[GH-ISSUE #253] `:latest` Docker image unable to send emails

kerem commented

2026-02-27 08:15:11 +03:00

Owner

Originally created by @clayadavis on GitHub (Jul 13, 2022).
Original GitHub issue: https://github.com/lldap/lldap/issues/253

Originally assigned to: @nitnelave on GitHub.

The :latest Docker image seems unable to send emails, either using the password reset flow or the send_test_email command. Both of these do work in a source-built binary with the same SMTP settings, and also with the :stable image. This points to something Docker- or Alpine-specific.

The password reset flow fails with these log messages:

lldap_1  | 2022-07-13T22:07:01.878887756+00:00 DEBUG    │  ┝━ 🐛 [debug]: Sending email to 'user@example.net' as 'LLDAP Admin <user@fastmail.com>' via 'user@fastmail.com'@'smtp.fastmail.com':'465'
lldap_1  | 2022-07-13T22:07:01.891329324+00:00 WARN     │  ┕━ 🚧 [warn]: Error sending email: lettre::transport::smtp::Error {
lldap_1  |     kind: Connection,
lldap_1  |     source: Os {
lldap_1  |         code: 16,
lldap_1  |         kind: ResourceBusy,
lldap_1  |         message: "Device or resource busy",
lldap_1  |     },
lldap_1  | }
lldap_1  | 2022-07-13T22:07:01.891626221+00:00 INFO     ┕━ ｉ [info]:  | status_code: 500

while send-test-email fails like this:

2022-07-13T22:05:17.234455252+00:00 DEBUG    🐛 [debug]: Sending email to 'user@example.net' as 'LLDAP Admin <user@fastmail.com>' via 'user@fastmail.com'@'smtp.fastmail.com':'465'
Error: Connection error: Device or resource busy (os error 16)

Caused by:
    Device or resource busy (os error 16)

Notably, the error message is the same no matter what SMTP settings are entered. Maybe this suggests the error is at the OS level, like a missing library in the Docker image?

Originally created by @clayadavis on GitHub (Jul 13, 2022). Original GitHub issue: https://github.com/lldap/lldap/issues/253 Originally assigned to: @nitnelave on GitHub. The `:latest` Docker image seems unable to send emails, either using the password reset flow or the `send_test_email` command. Both of these do work in a source-built binary with the same SMTP settings, and also with the `:stable` image. This points to something Docker- or Alpine-specific. The password reset flow fails with these log messages: ``` lldap_1 | 2022-07-13T22:07:01.878887756+00:00 DEBUG │ ┝━ 🐛 [debug]: Sending email to 'user@example.net' as 'LLDAP Admin <user@fastmail.com>' via 'user@fastmail.com'@'smtp.fastmail.com':'465' lldap_1 | 2022-07-13T22:07:01.891329324+00:00 WARN │ ┕━ 🚧 [warn]: Error sending email: lettre::transport::smtp::Error { lldap_1 | kind: Connection, lldap_1 | source: Os { lldap_1 | code: 16, lldap_1 | kind: ResourceBusy, lldap_1 | message: "Device or resource busy", lldap_1 | }, lldap_1 | } lldap_1 | 2022-07-13T22:07:01.891626221+00:00 INFO ┕━ ｉ [info]: | status_code: 500 ``` while `send-test-email` fails like this: ``` 2022-07-13T22:05:17.234455252+00:00 DEBUG 🐛 [debug]: Sending email to 'user@example.net' as 'LLDAP Admin <user@fastmail.com>' via 'user@fastmail.com'@'smtp.fastmail.com':'465' Error: Connection error: Device or resource busy (os error 16) Caused by: Device or resource busy (os error 16) ``` Notably, the error message is the same no matter what SMTP settings are entered. Maybe this suggests the error is at the OS level, like a missing library in the Docker image?

kerem

2026-02-27 08:15:11 +03:00

closed this issue
added the
bug

docker
labels

kerem commented

2026-02-27 08:15:12 +03:00

Author

Owner

@clayadavis commented on GitHub (Jul 13, 2022):

@martadinata666 any ideas? @nitnelave suggested I tag you.

@clayadavis commented on GitHub (Jul 13, 2022): @martadinata666 any ideas? @nitnelave suggested I tag you.

kerem commented

2026-02-27 08:15:12 +03:00

Author

Owner

@Maypul commented on GitHub (Jul 13, 2022):

I also tried setting SMTP today with no success, I will add below what I wanted to create in separate thread with some other suggestions if I might say.

I have noticed some misnaming maybe, as if you try to reset the password via LLDAP form it says type username but it seems to expect e-mail when in the lldap itself there are e-mail and user id fields only. At first I though username would be id user as the login page accepts user ID which it also calls an username. Naming seems unclear.

Second thing, the server says it sends a password token but nothing is being sent out. This is a little clearer when you turn on verbose then you can see in logs that user was not found.
But when using valid username instead of email:
https://prnt.sc/e79YSaLEw3IL https://prnt.sc/JLKapNiDCamU
But interesingly enough, if I use any 'username' that is not in database and not an email it still says it sends out a token:
https://prnt.sc/ujyraNbmJmyb https://prnt.sc/b-TlwMHm689N

I would expect it to be somewhat consistent, if it already errors out on valid query with username why would it just 'pass' with incorrect names when it finds nothing in database, it seems like someone still could use it to look up if something exists in the database once mail server stops working.

Also a back button to login page once password it sent out would be nice. If it errors, the back button also does not work sometimes.

As for not working smtp, my SMTP settings are quite standard, I think:
SMTP_HOST=smtp.gmail.com
SMTP_PORT=465
SMTP_USERNAME=XXXX@gmail.com
SMTP_PASSWORD=apppassword
tried with tls on and off, it works well with Vaultwarden and other services I use it with.

I have tried with 587 port also with tls on and off with no success (but would still prefer to use 465/forceTLS)

I am setting everything with compose, .conf file is unchanged default.

  LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET: 'true'
  LLDAP_SMTP_OPTIONS__SERVER: $SMTP_HOST
  LLDAP_SMTP_OPTIONS__PORT: $SMTP_PORT
  LLDAP_SMTP_OPTIONS__TLS_REQUIRED: 'true'
  LLDAP_SMTP_OPTIONS__USER: $SMTP_USERNAME
  LLDAP_SMTP_OPTIONS__PASSWORD_FILE: /run/secrets/smtp_password

I am on latest image from today, using latest tag.

---

I will add that I have not tried one more thing that is setting from/reply to to match gmail address as I remember it might matter but I have no time to try this today, but will paste this in case it will be useful for anything.

@Maypul commented on GitHub (Jul 13, 2022): I also tried setting SMTP today with no success, I will add below what I wanted to create in separate thread with some other suggestions if I might say. --- <details> I have noticed some misnaming maybe, as if you try to reset the password via LLDAP form it says type username but it seems to expect e-mail when in the lldap itself there are e-mail and user id fields only. At first I though username would be id user as the login page accepts user ID which it also calls an username. Naming seems unclear. Second thing, the server says it sends a password token but nothing is being sent out. This is a little clearer when you turn on verbose then you can see in logs that user was not found. But when using valid username instead of email: https://prnt.sc/e79YSaLEw3IL https://prnt.sc/JLKapNiDCamU But interesingly enough, if I use any 'username' that is not in database and not an email it still says it sends out a token: https://prnt.sc/ujyraNbmJmyb https://prnt.sc/b-TlwMHm689N I would expect it to be somewhat consistent, if it already errors out on valid query with username why would it just 'pass' with incorrect names when it finds nothing in database, it seems like someone still could use it to look up if something exists in the database once mail server stops working. Also a back button to login page once password it sent out would be nice. If it errors, the back button also does not work sometimes. As for not working smtp, my SMTP settings are quite standard, I think: SMTP_HOST=smtp.gmail.com SMTP_PORT=465 SMTP_USERNAME=XXXX@gmail.com SMTP_PASSWORD=apppassword tried with tls on and off, it works well with Vaultwarden and other services I use it with. I have tried with 587 port also with tls on and off with no success (but would still prefer to use 465/forceTLS) I am setting everything with compose, .conf file is unchanged default. LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET: 'true' LLDAP_SMTP_OPTIONS__SERVER: $SMTP_HOST LLDAP_SMTP_OPTIONS__PORT: $SMTP_PORT LLDAP_SMTP_OPTIONS__TLS_REQUIRED: 'true' LLDAP_SMTP_OPTIONS__USER: $SMTP_USERNAME LLDAP_SMTP_OPTIONS__PASSWORD_FILE: /run/secrets/smtp_password I am on latest image from today, using latest tag. </details> --- I will add that I have not tried one more thing that is setting from/reply to to match gmail address as I remember it might matter but I have no time to try this today, but will paste this in case it will be useful for anything.

kerem commented

2026-02-27 08:15:12 +03:00

Author

Owner

@clayadavis commented on GitHub (Jul 14, 2022):

@Maypul I think we're seeing the same issue here. Since I am able to send SMTP email with the same settings using a compiled binary, I think the issue is specifically with the dockerized version.

But interesingly enough, if I use any 'username' that is not in database and not an email it still says it sends out a token:
https://prnt.sc/ujyraNbmJmyb https://prnt.sc/b-TlwMHm689N

The message in this case saying the token was sent is a "security" feature; nothing is actually being sent.

@clayadavis commented on GitHub (Jul 14, 2022): @Maypul I think we're seeing the same issue here. Since I am able to send SMTP email with the same settings using a compiled binary, I think the issue is specifically with the dockerized version. > But interesingly enough, if I use any 'username' that is not in database and not an email it still says it sends out a token: https://prnt.sc/ujyraNbmJmyb https://prnt.sc/b-TlwMHm689N The message in this case saying the token was sent is a "security" feature; nothing is actually being sent.

kerem commented

2026-02-27 08:15:12 +03:00

Author

Owner

@Maypul commented on GitHub (Jul 14, 2022):

The message in this case saying the token was sent is a "security" feature; nothing is actually being sent.

I know, I meant it in a way that if mail server is down someone could look up which username exists as with valid and existing username it will error out even in UI and with non existing it will just 'say it sent out an email' which basically confirms usernames if someone bruteforce it. Unless I am looking at it wrong.

@Maypul commented on GitHub (Jul 14, 2022): > The message in this case saying the token was sent is a "security" feature; nothing is actually being sent. I know, I meant it in a way that if mail server is down someone could look up which username exists as with valid and existing username it will error out even in UI and with non existing it will just 'say it sent out an email' which basically confirms usernames if someone bruteforce it. Unless I am looking at it wrong.

kerem commented

2026-02-27 08:15:12 +03:00

Author

Owner

@nitnelave commented on GitHub (Jul 14, 2022):

No, that's fair, but the tradeoff between the small added security here and the extra complexity doesn't seem worth it.

@nitnelave commented on GitHub (Jul 14, 2022): No, that's fair, but the tradeoff between the small added security here and the extra complexity doesn't seem worth it.

kerem commented

2026-02-27 08:15:12 +03:00

Author

Owner

@nitnelave commented on GitHub (Jul 15, 2022):

I need to try if switching to rustls rather than relying on openssl works.

@nitnelave commented on GitHub (Jul 15, 2022): I need to try if switching to `rustls` rather than relying on openssl works.

kerem commented

2026-02-27 08:15:12 +03:00

Author

Owner

@nitnelave commented on GitHub (Jul 15, 2022):

Can you try the new container (once it's pushed)? I just merged a PR to switch to rustls

@nitnelave commented on GitHub (Jul 15, 2022): Can you try the new container (once it's pushed)? I just merged a PR to switch to rustls

kerem commented

2026-02-27 08:15:12 +03:00

Author

Owner

@just5ky commented on GitHub (Jul 23, 2022):

I faced the same issue
using the latest image (arm64) that was pushed yesterday

Logs

today at 4:45:11 PM2022-07-23T11:15:11.814859115+00:00 INFO     ┝━ ｉ [info]:  | uri: /auth/reset/step1/test
today at 4:45:11 PM2022-07-23T11:15:11.814900707+00:00 DEBUG    ┝━ get_password_reset_step1 [ 1.06ms | 45.58% / 93.37% ]
today at 4:45:11 PM2022-07-23T11:15:11.814907188+00:00 DEBUG    │  ┝━ start_password_reset [ 292µs | 25.64% ]
today at 4:45:11 PM2022-07-23T11:15:11.814915096+00:00 DEBUG    │  │  ┝━ 🐛 [debug]:  | user: UserId("test")
today at 4:45:11 PM2022-07-23T11:15:11.814954984+00:00 DEBUG    │  │  ┝━ 🐛 [debug]:  | query: SELECT "user_id" FROM "users" WHERE "user_id" = ?
today at 4:45:11 PM2022-07-23T11:15:11.815254610+00:00 DEBUG    │  │  ┕━ 🐛 [debug]:  | query: INSERT INTO "password_reset_tokens" ("token", "user_id", "expiry_date") VALUES (?, ?, ?)
today at 4:45:11 PM2022-07-23T11:15:11.820159683+00:00 DEBUG    │  ┝━ get_user_details [ 253µs | 22.16% ]
today at 4:45:11 PM2022-07-23T11:15:11.820177683+00:00 DEBUG    │  │  ┝━ 🐛 [debug]:  | user_id: UserId("test")
today at 4:45:11 PM2022-07-23T11:15:11.820239868+00:00 DEBUG    │  │  ┝━ 🐛 [debug]:  | query: SELECT "user_id", "email", "display_name", "first_name", "last_name", "avatar", "creation_date", "uuid" FROM "users" WHERE "user_id" = ?
today at 4:45:11 PM2022-07-23T11:15:11.822650933+00:00 DEBUG    │  │  ┕━ 🐛 [debug]:  | return: User { user_id: UserId("test"), email: "test@gmail.com", display_name: "test", first_name: "test", last_name: "test", creation_date: 2022-07-23T11:14:43.662492777Z, uuid: Uuid("uuid") }
today at 4:45:11 PM2022-07-23T11:15:11.822688617+00:00 DEBUG    │  ┝━ 🐛 [debug]: Sending email to 'test@gmail.com' as 'LLDAP Admin <admin@gmail.com>' via 'admin@gmail.com'@'smtp.gmail.com':'587'
today at 4:45:11 PM2022-07-23T11:15:11.823105390+00:00 WARN     │  ┕━ 🚧 [warn]: Error sending email: lettre::transport::smtp::Error {
today at 4:45:11 PM    kind: Connection,
today at 4:45:11 PM    source: Os {
today at 4:45:11 PM        code: 16,
today at 4:45:11 PM        kind: ResourceBusy,
today at 4:45:11 PM        message: "Device or resource busy",
today at 4:45:11 PM    },
today at 4:45:11 PM}
today at 4:45:11 PM2022-07-23T11:15:11.823152760+00:00 INFO     ┕━ ｉ [info]:  | status_code: 500

SMTP Config

[smtp_options]
## Whether to enabled password reset via email, from LLDAP.
enable_password_reset=true

server="smtp.gmail.com"
port=587

## Whether to connect with TLS.
tls_required=true
user="admin@gmail.com"

password="password"
## The header field, optional: how the sender appears in the email. The first
## is a free-form name, followed by an email between <>.
from="LLDAP Admin <admin@gmail.com>"
## Same for reply-to, optional.
reply_to="JustSKY <admin@admin>"

@just5ky commented on GitHub (Jul 23, 2022): I faced the same issue using the latest image (arm64) that was pushed yesterday ![image](https://user-images.githubusercontent.com/71321862/180602980-030e49d6-8127-4789-b5f2-7c41cf6ed368.png) ### Logs ```ini today at 4:45:11 PM2022-07-23T11:15:11.814859115+00:00 INFO ┝━ ｉ [info]: | uri: /auth/reset/step1/test today at 4:45:11 PM2022-07-23T11:15:11.814900707+00:00 DEBUG ┝━ get_password_reset_step1 [ 1.06ms | 45.58% / 93.37% ] today at 4:45:11 PM2022-07-23T11:15:11.814907188+00:00 DEBUG │ ┝━ start_password_reset [ 292µs | 25.64% ] today at 4:45:11 PM2022-07-23T11:15:11.814915096+00:00 DEBUG │ │ ┝━ 🐛 [debug]: | user: UserId("test") today at 4:45:11 PM2022-07-23T11:15:11.814954984+00:00 DEBUG │ │ ┝━ 🐛 [debug]: | query: SELECT "user_id" FROM "users" WHERE "user_id" = ? today at 4:45:11 PM2022-07-23T11:15:11.815254610+00:00 DEBUG │ │ ┕━ 🐛 [debug]: | query: INSERT INTO "password_reset_tokens" ("token", "user_id", "expiry_date") VALUES (?, ?, ?) today at 4:45:11 PM2022-07-23T11:15:11.820159683+00:00 DEBUG │ ┝━ get_user_details [ 253µs | 22.16% ] today at 4:45:11 PM2022-07-23T11:15:11.820177683+00:00 DEBUG │ │ ┝━ 🐛 [debug]: | user_id: UserId("test") today at 4:45:11 PM2022-07-23T11:15:11.820239868+00:00 DEBUG │ │ ┝━ 🐛 [debug]: | query: SELECT "user_id", "email", "display_name", "first_name", "last_name", "avatar", "creation_date", "uuid" FROM "users" WHERE "user_id" = ? today at 4:45:11 PM2022-07-23T11:15:11.822650933+00:00 DEBUG │ │ ┕━ 🐛 [debug]: | return: User { user_id: UserId("test"), email: "test@gmail.com", display_name: "test", first_name: "test", last_name: "test", creation_date: 2022-07-23T11:14:43.662492777Z, uuid: Uuid("uuid") } today at 4:45:11 PM2022-07-23T11:15:11.822688617+00:00 DEBUG │ ┝━ 🐛 [debug]: Sending email to 'test@gmail.com' as 'LLDAP Admin <admin@gmail.com>' via 'admin@gmail.com'@'smtp.gmail.com':'587' today at 4:45:11 PM2022-07-23T11:15:11.823105390+00:00 WARN │ ┕━ 🚧 [warn]: Error sending email: lettre::transport::smtp::Error { today at 4:45:11 PM kind: Connection, today at 4:45:11 PM source: Os { today at 4:45:11 PM code: 16, today at 4:45:11 PM kind: ResourceBusy, today at 4:45:11 PM message: "Device or resource busy", today at 4:45:11 PM }, today at 4:45:11 PM} today at 4:45:11 PM2022-07-23T11:15:11.823152760+00:00 INFO ┕━ ｉ [info]: | status_code: 500 ``` ### SMTP Config ```toml [smtp_options] ## Whether to enabled password reset via email, from LLDAP. enable_password_reset=true server="smtp.gmail.com" port=587 ## Whether to connect with TLS. tls_required=true user="admin@gmail.com" password="password" ## The header field, optional: how the sender appears in the email. The first ## is a free-form name, followed by an email between <>. from="LLDAP Admin <admin@gmail.com>" ## Same for reply-to, optional. reply_to="JustSKY <admin@admin>" ```

kerem commented

2026-02-27 08:15:12 +03:00

Author

Owner

@nitnelave commented on GitHub (Aug 1, 2022):

Sorry to ask that once again, but could you try with :latest-alpine and :latest-debian? We just pushed an update which hopefully solves the problem.

@nitnelave commented on GitHub (Aug 1, 2022): Sorry to ask that once again, but could you try with `:latest-alpine` and `:latest-debian`? We just pushed an update which hopefully solves the problem.

kerem commented

2026-02-27 08:15:12 +03:00

Author

Owner

@just5ky commented on GitHub (Aug 20, 2022):

Using the latest image. It works!!

@just5ky commented on GitHub (Aug 20, 2022): Using the latest image. It works!! ![image](https://user-images.githubusercontent.com/71321862/185756867-f14b738b-a8fe-453a-b4c3-a12023153b06.png)

kerem referenced this issue

2026-02-27 08:17:54 +03:00

[PR #90] [MERGED] docker: Fix pkg copy #536

Rows
Columns

[GH-ISSUE #253] :latest Docker image unable to send emails #88

Logs

SMTP Config

[GH-ISSUE #253] `:latest` Docker image unable to send emails #88