Server: Docker on-premise Bitwarden installation, SMTP with SSL error

Created on 18 Mar 2018  路  14Comments  路  Source: bitwarden/server

Hello,

On latest Docker on-premise Bitwarden installation, I configure SMTP WITH SSL, I update the env configuration file located at ./bwdata/env/global.override.env with the fallowing values (note, I replace sensitive informations):
```
globalSettings__yubico__clientId=REPLACE
globalSettings__yubico__key=REPLACE
globalSettings__mail__replyToEmail=VALID_EMAIL_ADDRESS
globalSettings__mail__smtp__host=VAILD_SMTP_HOST
globalSettings__mail__smtp__username=VALID_EMAIL_ADDRESS
globalSettings__mail__smtp__password=EMAIL_PASSWORD
globalSettings__mail__smtp__ssl=true
globalSettings__mail__smtp__port=465
globalSettings__mail__smtp__useDefaultCredentials=false
globalSettings__disableUserRegistration=true

Note: 
- `VAILD_SMTP_HOST` is a public DNS host like `smtp.gmail.com`
- `VALID_EMAIL_ADDRESS` is an email address like `[email protected]` given by a public hosting email service like `Gmail`.

Bitwarden version:
- COREVERSION="1.17.1"
- WEBVERSION="1.23.0"

When I try to send an email (validation account or enable Two-step Login by email), after few minutes, I got the fallowing API error: 

2018-03-18 21:30:40.371 +00:00 [Error] Mail send failed.
System.Net.Mail.SmtpException: Syntax error, command unrecognized. The server response was:
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Net.Mail.SmtpConnection.ConnectAndHandshakeAsyncResult.End(IAsyncResult result)
at System.Net.Mail.SmtpTransport.EndGetConnection(IAsyncResult result)
at System.Net.Mail.SmtpClient.ConnectCallback(IAsyncResult result)
```

I try to setup SMTP WITHOUT using SSL. Now it's working, my Bitwarden server successfully sent emails

Note: I have check the SMTP host, login and password many time: there are good! I although test the email host and user/password on OTHER SYSTEM THAN Bitwarden, I don't have any issues: the email are sent successfully!

Thanks you for your help.

Most helpful comment

This just helped me. For others that find this, the settings that worked for Gmail (once insecure apps are allowed on the gmail account)

[email protected]
globalSettings__mail__smtp__host=smtp.gmail.com
globalSettings__mail__smtp__username=yourAccount
globalSettings__mail__smtp__password=yourPassword
globalSettings__mail__smtp__ssl=true
globalSettings__mail__smtp__port=587
globalSettings__mail__smtp__useDefaultCredentials=false

All 14 comments

Sounds like your settings are just not correct is all. I suggest testing your exact SMTP settings outside of Bitwarden first to make sure they work.

The SMTP server is not my own, It's a managed service that totally operational both SSL and plaintext

Hello, i was having a similar issue, I am using a G-Suite account for my verification emails. I also put in port 465, because that what google says to use for SSL connections. However that does not work, so I changed the port back to 587, and now it is working and sending emails

I had the same problem when trying to use my google account and their 'smtp.gmail.com' server and port 465. I followed justinforlenza's advice and instead tried port 587 and that fixed the problem. :-)

This just helped me. For others that find this, the settings that worked for Gmail (once insecure apps are allowed on the gmail account)

[email protected]
globalSettings__mail__smtp__host=smtp.gmail.com
globalSettings__mail__smtp__username=yourAccount
globalSettings__mail__smtp__password=yourPassword
globalSettings__mail__smtp__ssl=true
globalSettings__mail__smtp__port=587
globalSettings__mail__smtp__useDefaultCredentials=false

globalSettings__mail__smtp__trustServer=true
Try it ;)

globalSettings__mail__smtp__trustServer=true
Try it ;)

This is bad advise as it turns off certificate verification. Don't do this in production and please stop advising others to do so.

If you host your mail server locally (on a docker on same system) - then why does it matter? Second - you'd think the developers would shove a mail server in the slew of other containers that it makes you download....bloated? They sure don't care about that using M$ Sql. This is the only thing that finally fixed it for me.

This setting turns off certificate validation of the remote mail server, e.g. a company's local mail server, a cloud service or a provider like Google. It has nothing to do with Docker or Bitwarden running on-prem.
If you disable certificate checks that's up to you, but don't sell it as a solution instead of trying to figure out the actual problem and fixing it the right way.

Exactly - a local mail server (Poste.io docker on the same host) works just fine with very little risk imo. Better than staring at a useless password manager that doesn't work. The cert is fine too (Letsencrypt) - everything else works with it except Bitwarden.

So folks - if you don't want to do it - don't. I was able to activate this POS finally - and I'm happy :)

This thread is about using gmail...
Well, I'm glad it works for you, just please make sure to inform users about the risks before recommending potentially dangerous configuration changes.

Im little noob but where can I find

./bwdata/env/global.override.env

I run this to start Bitwarden

docker run -d -p 8005:80 -e ADMIN_TOKEN=MY TOKEN-v bitwarden:/config --restart always bitwardenrs/server:raspberry

But cant find the global.override.env at all somewhere on my Pi

If you are using gmail, you will have to allow "less secure apps" from google settings > security > allow less secure apps access, then you will be able to use the api/bitwarden to send emails.

If you are using gmail, you will have to allow "less secure apps" from google settings > security > allow less secure apps access, then you will be able to use the api/bitwarden to send emails.

No, this is not the best way to go when using Gmail, better is to create an App password and leave the less secure apps setting disabled.

You should never enable less secure apps anymore..

Was this page helpful?
0 / 5 - 0 ratings