Unable to send emails

Checklist
[X] I have read intro post: about-the-installation-issues-category/12
[X] I have read the tutorials, help and searched for similar issues
[X] I provide relevant information about my server (component names and versions, etc.)
[X] I provide a copy of my logs and healthcheck
[X] I describe the steps I have taken to trouble shoot the problem
[X] I describe the steps on how to reproduce the issue

short version: I think Cake does not support cram-md5/digest password cipher.

long version: Dear Passbolt community: I’m unable to send emails.
My environment is a docker container installed with the following commands:

docker network create --driver=bridge --subnet=172.50.50.0/24 --gateway=172.50.50.1 passbolt-subnet

docker run --detach --restart unless-stopped --name passbolt-db --net passbolt-subnet --ip 172.50.50.20 --env MYSQL_ROOT_PASSWORD=REDACTED --env MYSQL_DATABASE=REDACTED --env MYSQL_USER=REDACTED --env MYSQL_PASSWORD=REDACTED --volume /REDACTED/mariadb:/var/lib/mysql:rw mariadb

docker run --detach --restart unless-stopped --name passbolt-server --net passbolt-subnet --ip 172.50.50.10 --env DATASOURCES_DEFAULT_HOST=passbolt-db --env DATASOURCES_DEFAULT_PASSWORD=REDACTED
–env DATASOURCES_DEFAULT_USERNAME=REDACTED --env DATASOURCES_DEFAULT_DATABASE=REDACTED --env APP_FULL_BASE_URL=“REDACTED” --env PASSBOLT_KEY_LENGTH=4096 --env PASSBOLT_SUBKEY_LENGTH=4096
–env SECURITY_SALT=REDACTED
–env EMAIL_TRANSPORT_DEFAULT_HOST=REDACTED
–env EMAIL_TRANSPORT_DEFAULT_PORT=587 --env EMAIL_TRANSPORT_DEFAULT_USERNAME=REDACTED --env EMAIL_TRANSPORT_DEFAULT_PASSWORD=REDACTED --env EMAIL_TRANSPORT_DEFAULT_TLS=true
–env EMAIL_DEFAULT_FROM=REDACTED --mount type=bind,source=/REDACTED/gpg,target=/var/www/passbolt/config/gpg
–mount type=bind,source=/REDACTED/img,target=/var/www/passbolt/webroot/img passbolt/passbolt:latest

Passbolt starts and works fine, at least from the “user” side. When I ran the healthcheck I saw some of checks fail…

$ /var/www/passbolt/bin/cake passbolt healthcheck

 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( |
) /
/ / /
/ / / /
/
/ _
,
/
//./_//__/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 7.3.21.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[WARN] The passbolt config file is missing in /var/www/passbolt/config/
[HELP] Copy /var/www/passbolt/config/passbolt.php.default to /var/www/passbolt/config/passbolt.php
[HELP] The passbolt config file is not required if passbolt is configured with environment variables

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to REDACTED
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 23 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
[PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
[FAIL] The server gpg key is not set
[HELP] Create a key, export it and add the fingerprint to config/passbolt.php
[HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[FAIL] The server key fingerprint doesn’t match the one defined in config/passbolt.php.
[HELP] Double check the key fingerprint, example:
[HELP] sudo su -s /bin/bash -c “gpg --list-keys --fingerprint --home /home/www-data/.gnupg” www-data | grep -i -B 2 ‘SERVER_KEY_EMAIL’
[HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
[HELP] See. install#toc_gpg
[FAIL] The server public key defined in the config/passbolt.php (or environment variables) is not in the keyring
[HELP] Import the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c “gpg --home /home/www-data/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private.asc” www-data
[FAIL] The server key does not have a valid email id.
[HELP] Edit or generate another key with a valid email id.

Application configuration

[PASS] Using latest passbolt version (2.13.5).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

4 error(s) found. Hang in there!

$

But, I saw in another answers, that passbolt.php is not created on docker containers… so, those errors are for real?

The mail test provides a pretty clear description of the problem

$ /var/www/passbolt/bin/cake passbolt send_test_email --recipient=REDACTED

 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( |
) /
/ / /
/ / / /
/
/ _
,
/
//./_//__/

Open source password manager for teams

Debug email shell

Email configuration

Host: REDACTED
Port: 587
Username: REDACTED
Password: *********
TLS: true

Sending email from: REDACTED
Sending email to: REDACTED

Trace
[220] REDACTED ESMTP Postfix

EHLO localhost
[250] REDACTED
[250] PIPELINING
[250] SIZE 61440000
[250] ETRN
[250] STARTTLS
[250] ENHANCEDSTATUSCODES
[250] 8BITMIME
[250] DSN
[250] SMTPUTF8
[250] CHUNKING
STARTTLS
[220] 2.0.0 Ready to start TLS
EHLO localhost
[250] REDACTED
[250] PIPELINING
[250] SIZE 61440000
[250] ETRN
[250] AUTH DIGEST-MD5 CRAM-MD5
[250] ENHANCEDSTATUSCODES
[250] 8BITMIME
[250] DSN
[250] SMTPUTF8
[250] CHUNKING

A test email could not be sent.
Error: SMTP Error: 535 5.7.8 Error: authentication failed: no mechanism available
$

I ran apt-get update and install sas2l-bin but that did not solve the problem.

This needs to be resolved at “cakePHP” side? Only AUTH LOGIN or PLAIN is supported?

Thanks in advance for your time reading and looking forward for an answer :slight_smile:

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.