SMTP + docker + AWS SES doesn;t work

mvarelamobeats · May 2, 2025, 3:57pm

I installed Passbolt 5.0.0 with Docker on Linux. I’m using SES. The user works externally, but not in Passbolt. The instance ports are open. The credentials are valid externally. Has anyone had this issue? I couldn’t find it. I used username with and without the @domain.com

Email could not be sent: SMTP Error: 530 Authentication required
See trace

[220] ESMTP SimpleEmailService-d-E4NJUWFKC dfkYifDaGe42THICjosV
EHLO passvault.*****
[250] email-smtp.amazonaws.com
[250] 8BITMIME
[250] STARTTLS
[250] AUTH PLAIN LOGIN
[250] Ok
STARTTLS
[220] Ready to start TLS
EHLO passvault.**.com
[250]
[250] 8BITMIME
[250] STARTTLS
[250] AUTH PLAIN LOGIN
[250] Ok
**AUTH PLAIN *******
[535] Authentication Credentials Invalid

AnatomicJC · May 3, 2025, 8:45am

Hi, you should use dedicated credentials and not your current one.

https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html

You’re probably using standard AWS Access Key ID + Secret Access Key, but Amazon SES SMTP does not accept those directly. It expects a converted SMTP password, derived from your IAM Secret Access Key.

Fix it: How to generate valid SES SMTP credentials

Create an IAM user (or use an existing one) with at least the AmazonSESFullAccess or AmazonSES_SendOnlyAccess policy.
In the IAM Console, go to Security Credentials and create an Access Key for that user.
Convert that access key pair to SMTP credentials using the official AWS tool:

Go to this page:
https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html
Scroll to: “Converting Your AWS Credentials to SMTP Credentials”
Use the Python script or AWS-provided online converter (via the IAM console).
- This will generate the SMTP password (not the same as the secret access key).

Use the Access Key ID as your SMTP username
And the converted SMTP password as your SMTP password

Let me know if it helps

Best,

mvarelamobeats · May 5, 2025, 12:33pm

Thanks, that works for me.
Iam user is already created with smtp credentials

mvarelamobeats · May 5, 2025, 7:05pm

Hello, I have this Docker Compose, when I restart it or down and up I always have to do the setup again, as well as add the permissions to the keys already generated```
version: ‘3’

services:
passbolt:
image: passbolt/passbolt:latest
ports:
- “587:587”
- “443:443”
- “80:80”
environment:
- DATABASE_HOST=db
- DATABASE_USER=passbolt
- DATABASE_PASSWORD=passbolt
- DATABASE_NAME=passbolt
- APP_FULL_BASE_URL=https://passvault00000000.com
- EMAIL_TRANSPORT_DEFAULT_HOST=email-smtp.us-east-1.amazonaws.com
- EMAIL_TRANSPORT_DEFAULT_PORT=587
- EMAIL_TRANSPORT_DEFAULT_USERNAME=passvault@
- EMAIL_TRANSPORT_DEFAULT_PASSWORD=passbolt
volumes:
- passbolt_data:/var/www/passbolt
- passbolt_logs:/var/log/passbolt
- gpg_volume:/etc/passbolt/gpg
- jwt_volume:/etc/passbolt/jwt
command:
[
“/usr/bin/wait-for.sh”,
“-t”,
“0”,
“db:3306”,
“–”,
“/docker-entrypoint.sh”,
]
depends_on:
- db

db:
image: mysql:5.7
environment:
- MYSQL_ROOT_PASSWORD=passbolt
- MYSQL_DATABASE=passbolt
- MYSQL_USER=passbolt
- MYSQL_PASSWORD=passbolt
volumes:
- db_data:/var/lib/mysql

volumes:
passbolt_data:
passbolt_logs:
db_data:
gpg_volume:
jwt_volume:

Termindiego25 · May 6, 2025, 5:54pm

Are any errors showing up in the logs?
Is this behaviour similar to this one?
https://community.passbolt.com/t/docker-error-when-restarting-server