Using email produces an error in all ports

Installation Issues
1

hello,

I’m configuring the mail settings in Passbolt a docker container to mailserver also in container in the same host.

I’ve tried port 25, 465 and 587, none work always produces an error.

     ____                  __          ____  
    / __ \____  _____ ____/ /_  ____  / / /_ 
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
 /_/    \__,_/____/____/_.___/\____/_/\__/   

 Open source password manager for teams
-------------------------------------------------------------------------------
 Debug email shell
-------------------------------------------------------------------------------
Email configuration
-------------------------------------------------------------------------------
Host: mail.example.com
Port: 25
Username: passbolt@example.com
Password: *********
TLS: false
Sending email from: Passbolt <passbolt@example.com>
Sending email to: user@example.com
-------------------------------------------------------------------------------
Trace
[220] mail.example.com ESMTP
 EHLO localhost
[250] mail.example.com
[250] PIPELINING
[250] SIZE 26214400
[250] ETRN
[250] STARTTLS
[250] ENHANCEDSTATUSCODES
[250] 8BITMIME
[250] CHUNKING
Could not send the test email.
Error: SMTP Error: 503 5.5.1 Error: authentication not enabled

     ____                  __          ____  
    / __ \____  _____ ____/ /_  ____  / / /_ 
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
 /_/    \__,_/____/____/_.___/\____/_/\__/   

 Open source password manager for teams
-------------------------------------------------------------------------------
 Debug email shell
-------------------------------------------------------------------------------
Email configuration
-------------------------------------------------------------------------------
Host: mail.example.com
Port: 465
Username: passbolt@example.com
Password: *********
TLS: true
Sending email from: Passbolt <passbolt@example.com>
Sending email to: user@example.com
-------------------------------------------------------------------------------
Trace
Could not send the test email.
Error: SMTP timeout.

     ____                  __          ____  
    / __ \____  _____ ____/ /_  ____  / / /_ 
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
 /_/    \__,_/____/____/_.___/\____/_/\__/   

 Open source password manager for teams
-------------------------------------------------------------------------------
 Debug email shell
-------------------------------------------------------------------------------
Email configuration
-------------------------------------------------------------------------------
Host: mail.example.com
Port: 587
Username: passbolt@example.com
Password: *********
TLS: true
Sending email from: Passbolt <passbolt@example.com>
Sending email to: user@example.com
-------------------------------------------------------------------------------
2024-05-01 22:00:19 warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:0A000086:SSL routines::certificate verify failed
warning: 2 :: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:0A000086:SSL routines::certificate verify failed on line 490 of /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Network/Socket.php
Trace
[220] mail.example.com ESMTP
 EHLO localhost
[250] mail.example.com
[250] PIPELINING
[250] SIZE 26214400
[250] ETRN
[250] STARTTLS
[250] ENHANCEDSTATUSCODES
[250] 8BITMIME
[250] DSN
[250] CHUNKING
 STARTTLS
[220] 2.0.0 Ready to start TLS
Could not send the test email.
Error: SMTP server did not accept the connection or trying to connect to non TLS SMTP server using TLS.

I’m receiving and sending emails from my mail server with no problems only Passbolt is not working for some reason.

Also compose file.

services:
  passbolt:
    image: passbolt/passbolt:latest-ce
    container_name: passbolt_app
    #Alternatively you can use rootless:
    #image: passbolt/passbolt:latest-ce-non-root
    restart: unless-stopped
    environment:
      APP_FULL_BASE_URL: "https://passbolt.example.com:9443"
      DATASOURCES_DEFAULT_HOST: "mariadb"
      DATASOURCES_DEFAULT_USERNAME: "passbolt"
      DATASOURCES_DEFAULT_PASSWORD: "password"
      DATASOURCES_DEFAULT_DATABASE: "passbolt"
      DATASOURCES_DEFAULT_PORT: 3306
      EMAIL_TRANSPORT_DEFAULT_CLASS_NAME: "Smtp"
      EMAIL_DEFAULT_FROM_NAME: "Passbolt"
      EMAIL_DEFAULT_FROM: "passbolt@example.com"
      EMAIL_TRANSPORT_DEFAULT_HOST: "mail.example.com"
      EMAIL_TRANSPORT_DEFAULT_PORT: 25
      EMAIL_TRANSPORT_DEFAULT_USERNAME: "passbolt@example.com"
      EMAIL_TRANSPORT_DEFAULT_PASSWORD: "password"
      EMAIL_TRANSPORT_DEFAULT_TLS: "false"
      PASSBOLT_PLUGINS_MOBILE_ENABLED: "true"
      PASSBOLT_SECURITY_SET_HEADERS: "true"
      PASSBOLT_SECURITY_CSP: "true"
    volumes:
      - gpg_volume:/etc/passbolt/gpg
      - jwt_volume:/etc/passbolt/jwt
      - /docker/certificates/example.com.crt:/etc/ssl/certs/certificate.crt
      - /docker/certificates/example.com.key:/etc/ssl/certs/certificate.key
    ports:
      - 8080:80
      - 9443:443
    #Alternatively for non-root images:
    # - 80:8080
    # - 443:4433
    networks:
      - maria-db
      - dockermail_default

volumes:
  database_volume:
  gpg_volume:
  jwt_volume:


networks:
  maria-db:
    external: true
  dockermail_default:
    external: true
2

What ports and authentication method do you use with the other services that work with your email server?

3

Hello @clayton ,

I’ve tried 25, 465 and 587.

25 → explicit TLS => STARTTLS, Authentication is DISABLED
465 → ESMTP (implicit TLS)
587 → ESMTP (explicit TLS => STARTTLS)

For security purposes I want to use 465 or 587, but It always asks for the certificates.
I’ve already added them to the docker as mentioned in the passbolt variables but no go.

4

Could you confirm what version you are running? Your snippet shows latest so I’d need the actual version

You mentioned you added the certs as variables but I don’t see any of the 4.7 release ones dealing with self signed certs for SMTP. Could you share how you’ve handled those?

5

Hello Clayton,

Version is below.

$ docker exec -ti passbolt_app bash
root@bbab16d96801:/usr/share/php/passbolt# cat /etc/passbolt/version.php
<?php
return [
    'passbolt' => [
        'version' => '4.7.0',
        'name' => 'Bulls On Parade',
    ],
    'php' => [
        'minVersion' => '7.4',
        'nextMinVersion' => '8.1',
    ],
];

As per the certificate in the documentation only mentions the mount points and the variable TLS

### SSL certificate files

It is also possible to mount a ssl certificate on the following paths:

* /etc/ssl/certs/certificate.crt
* /etc/ssl/certs/certificate.key

EMAIL_TRANSPORT_DEFAULT_TLS Set tls

6

The certs you list there are for the passbolt instance itself, but it sounds like you have a self signed cert on your email server, correct?

If so you’ll want to be looking at these:

PASSBOLT_PLUGINS_SMTP_SETTINGS_ENABLED
PASSBOLT_PLUGINS_SMTP_SETTINGS_SECURITY_SSL_VERIFY_PEER
PASSBOLT_PLUGINS_SMTP_SETTINGS_SECURITY_SSL_VERIFY_PEER_NAME
PASSBOLT_PLUGINS_SMTP_SETTINGS_SECURITY_SSL_ALLOW_SELF_SIGNED
PASSBOLT_PLUGINS_SMTP_SETTINGS_SECURITY_SSL_CAFILE

These were just added in 4.7.0 but not yet documented on our guides

7

Hello @clayton,

Just to clarify, the certificates aren’t self-signed; they’re signed by Let’s Encrypt. I’ve set up a script to transfer them from the firewall to the Docker server. One thing to note is that the certificate is a wildcard certificate.

I’m unsure if this introduces any limitations, but it’s certainly something worth considering. I’ll test it out the variables mentioned once documentation becomes available.

Thank you for the assist.