Sign in emails are not sent

Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

Hi all,

Have been using self-hosted Passbolt for a while now and recently ran into a strange issue - that I have yet to be able to solve. I have had to sign out of the website and now can’t sign in again. Strange thing is that my phone via the Passbolt app is still able to sign in and works fine.

Server info:
OS: Fedora Server 35
Selinux: Permissive
Passbolt Version: 3.12

Things that have been tried:

  1. Reboot
  2. Edited /etc/passbolt/app.php and setting my sender email in line:266
  3. Run ./bin/cake EmailQueue.sender doesnt do anything or nothing is written to log files
  4. Run ./bin/cake EmailQueue.preview can see a lot of emails here, that hasn’t been sent?

Healthcheck looks ok

Healthcheck
     ____                  __          ____  
    / __ \____  _____ ____/ /_  ____  / / /_ 
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
 /_/    \__,_/____/____/_.___/\____/_/\__/   

 Open source password manager for teams
-------------------------------------------------------------------------------
 Healthcheck shell         
-------------------------------------------------------------------------------

 Environment

 [PASS] PHP version 8.1.15.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://XXXX
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [PASS] SSL peer certificate validates
 [PASS] Hostname is matching in SSL certificate.
 [PASS] Not using a self-signed certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 30 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
 [PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php.
 [PASS] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.
 [PASS] The server public key format is Gopengpg compatible.
 [PASS] The server private key format is Gopengpg compatible.

 Application configuration

 [PASS] Using latest passbolt version (3.12.0).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [INFO] The Self Registration plugin is enabled.
 [INFO] Registration is closed, only administrators can add users.
 [WARN] The deprecated self registration public setting was found in /etc/passbolt/passbolt.php.
 [HELP] You may remove the "passbolt.registration.public" setting.
 [WARN] Host availability checking is disabled.
 [HELP] Make sure this instance is not publicly available on the internet.
 [HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
 [HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
 [PASS] Serving the compiled version of the javascript app.
 [WARN] Some email notifications are disabled by the administrator.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [PASS] The /etc/passbolt/jwt/ directory is not writable.
 [PASS] A valid JWT key pair was found

 SMTP Settings

 [PASS] The SMTP Settings plugin is enabled.
 [PASS] SMTP Settings coherent. You may send a test email to validate them.
 [PASS] The SMTP Settings source is: database.
 [WARN] The SMTP Settings plugin endpoints are enabled.
 [HELP] It is recommended to disable the plugin endpoints.
 [HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
 [HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.

 [PASS] No error found. Nice one sparky!

Sending test emails also work fine

Send test email
     ____                  __          ____  
    / __ \____  _____ ____/ /_  ____  / / /_ 
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
 /_/    \__,_/____/____/_.___/\____/_/\__/   

 Open source password manager for teams
-------------------------------------------------------------------------------
 Debug email shell
-------------------------------------------------------------------------------
Email configuration
-------------------------------------------------------------------------------
Host: smtp.gmail.com
Port: 587
Username: XXXX@gmail.com
Password: *********
TLS: true
Sending email from: Akina <XXXX@gmail.com>
Sending email to: XXXX@gmail.com
-------------------------------------------------------------------------------
Trace
[220] smtp.gmail.com ESMTP gx20-20020a1709068a5400b00931faf03db0sm3540692ejc.27 - gsmtp
 EHLO localhost
[250] smtp.gmail.com at your service, [XXXX]
[250] SIZE 35882577
[250] 8BITMIME
[250] STARTTLS
[250] ENHANCEDSTATUSCODES
[250] PIPELINING
[250] CHUNKING
[250] SMTPUTF8
 STARTTLS
[220] 2.0.0 Ready to start TLS
 EHLO localhost
[250] smtp.gmail.com at your service, [XXXX]
[250] SIZE 35882577
[250] 8BITMIME
[250] AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
[250] ENHANCEDSTATUSCODES
[250] PIPELINING
[250] CHUNKING
[250] SMTPUTF8
 AUTH PLAIN XXXXXXXX==
[235] 2.7.0 Accepted
 MAIL FROM:<XXXX@gmail.com>
[250] 2.1.0 OK gx20-20020a1709068a5400b00931faf03db0sm3540692ejc.27 - gsmtp
 RCPT TO:<XXXX@gmail.com>
[250] 2.1.5 OK gx20-20020a1709068a5400b00931faf03db0sm3540692ejc.27 - gsmtp
 DATA
[354] Go ahead gx20-20020a1709068a5400b00931faf03db0sm3540692ejc.27 - gsmtp
 From: Akina <XXXX@gmail.com>
To: XXXX@gmail.com
Date: Sun, 02 Apr 2023 19:54:31 +0000
Message-ID: <30cdb40bb52f4fb8bd8ce83d25438090@XXXX>
Subject: Passbolt test email
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Congratulations!
If you receive this email, it means that your passbolt smtp configuration is working fine.

.
[250] 2.0.0 OK  1680465271 gx20-20020a1709068a5400b00931faf03db0sm3540692ejc.27 - gsmtp
 QUIT
The message has been successfully sent!

Debug log file

Debug log file

2022-12-11 21:41:01 info: SMTP Settings were detected in env.

Error log file

Error log file
2023-04-03 06:09:40 error: [Authentication\Authenticator\UnauthenticatedException] Authentication is required to continue in /usr/share/php/passbolt/vendor/cakephp/authentication/src/Controller/Component/AuthenticationComponent.php on line 177
Request URL: /auth/is-authenticated.json
Client IP: 192.168.0.62

Hey @dkwolf welcome to the forum!

To start, generally it is not a good idea to edit /etc/passbolt/app.php usually you’ll only want to edit settings in /etc/passbolt/passbolt.php

For SMTP in particular the configs are stored in the database so all changes to the email server settings should be done via the webUI.

To get a better idea of what the issue is with the email server you’ll likely want to check the database. The following query should do the trick:

select email, subject, error, created, sent from email_queue;

Yeah I know it’s risky to change the app.php file, but there is nothing in my passbolt.php file about SMTP or anything else.

The database doesn’t give any info if any errors where seen, so I’m pretty confused

Database info

MariaDB [Passbolt]> select email, subject, error, created, sent from email_queue;
±---------------±--------------------------------------------------------------------------±------±--------------------±-----+
| email | subject | error | created | sent |
±---------------±---------------------------------------------------------------------------±------±------------------------±-----+
| xxxxxx@xxxx.dk | Thomas just activated their account on passbolt | NULL | 2022-12-11 21:41:50 | 1 |
| xxxxxx@xxxx.dk | You added the password xxxxxxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:17:00 | 1 |
| xxxxxx@xxxx.dk | You added the password xxxxxxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:18:00 | 1 |
| xxxxxx@xxxx.dk | You added the password xxxxxxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:18:28 | 1 |
| xxxxxx@xxxx.dk | You added the password xxxxxxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:18:49 | 1 |
| xxxxxx@xxxx.dk | You added the password xxxxxxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:19:12 | 1 |
| xxxxxx@xxxx.dk | You added the password xxxxxxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:19:46 | 1 |
| xxxxxx@xxxx.dk | You added the password xxxxxxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:19:58 | 1 |
| xxxxxx@xxxx.dk | You added the password xxxxxxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:20:12 | 1 |
| xxxxxx@xxxx.dk | You added the password xxxxxxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:20:29 | 1 |
| xxxxxx@xxxx.dk | You added the password xxxxxxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:21:12 | 1 |
| xxxxxx@xxxx.dk | You added the password xxxxxxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:21:38 | 1 |
| xxxxxx@xxxx.dk | You added the password xxxxxxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:22:15 | 1 |
| xxxxxx@xxxx.dk | You added the password xxxxxxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:22:51 | 1 |
| xxxxxx@xxxx.dk | You added the password xxxxxxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:23:38 | 1 |
| xxxxxx@xxxx.dk | You added the password xxxxxxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:24:06 | 1 |
| xxxxxx@xxxx.dk | Thomas edited the password xxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:25:19 | 1 |
| xxxxxx@xxxx.dk | Thomas edited the password xxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:25:28 | 1 |
| xxxxxx@xxxx.dk | Thomas edited the password xxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:25:36 | 1 |
| xxxxxx@xxxx.dk | Thomas edited the password xxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:25:51 | 1 |
| xxxxxx@xxxx.dk | Thomas edited the password xxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:25:57 | 1 |
| xxxxxx@xxxx.dk | Thomas edited the password xxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:26:04 | 1 |
| xxxxxx@xxxx.dk | Thomas edited the password xxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:26:21 | 1 |
| xxxxxx@xxxx.dk | Thomas edited the password xxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:26:35 | 1 |
| xxxxxx@xxxx.dk | Thomas edited the password xxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:26:52 | 1 |
| xxxxxx@xxxx.dk | Thomas edited the password xxxxxxxxxxxxxxxxxxxxx | NULL | 2022-12-21 21:27:49 | 1 |
±---------------±--------------------------------------------------±------±--------------------±-----+
26 rows in set (0.001 sec)

That is a bit surprising. It looks like the last email sent was in December. Could you navigate to your URL and try to sign in so it tries to send you an email and see if anything is updated with that query?

yeah just tried that and nothing happens, so yeah I guess the issue is that the email is never put into the queue table and then nothing gets sent out… strange thing that noting is in the error logs about entries not being put into the database

Yea, that is a bit surprising. Do you happen to recall all the changes you made to app.php? Also since the most recent email in the database was from December do you recall anything you may have changed around then?

hey,

nothing really, just changed the app.php today as a test to see if that would help. The December date was when I first installed it and tried to get it to fully work - just been too busy to sit down and look into the issue before now. Have almost every install had issues with sending out mails, starting to suspect it being connected with Fedora and SeLinux security, so I’ll start digging into that more - even though it is turned off now, something is blocking the inset into the database table, so the emails never really try to leave my server.

Here are some more questions for you:

  • Do you have additional passbolt databases from previous installs? Is it possible that there are unsent emails showing in a different database? That maybe your configuration is pointed to an old database?
  • Do you have more than one passbolt installation on the same machine? If so, do you have a separate CRON job for each installation?
  • Are you seeing errors in php or mysql logs? (Sometimes mysql errors logs are in /var/lib/mysql somewhere and not /var/log)

Nope, it was a clean installed server just for use with Passbolt. And when I login in from my mobile I can see the entry in the table action_logs - this users is the same one as I try to login with on my normal desktop

Nope fresh installed machine

nothing in the log file location at /var/log/mariadb/mariadb.log or /var/log/nginx/error.log

But hmm have found something strange, in Organization_settings I can see this

Organization_settings

{
“purify”:{
“subject”:false
},
“show”:{
“comment”:false,
“description”:false,
“secret”:false,
“uri”:false,
“username”:false
},
“send”:{
“comment”:{
“add”:false
},
“password”:{
“create”:false,
“share”:false,
“update”:false,
“delete”:false
},
“user”:{
“create”:false,
“recover”:false,
“recoverComplete”:false
},
“admin”:{
“user”:{
“setup”:{
“completed”:false
},
“recover”:{
“abort”:false,
“complete”:false
}
}
},
“group”:{
“delete”:false,
“user”:{
“add”:false,
“delete”:false,
“update”:false
},
“manager”:{
“update”:false
}
}
}
}

All of them are false… this might be why nothing happens when I try to login, but no clue as to HOW it was set like that and why it would be able to get set like that so you can lock your self out :smiley:

1 Like

It was April 1 just a few days ago…

(not suggesting passbolt did this as that is outside of their practices, just adding humor to the surprise find)

Ah issue has been solved now! For some strange reason an update has set all the email triggers to false… No clue as to when and how. But set them all to “true” for now and I tried to log in and could see an entry into email_queue after about 2 seconds and got the “sent” value of 1 after about 5 seconds.
So yeah if anyone else should end up with this issue here is the fix!

  • Login to you machine
  • Connect to your MariaDB with “mysql -u PASSBOLTUSER -p PASSBOLTDATABASENAME -h 127.0.0.1” then type in the password when prompted
  • Run the command “select id, value from organization_settings;” then find the id for the line starting with “purify…”, copy the id to Notepad or other tool
  • Run the command "update organization_settings set value = ‘{“purify”:{“subject”:true},“show”:{“comment”:true,“description”:true,“secret”:true,“uri”:true,“username”:true},“send”:{“comment”:{“add”:true},“password”:{“create”:true,“share”:true,“update”:true,“delete”:true},“user”:{“create”:true,“recover”:true,“recoverComplete”:true},“admin”:{“user”:{“setup”:{“completed”:true},“recover”:{“abort”:true,“complete”:true}}},“group”:{“delete”:true,“user”:{“add”:true,“delete”:true,“update”:true},“manager”:{“update”:true}}}}’ where id = ‘IDFROMABOVE’;
  • Restart nginx with “sudo systemctl restart nginx”
  • Login again now works and you can disable the email notifications you don’t like

All done :slight_smile:

Glad you got it worked out!

These db settings reflect the choices found in Administration > Email Notifications:

Are you also able to view your setting there?

hey,

yeah got them all in there now, everything was turned on after my “fix”, got it all setup like I want now. And it all looks fine.

1 Like