation: Passbolt Help | Migrate passbolt CE from install scripts to Ubuntu package Can you confirm this ?

If yes, you missed the Cleanup part at step 9, as you shouldn’t have any /var/www/passbolt directory nor /var/spool/cron/crontabs/www-data file.

Composer tasks are not needed with package installation.

From your passbolt web user interface, if you hover the heart at the bottom right, which version is displayed ? 2.21.1/3.5.0 or 3.5.0/3.5.0 ?

Cheers,

Hi and thank you for the response!

I can confirm that i did i did the update with the link you provided:
Passbolt Help | Migrate passbolt CE from install scripts to Ubuntu package

You are right, there were still those two folders.
I did the last steps now (9-10).

Do I have to delete the cron jobs aswell?

If i have a look on the heart on the webinterface it shows 3.5.0/3.5.0

BR Steve

Yes, they are not needed anymore as cron job is handled by /etc/cron.d/passbolt-ce-server

If you still not receive emails, you can try to run (it can be with root user):

/usr/share/php/passbolt/bin/cron

And you should see something like

Email XXX sent

Ok i removed the crontab for www-data.

I tried to run the cron job with sudo user but still no emails. There was no message with “Email XXX sent”.

My /etc/cron.d/passbolt-ce-server file:
PATH=/bin:/usr/local/bin:/usr/bin
PASSBOLT_BASE_DIR=/usr/share/php/passbolt

• • • • • www-data $PASSBOLT_BASE_DIR/bin/cron

My /usr/share/php/passbolt/bin/cron file:
set -euo pipefail

DIGEST_ENABLED=${PASSBOLT_PLUGINS_EMAIL_DIGEST_ENABLED:-0}

DIR=$(dirname “$(readlink -f “$0”)”)

if [[ “$DIGEST_ENABLED” = 0 ]]; then
“$DIR”/cake EmailQueue.sender
else
“$DIR”/cake passbolt email_digest send
fi

If we do a ls -l /usr/share/php/passbolt/bin/:
-rwxr-xr-x 1 root root 2242 Dec 18 11:00 cake
-rw-r–r-- 1 root root 861 Dec 18 11:00 cake.bat
-rwxr-xr-x 1 root root 406 Dec 18 11:00 cake.php
-rwxr-xr-x 1 root root 364 Dec 18 11:00 cron
-rwxr-xr-x 1 root root 226 Dec 18 11:00 healthcheck
-rwxr-xr-x 1 root root 450 Dec 18 11:00 status-report
-rw-r–r-- 1 root root 1280 Dec 18 11:00 utils.sh
-rwxr-xr-x 1 root root 353 Dec 18 11:00 versions

I can see the cron job runs every minute in the syslog but nothing is sent:
Feb 8 10:20:01 pmwiki CRON[73947]: (www-data) CMD ($PASSBOLT_BASE_DIR/bin/cron)

If i do a preview of the EmailQueue i can see all the mails in the queue.
Command: sudo /usr/share/php/passbolt/bin/cake EmailQueue.preview

Hi,

I set the same email settings as you in a testing ubuntu instance and I receive emails.

Can you post the full output of these SQL requests:

> SELECT value FROM organization_settings WHERE property = 'emailNotification' \G
> SELECT id, config, template, layout, theme, format, sent, locked, send_tries, attachments, error FROM email_queue \G

And also the full output of these commands:

> sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
> sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake migrations status"
> sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt datacheck --hide-success-details"

In the meanwhile, you can also try to clear cache:

sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"

Best,

**MariaDB [xxx]> SELECT value FROM organization_settings WHERE property = 'emailNotification' \G**
*************************** 1. row ***************************
value: {"purify":{"subject":false},"show":{"comment":true,"description":true,"secret":true,"uri":true,"username":true},"send":{"comment":{"add":false},"password":{"create":false,"share":true,"update":true,"delete":true},"user":{"create":true,"recover":true},"admin":{"user":{"setup":{"completed":true}}},"group":{"delete":false,"user":{"add":false,"delete":false,"update":false},"manager":{"update":false}}}}
1 row in set (0.000 sec)

**MariaDB [xxx]> SELECT id, config, template, layout, theme, format, sent, locked, send_tries, attachments, error FROM email_queue \G**

This one is 600 rows long. You could download it here:

**sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"**
     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
 Healthcheck shell
-------------------------------------------------------------------------------

 Environment

 [PASS] PHP version 7.4.3.
 [PASS] PCRE compiled with unicode support.
 [FAIL] The temporary directory and its content are not writable, or are executable.
 [HELP] Ensure the temporary directory and its content are writable by the webserver user.
 [HELP] you can try:
 [HELP] sudo chown -R www-data:www-data /var/lib/passbolt/tmp/
 [HELP] sudo chmod -R 775 $(find /var/lib/passbolt/tmp/ -type d)
 [HELP] sudo chmod -R 664 $(find /var/lib/passbolt/tmp/ -type f)
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to http://xxx
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [PASS] SSL peer certificate validates
 [PASS] Hostname is matching in SSL certificate.
 [PASS] Not using a self-signed certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 26 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.
 [PASS] The server public key format is Gopengpg compatible.
 [PASS] The server private key format is Gopengpg compatible.

 Application configuration

 [PASS] Using latest passbolt version (3.5.0).
 [PASS] Passbolt is configured to force SSL use.
 [FAIL] App.fullBaseUrl is not set to HTTPS.
 [HELP] Check App.fullBaseUrl url scheme in config/passbolt.php.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [PASS] The /etc/passbolt/jwt/ directory is not writable.
 [PASS] A valid JWT key pair was found

 [FAIL] 2 error(s) found. Hang in there!

sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake migrations status"**
using migration paths
 - /etc/passbolt/Migrations
using seed paths
 - /etc/passbolt/Seeds
using environment default

 Status  Migration ID    Migration Name
-----------------------------------------
     up  20170830064410  V162InitialMigration
     up  20170830065037  V200ActiveMustBeBoolean
     up  20170830065038  V200DropUnusedProfileFields
     up  20170830065039  V200IncreaseEmailSize
     up  20170830065040  V200DropUnusedCreatedBy
     up  20170830065041  V200MigrateUUID
     up  20170830065042  V200MigrateKeyField
     up  20171002061834  V200DropUnusedResourceFields
     up  20171006141922  V200AddFavoriteModifiedField
     up  20171009093000  V200DropUnusedPermissionTypesTable
     up  20171009093001  V200MigrateEmailsTable
     up  20171009093002  V200MigrateFileStorageTable
     up  20171025154754  V200AddCommentsUserIdField
     up  20180102065042  V200MigrateForeignIdField
     up  20180102180000  V200DropUnusedTables
     up  20180102221500  V200AddMissingTablesIndexes
     up  20180413171600  V202ForceColumnsCharset
     up  20180503135810  V210InstallAccountSettingsPlugin
     up  20180930151500  V240AddAuthenticationTokenType
     up  20181002171600  V240ExtendAccountSettingsPlugin
     up  20181210170000  V270AddMissingIndexes
     up  20190106170300  V280AdditionalEmailMigration
     up  20190106170301  V280AdditionalFileStorageMigration
     up  20190106170302  V280FileDirectoryPathsMigrations
     up  20190112124290  V270AddActionsTable
     up  20190112124300  V270AddActionLogsTable
     up  20190121111100  V270AddEntitiesHistoryTable
     up  20190121121100  V270AddPermissionsHistoryTable
     up  20190211124300  V270AddSecretsHistoryTable
     up  20190221124300  V270AddSecretAccessesTable
     up  20190512115400  V2100AddOrganizationSettingsTable
     up  20190623143400  V2110ExtendKeyIdSizeField
     up  20190923103000  V2120UpdateEmailQueue
     up  20191119160000  V2120DropUnusedTables
     up  20200108135000  V2130DropLegacyAnonymousUser
     up  20200319135000  V2130SoftDeleteGpgKeysForSoftDeletedUsers
     up  20200501182000  V2130ReconcileLoginHistory
     up  20200806110200  V300ExtendSecretsDataField
     up  20200806110201  V300AddResourceTypeIdField
     up  20200806110202  V300AddResourceTypesTable
     up  20200806110203  V300AddResourceTypesDefaultData
     up  20200806110204  V300AddResourceTypesToResources
     up  20200824191900  V2136CleanupUnusedActionLogs
     up  20200824191901  V2136AddActionLogsRelatedIndexes
     up  20201221093528  V300DeleteMetadataOfSoftDeletedResources
     up  20210111163200  V300AddActionLogsExtraIndex
     up  20210121141742  V320AddAvatarsTable
     up  20210125212543  V320TransferFileStorageToAvatars
     up  20210206521254  V320DropFileStorage
     up  20210329110000  V320FixResourceTypesDefaultData
     up  20210427124200  V330AddMobileTransferTable
     up  20211027202137  V331ConvertEmailVariablesToJson
     up  20211121231300  V340MigrateASCIIFieldsEncoding
     up  20211122732400  V350ConvertIdFieldsToUuidFields
     up  20211215180000  V350RemovePermissionsTypeIndex
     up  20211215180001  V350AddPermissionsCombinedIndex
     up  20220103180000  V350IncreaseResourcesNameUsernameColumnsSize
     up  20220103180001  V350IncreaseResourcesNameUsernameLengthInResourceTypes

sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt datacheck --hide-success-details"**

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
Data check shell
[PASS] Data integrity for AuthenticationTokens.
  [PASS] Can validate: 2143/2143
[PASS] Data integrity for Comments.
  [PASS] Can validate: 0/0
[PASS] Data integrity for Favorites.
  [PASS] Can validate: 27/27
[PASS] Data integrity for Gpgkeys.
  [PASS] Can encrypt: 33/33
  [PASS] Can validate: 33/33
  [PASS] Is not expired: 33/33
  [PASS] Is armored key format valid: 33/33
  [PASS] Is email unique: 33/33
[PASS] Data integrity for Groups.
  [PASS] Can validate: 8/8
[PASS] Data integrity for Profiles.
  [PASS] Can validate: 50/50
[PASS] Data integrity for Resources.
  [PASS] Can validate: 835/835
[PASS] Data integrity for Secrets.
  [PASS] Can validate: 17677/17677
[PASS] Data integrity for Users.
  [PASS] Can validate: 50/50

I can see this failing now. But where ist this temp folder located?
How do i have to set the permissions on this?

BR Steve

Hi,

Yes, I guess it is your issue. You have commands in the healthcheck output to fix passbolt tmp folder issues (chown and chmod):

This can occurs if you run passbolt command as root instead of www-data user.

Cheers,

It is OK now on the healthcheck but still not receiving emails

sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"

 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 7.4.3.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to pmwiki.at
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 26 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.

Application configuration

[PASS] Using latest passbolt version (3.5.0).
[PASS] Passbolt is configured to force SSL use.
[FAIL] App.fullBaseUrl is not set to HTTPS.
[HELP] Check App.fullBaseUrl url scheme in config/passbolt.php.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

JWT Authentication

[PASS] The JWT Authentication plugin is enabled
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found

[FAIL] 1 error(s) found. Hang in there!

I cleared the cache again and it works now!!

Thank you for the efford

BR Steve

Great news Thanks for sharing logs and debugging informations, I’m pretty sure it will help others.

Best regards,