starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-26 01:35:54 +03:00
Code Issues 39 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #995] Still Problems with smtp #708

New issue
Closed
opened 2026-03-03 02:02:23 +03:00 by kerem · 4 comments
kerem commented 2026-03-03 02:02:23 +03:00
Owner
Copy link

Originally created by @dschense on GitHub (May 13, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/995

I tried to setup my smtp Server (mailcow) with the docker-compose and the Admin Site.
There seems to be no Connection to the Server.
I have no logs inside the mailcow server.
Just a 400error in the bitwarden log File.
Outsider the Container in can connect to the smtp without Problems.
Cant find any errors for encryption Problems or anything else.
Are there any other people who have problems setting up the smtp Connection?

Originally created by @dschense on GitHub (May 13, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/995 I tried to setup my smtp Server (mailcow) with the docker-compose and the Admin Site. There seems to be no Connection to the Server. I have no logs inside the mailcow server. Just a 400error in the bitwarden log File. Outsider the Container in can connect to the smtp without Problems. Cant find any errors for encryption Problems or anything else. Are there any other people who have problems setting up the smtp Connection?
kerem closed this issue 2026-03-03 02:02:24 +03:00
kerem commented 2026-03-03 02:02:25 +03:00
Author
Owner
Copy link

@mqus commented on GitHub (May 13, 2020):

Can you describe your configuration in detail? e.g. did you use tls, which ports etc? Which version of bitwarden_rs are you running on?
Also, could you change the logging level via the env variable (to trace or debug, see https://github.com/dani-garcia/bitwarden_rs/blob/master/.env.template#L56) and look at the logs again?

I'm assuming everything else works so far, as you didn't mention anything. Is that right?

<!-- gh-comment-id:628236716 --> @mqus commented on GitHub (May 13, 2020): Can you describe your configuration in detail? e.g. did you use tls, which ports etc? Which version of bitwarden_rs are you running on? Also, could you change the logging level via the env variable (to `trace` or `debug`, see https://github.com/dani-garcia/bitwarden_rs/blob/master/.env.template#L56) and look at the logs again? I'm assuming everything else works so far, as you didn't mention anything. Is that right?
kerem commented 2026-03-03 02:02:25 +03:00
Author
Owner
Copy link

@dschense commented on GitHub (May 14, 2020):

Jep, everything else runs without problem.

Iam running this on a proxmox Host on a lxc container behind a pfsense vm (docker runs without problems) - mailserver is reachable from lxc with ping, over telnet, nc and openssl (handshake works). lxc container runs with ipv4 and ipv6. dockercontainer runs on 8080 (no ssl), nginx on the lxc runs on 80 and proxies to docker on 8080.
haproxy on the pfsense offloads https from the domain to the nginx on the lxc container.

chain:
world -- pfsense (haproxy) 443 offload -- lxc nginx 80 -- docker 8080

Testmail - LOG:

[2020-05-14 07:16:03][request][INFO] POST /admin/test/smtp/
[2020-05-14 07:16:06][request][INFO] GET /alive
[2020-05-14 07:16:06][response][INFO] GET /alive (alive) => 200 OK
[2020-05-14 07:16:18][error][ERROR] SmtpError.
[CAUSE] Client(
    "Could not connect",
)
[2020-05-14 07:16:18][response][INFO] POST /admin/test/smtp (test_smtp) => 400 Bad Request

docker-compose.yml:

# docker-compose.yml
version: '3'

services:
 bitwarden:
  image: bitwardenrs/server:latest
  restart: always
  container_name: bitwarden_rs
  volumes:
      - ./bw-data:/data
  ports:
    - 8080:80
  environment:
   DOMAIN: 'https://mydomain.tdl'
   EXTENDED_LOGGING: 'true'
   LOG_LEVEL: 'DEBUG'
   LOG_FILE: '/data/bitwarden.log'
   SIGNUPS_ALLOWED: 'true'
   ADMIN_TOKEN: 'fQ5DQV3gfBtPzuuaknK5UPwxCeB2TnWGuq22uUWi'
   WEBSOCKET_ENABLED: 'true'
   SMTP_HOST: 'mail.myhost.tdl'
   SMTP_FROM: 'myname@myhost.tdl'
   SMTP_FROM_NAME: 'myname'
   SMTP_PORT: '587'
   SMTP_SSL: 'true'
   SMTP_USERNAME: 'myname@myhost.tdl'
   SMTP_PASSWORD: 'mypassword'
   SMTP_AUTH_MECHANISM: 'Plain'
   SMTP_TIMEOUT: '15'

nginx conf:

server {
  listen 80;
  listen [::]:80;

  server_name _;

  access_log /var/log/nginx/bitwarden/access.log;
  error_log /var/log/nginx/bitwarden/error.log;

  # Specify SSL config if using a shared one.
  #include conf.d/ssl/ssl.conf;

  # Allow large attachments
  client_max_body_size 128M;

  location / {
    proxy_pass http://localhost:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }

  location /notifications/hub {
    proxy_pass http://localhost:3012;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

  location /notifications/hub/negotiate {
    proxy_pass http://localhost:8080;
  }

  # Optionally add extra authentication besides the AUTH_TOKEN
  # If you don't want this, leave this part out
  location /admin {
    # See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
    auth_basic "Private";
    auth_basic_user_file /etc/nginx/htpasswd-bitwarden;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_pass http://localhost:8080;
  }

}

I tried to test the smtp connection from inside the container:

openssl s_client -starttls smtp -connect mail.mydomain.tdl:587
openssl s_client -connect mail.mydomain.tdl:465

but nothing happens. there is no output after pushing the commands just jump on empty new line.

when I try this outside the docker container everything works. connecting to the server is working.
getting working handshake. Its using Protocol : TLSv1.3

<!-- gh-comment-id:628392321 --> @dschense commented on GitHub (May 14, 2020): Jep, everything else runs without problem. Iam running this on a proxmox Host on a lxc container behind a pfsense vm (docker runs without problems) - mailserver is reachable from lxc with ping, over telnet, nc and openssl (handshake works). lxc container runs with ipv4 and ipv6. dockercontainer runs on 8080 (no ssl), nginx on the lxc runs on 80 and proxies to docker on 8080. haproxy on the pfsense offloads https from the domain to the nginx on the lxc container. ``` chain: world -- pfsense (haproxy) 443 offload -- lxc nginx 80 -- docker 8080 ``` Testmail - LOG: ``` [2020-05-14 07:16:03][request][INFO] POST /admin/test/smtp/ [2020-05-14 07:16:06][request][INFO] GET /alive [2020-05-14 07:16:06][response][INFO] GET /alive (alive) => 200 OK [2020-05-14 07:16:18][error][ERROR] SmtpError. [CAUSE] Client( "Could not connect", ) [2020-05-14 07:16:18][response][INFO] POST /admin/test/smtp (test_smtp) => 400 Bad Request ``` docker-compose.yml: ``` # docker-compose.yml version: '3' services: bitwarden: image: bitwardenrs/server:latest restart: always container_name: bitwarden_rs volumes: - ./bw-data:/data ports: - 8080:80 environment: DOMAIN: 'https://mydomain.tdl' EXTENDED_LOGGING: 'true' LOG_LEVEL: 'DEBUG' LOG_FILE: '/data/bitwarden.log' SIGNUPS_ALLOWED: 'true' ADMIN_TOKEN: 'fQ5DQV3gfBtPzuuaknK5UPwxCeB2TnWGuq22uUWi' WEBSOCKET_ENABLED: 'true' SMTP_HOST: 'mail.myhost.tdl' SMTP_FROM: 'myname@myhost.tdl' SMTP_FROM_NAME: 'myname' SMTP_PORT: '587' SMTP_SSL: 'true' SMTP_USERNAME: 'myname@myhost.tdl' SMTP_PASSWORD: 'mypassword' SMTP_AUTH_MECHANISM: 'Plain' SMTP_TIMEOUT: '15' ``` nginx conf: ``` server { listen 80; listen [::]:80; server_name _; access_log /var/log/nginx/bitwarden/access.log; error_log /var/log/nginx/bitwarden/error.log; # Specify SSL config if using a shared one. #include conf.d/ssl/ssl.conf; # Allow large attachments client_max_body_size 128M; location / { proxy_pass http://localhost:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /notifications/hub { proxy_pass http://localhost:3012; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /notifications/hub/negotiate { proxy_pass http://localhost:8080; } # Optionally add extra authentication besides the AUTH_TOKEN # If you don't want this, leave this part out location /admin { # See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/ auth_basic "Private"; auth_basic_user_file /etc/nginx/htpasswd-bitwarden; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://localhost:8080; } } ``` I tried to test the smtp connection from inside the container: ``` openssl s_client -starttls smtp -connect mail.mydomain.tdl:587 openssl s_client -connect mail.mydomain.tdl:465 ``` but nothing happens. there is no output after pushing the commands just jump on empty new line. when I try this outside the docker container everything works. connecting to the server is working. getting working handshake. Its using Protocol : TLSv1.3
kerem commented 2026-03-03 02:02:25 +03:00
Author
Owner
Copy link

@dschense commented on GitHub (May 14, 2020):

IAM SO SORRY! I found my mistake.

It was a bad configured NAT on my pfsense firewall.

this was enabled
Enable NAT Reflection for 1:1 NAT

but this was missing:
Enable automatic outbound NAT for Reflection

after enabling the second everything is running. So smtp from the docker-image works out of the box.

<!-- gh-comment-id:628527632 --> @dschense commented on GitHub (May 14, 2020): IAM SO SORRY! I found my mistake. It was a bad configured NAT on my pfsense firewall. this was enabled `Enable NAT Reflection for 1:1 NAT` but this was missing: `Enable automatic outbound NAT for Reflection` after enabling the second everything is running. So smtp from the docker-image works out of the box.
kerem commented 2026-03-03 02:02:25 +03:00
Author
Owner
Copy link

@Pofilo commented on GitHub (May 18, 2020):

Thanks for the sharing :)
This issue can be closed !

<!-- gh-comment-id:630139930 --> @Pofilo commented on GitHub (May 18, 2020): Thanks for the sharing :) This issue can be closed !
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
revert-7033-patch-1
cached-config-operations
test_dylint
1.35.8
1.35.7
1.35.6
1.35.5
1.35.4
1.35.3
1.35.2
1.35.1
1.35.0
1.34.3
1.34.2
1.34.1
1.34.0
1.33.2
1.33.1
1.33.0
1.32.7
1.32.6
1.32.5
1.32.4
1.32.3
1.32.2
1.32.1
1.32.0
1.31.0
1.30.5
1.30.4
1.30.3
1.30.2
1.30.1
1.30.0
1.29.2
1.29.1
1.29.0
1.28.1
1.28.0
1.27.0
1.26.0
1.25.2
1.25.1
1.25.0
1.24.0
1.23.1
1.23.0
1.22.2
1.22.1
1.22.0
1.21.0
1.20.0
1.19.0
1.18.0
1.17.0
1.16.3
1.16.2
1.16.1
1.16.0
1.15.1
1.15.0
1.14.2
1.14.1
1.14
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.1
1.9.0
1.8.0
1.7.0
1.6.1
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
0.13.0
0.12.0
0.11.0
0.10.0
0.9.0
Labels
Clear labels   
SSO

   
Third party

   
better for forum

   
bug

   
bug

   
documentation

   
duplicate

   
enhancement

   
future Vault

   
future Vault

   
future Vault

   
good first issue

   
help wanted

   
low priority

   
notes

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
troubleshooting

   
wontfix
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden#708
No description provided.