[GH-ISSUE #4528] Panic if temporary SMTP-Problem #1910

New issue

Closed

opened 2026-03-03 02:13:19 +03:00 by kerem · 2 comments

kerem commented 2026-03-03 02:13:19 +03:00

Owner

Copy link

Originally created by @Subito on GitHub (Apr 29, 2024).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/4528

Subject of the issue

Sometimes on trying to send a 2FA-Mail, the SMTP Server replies with 454: 4.7.0 Temporary authentication failure, which should indicate to the sender "please try later, this is a temporary problem". However vaultwarden panics if it receives this error and the server stops.

Deployment environment

• vaultwarden version: 1.30.3

• Install method: FreeBSD pkg

• Clients used: happens on all clients on Login

• Reverse proxy and version: nginx

• Other relevant details:

Expected behaviour

Server does not crash if it receives a temporary SMTP-Failure.

Actual behaviour

Server crashes and needs restarting.

Troubleshooting data

Apr 29 16:13:58 vault1 vaultwarden[66287]: [2024-04-29 16:13:58.251][vaultwarden::mail][ERROR] SMTP 4xx error: transient error (454): 4.7.0 Temporary authentication failure: Connection lost to authentication server
Apr 29 16:13:58 vault1 vaultwarden[66287]: [2024-04-29 16:13:58.252][panic][ERROR] thread 'tokio-runtime-worker' panicked at 'Error sending incomplete 2FA email: SMTP 4xx error: transient error (454): 4.7.0 Temporary authentication failure: Connection lost to authentication server': src/api/core/two_factor/mod.rs:273

Originally created by @Subito on GitHub (Apr 29, 2024). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/4528 <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue <!-- Describe your issue here. --> Sometimes on trying to send a 2FA-Mail, the SMTP Server replies with `454: 4.7.0 Temporary authentication failure`, which should indicate to the sender "please try later, this is a temporary problem". However vaultwarden panics if it receives this error and the server stops. ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> * vaultwarden version: 1.30.3 <!-- How the server was installed: Docker image, OS package, built from source, etc. --> * Install method: FreeBSD pkg * Clients used: happens on all clients on Login <!-- web vault, desktop, Android, iOS, etc. (if applicable) --> * Reverse proxy and version: nginx <!-- if applicable --> * Other relevant details: ### Expected behaviour <!-- Tell us what you expected to happen --> Server does not crash if it receives a temporary SMTP-Failure. ### Actual behaviour <!-- Tell us what actually happened --> Server crashes and needs restarting. ### Troubleshooting data ``` Apr 29 16:13:58 vault1 vaultwarden[66287]: [2024-04-29 16:13:58.251][vaultwarden::mail][ERROR] SMTP 4xx error: transient error (454): 4.7.0 Temporary authentication failure: Connection lost to authentication server Apr 29 16:13:58 vault1 vaultwarden[66287]: [2024-04-29 16:13:58.252][panic][ERROR] thread 'tokio-runtime-worker' panicked at 'Error sending incomplete 2FA email: SMTP 4xx error: transient error (454): 4.7.0 Temporary authentication failure: Connection lost to authentication server': src/api/core/two_factor/mod.rs:273 ```

kerem 2026-03-03 02:13:19 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-03-03 02:13:20 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Apr 29, 2024):

Vaultwarden does not have a retry mechanisch for these kind of scenarios. The message indicates a connection error.

Most of the time temp errors should be tried again after a few minutes, but this is not something Vaultwarden handles. I also do not thing Vaultwarden should handle those and try again actually. That kind of functionality belongs to mail servers, not clients.

We probably can catch this error and return an error instead of a panic though, that is probably nicer then a panic.

<!-- gh-comment-id:2083569863 --> @BlackDex commented on GitHub (Apr 29, 2024): Vaultwarden does not have a retry mechanisch for these kind of scenarios. The message indicates a connection error. Most of the time temp errors should be tried again after a few minutes, but this is not something Vaultwarden handles. I also do not thing Vaultwarden should handle those and try again actually. That kind of functionality belongs to mail servers, not clients. We probably can catch this error and return an error instead of a panic though, that is probably nicer then a panic.

kerem commented 2026-03-03 02:13:20 +03:00

Author

Owner

Copy link

@Subito commented on GitHub (Apr 30, 2024):

Of course, just catching the error would be great. As you said: Any sort of queue-and-retry should be handled on a mailserver. But panicing on a simple SMTP-Error is probably not great. Just logging an error would be perfect.

<!-- gh-comment-id:2084480234 --> @Subito commented on GitHub (Apr 30, 2024): Of course, just catching the error would be great. As you said: Any sort of queue-and-retry should be handled on a mailserver. But panicing on a simple SMTP-Error is probably not great. Just logging an error would be perfect.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#1910

No description provided.