passbolt
Email sending failure after upgrading from passbolt:4.12.1-1-pro-non-root
After upgrading from passbolt/passbolt:4.12.1-1-pro-non-root to passbolt/passbolt:5.0.0-1-pro-non-root or the latest passbolt/passbolt:5.1.0-1-pro-non-root, sending an email via Passbolt is no longer possible.
The email parameters are set via Docker environment variables as follows:
# Email
[email protected]
EMAIL_TRANSPORT_DEFAULT_HOST=smtp.example.com
EMAIL_TRANSPORT_DEFAULT_PORT=25
Sending a test email using the send_test_email CLI command works correctly.
However, sending emails e.g. invitation or recovery emails fails. The messages remain in the queue (show_queued_emails) and are not send.
www-data@passbolt-qa:/usr/share/php/passbolt$ bin/cake passbolt version
[...]
Passbolt PRO 5.0.0
Cakephp 5.0.11
www-data@passbolt-qa:/usr/share/php/passbolt$ bin/cake passbolt send_test_email -r [email protected]
[...]
The message has been successfully sent!
www-data@passbolt-qa:/usr/share/php/passbolt$
www-data@passbolt-qa:/usr/share/php/passbolt$ bin/cake passbolt show_queued_emails
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
List of queued emails:
+-----------------------------------------+-------------------------------------------------------+----------------------------------------------------------------------------+---------------------+------+
| Email | Subject | Error | Created | Sent |
+-----------------------------------------+-------------------------------------------------------+----------------------------------------------------------------------------+---------------------+------+
| [email protected] | Your account recovery, Alexander! | SMTP authentication method not allowed, check if SMTP server requires TLS. | 2025-05-21 14:17:13 | |
| [email protected] | Your account recovery, Alexander! | SMTP authentication method not allowed, check if SMTP server requires TLS. | 2025-05-21 13:57:54 | |
| [email protected] | Your account recovery, Alexander! | | 2025-05-21 13:55:03 | 1 |
[...]
www-data@passbolt-qa:/usr/share/php/passbolt$
Hi @abr1x ,
We would kindly request you to open an issue on the passbolt forum.
Once on the forum and prior to that, you may want to check this similar reported issue.
Is this solving your issue?
@pabloelcolombiano
Thank you for the response. Just to clarify, the issue is that when I use version 4.12.1-1-pro-non-root with my email configuration via Docker environment variables, everything works as expected. However, after updating to any later version, the configuration no longer works as intended.
Giving this behavior; I suspect it might be a bug/regression rather than a configuration issue, which is why I believe it may be more appropriate to handle it here rather than in a general discussion forum. That said, I'm also happy to post this in the Passbolt forum if you think it would be helpful
Is this solving your issue?
Thank you for the suggestion, but it doesn't resolve the issue.
This issue is also reproducible with a new Docker installation of 5.1.0-1-pro-non-root
www-data@passbolt-emerg:/usr/share/php/passbolt$ bin/cake passbolt version
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
Passbolt PRO 5.1.0
Cakephp 5.0.11
www-data@passbolt-emerg:/usr/share/php/passbolt$ bin/cake passbolt send_test_email -r [email protected]
[...]
The message has been successfully sent!
www-data@passbolt-emerg:/usr/share/php/passbolt$ bin/cake passbolt show_queued_emails
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
List of queued emails:
No records found.
www-data@passbolt-emerg:/usr/share/php/passbolt$ bin/cake passbolt register_user -u [email protected] -f Alexander -l Test -r admin
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
User saved successfully.
To start registration follow the link provided in your mailbox or here:
https://passbolt-emerg.example.com/setup/start/********
www-data@passbolt-emerg:/usr/share/php/passbolt$ bin/cake passbolt show_queued_emails
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
List of queued emails:
+-----------------------------------------+---------------------------------+----------------------------------------------------------------------------+---------------------+------+
| Email | Subject | Error | Created | Sent |
+-----------------------------------------+---------------------------------+----------------------------------------------------------------------------+---------------------+------+
| [email protected] | Welcome to passbolt, Alexander! | SMTP authentication method not allowed, check if SMTP server requires TLS. | 2025-05-23 14:45:52 | |
+-----------------------------------------+---------------------------------+----------------------------------------------------------------------------+---------------------+------+
www-data@passbolt-emerg:/usr/share/php/passbolt$
Hey @abr1x, what if you configure the email settings via UI (see: https://www.passbolt.com/docs/admin/emails/email-server/)? Does it work or returns the same error?
Hi @ishanvyas22,
I checked the "Authentication method" settings via the UI and it was set to "Username & password" (see screenshot).
After chaining it to "None", email sending works as expected (this was not an issue prior to the < 5.0.0-1-pro-non-root upgrade).
While this serves as a workaround, the issue should be properly addressed. Especially when the email configuration is provided though environment variables.
www-data@passbolt-emerg:/usr/share/php/passbolt$ bin/cake passbolt show_queued_emails
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
List of queued emails:
+-----------------------------------------+---------------------------------+----------------------------------------------------------------------------+---------------------+------+
| Email | Subject | Error | Created | Sent |
+-----------------------------------------+---------------------------------+----------------------------------------------------------------------------+---------------------+------+
| [email protected] | Welcome to passbolt, Alexander! | SMTP authentication method not allowed, check if SMTP server requires TLS. | 2025-05-23 15:11:43 | |
+-----------------------------------------+---------------------------------+----------------------------------------------------------------------------+---------------------+------+
www-data@passbolt-emerg:/usr/share/php/passbolt$ bin/cake passbolt register_user -u [email protected] -f Alexander -l Test2 -r admin
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
User saved successfully.
To start registration follow the link provided in your mailbox or here:
https://passbolt-emerg.example.com/setup/start/*********
www-data@passbolt-emerg:/usr/share/php/passbolt$ bin/cake passbolt show_queued_emails
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
List of queued emails:
+-----------------------------------------+-----------------------------------+----------------------------------------------------------------------------+---------------------+------+
| Email | Subject | Error | Created | Sent |
+-----------------------------------------+-----------------------------------+----------------------------------------------------------------------------+---------------------+------+
| [email protected] | Your account recovery, Alexander! | | 2025-05-28 15:32:10 | 1 |
| [email protected] | Welcome to passbolt, Alexander! | | 2025-05-28 15:15:42 | 1 |
| [email protected] | Welcome to passbolt, Alexander! | SMTP authentication method not allowed, check if SMTP server requires TLS. | 2025-05-23 15:11:43 | |
+-----------------------------------------+-----------------------------------+----------------------------------------------------------------------------+---------------------+------+
www-data@passbolt-emerg:/usr/share/php/passbolt$
Hey @abr1x, thanks for confirming. We've created an ticket (for internal ref. PB-43007) to investigate and address the issue.
Hey @abr1x, few questions for you,
- What do you have in your
/etc/cron.d/passbolt-ce-serverfile? If you run commandcat /etc/cron.d/passbolt-ce-server(orcat /etc/cron.d/passbolt-pro-server) into your passbolt container what does it return? - Is there any error logs (in your docker container logs) when sending email?
- Have you set only EMAIL_DEFAULT_FROM, EMAIL_TRANSPORT_DEFAULT_PORT, and EMAIL_TRANSPORT_DEFAULT_HOST env variables? Or there are others as well related to email (i.e. EMAIL_TRANSPORT_DEFAULT_USERNAME, etc.)?
Hi @ishanvyas22
- What do you have in your
/etc/cron.d/passbolt-ce-serverfile? If you run commandcat /etc/cron.d/passbolt-ce-server(orcat /etc/cron.d/passbolt-pro-server) into your passbolt container what does it return?
The file contains the default content that every Passbolt container (version 5.1.1-1-pro-non-root) should have. No modifications were made. The only exeption from the default docker-compose.yml setup is the use of custom SSL certificates.
www-data@passbolt-emerg:/usr/share/php/passbolt$ cat /etc/cron.d/passbolt-pro-server
#
#
# Cronjob to process emails for the Passbolt Web Service every minute.
#
# This crontab script is part of the Passbolt Debian package,
# see dh_installcron debhelper program for more details.
#
PATH=/bin:/usr/local/bin:/usr/bin
PASSBOLT_BASE_DIR=/usr/share/php/passbolt
PASSBOLT_LOG_DIR=/var/log/passbolt
* * * * * $PASSBOLT_BASE_DIR/bin/cron > $PASSBOLT_LOG_DIR/cron.log 2> $PASSBOLT_LOG_DIR/cron-error.log
www-data@passbolt-emerg:/usr/share/php/passbolt$ ls -l /var/log/passbolt
total 4
-rw-r--r-- 1 www-data www-data 128 May 23 15:08 cli-debug.log
-rw-r--r-- 1 www-data www-data 0 Jun 4 08:43 cron-error.log
-rw-r--r-- 1 www-data www-data 0 Jun 4 08:43 cron.log
www-data@passbolt-emerg:/usr/share/php/passbolt$
- Is there any error logs (in your docker container logs) when sending email?
No. If there were, I would have included them in the issues description.
- Have you set only EMAIL_DEFAULT_FROM, EMAIL_TRANSPORT_DEFAULT_PORT, and EMAIL_TRANSPORT_DEFAULT_HOST env variables? Or there are others as well related to email (i.e. EMAIL_TRANSPORT_DEFAULT_USERNAME, etc.)?
Only the three variables mentioned in the issue are set (EMAIL_DEFAULT_FROM, EMAIL_TRANSPORT_DEFAULT_HOST, EMAIL_TRANSPORT_DEFAULT_PORT). No additional EMAIL_* environment variables are configured.
# Email
[email protected]
EMAIL_TRANSPORT_DEFAULT_HOST=smtp.example.com
EMAIL_TRANSPORT_DEFAULT_PORT=25
I checked with exact same scenario but couldn't able to reproduce the problem, I'm receiving emails properly. Since you are a Pro customer, I suggest you to contact support or send an email to [email protected] for further assistance.
We are experiencing the exact same problem with the ce-non-root docker containers. In our case only EMAIL_TRANSPORT_DEFAULT_HOST and EMAIL_DEFAULT_FROM are set and the UI shows "Username & password" as Authentication method, instead of "None" (which would work). As far as I can tell you not being able to reproduce the problem might depend on the upstream mail server used. Our Postfix throws an error if you try to start authentication if there is non configured, while other servers might be more forgiving. At any rate, the issue seems to be directly related with the set Authentication method and I suspect some logic regarding 'empty' User/Password Environment variables might have changed, not recognizing triggering the correct Authentication method to be set any more.
@mfilz thanks for the detailed reasoning. We are going to make some changes to consider empty username & password (which is by default if not set) to Authentication type "None". Hopefully it will fix the issue, we will include it into upcoming release.
@abr1x @mfilz, we have released a fix with v5.3.0. You can upgrade and check if it solves your problem. Feel free to reopen if issue persist.