Cannot send email through sendgrid

Help
1

Hello.

I am unable to send emails through sendgrid. I have both my domain verified and a single sender verified through sendgrid. At the same time, I do have docker mailserver using sendgrid without issue. I get the same error whether I use the single verified sender directly configured through vaultwarden, or when I have vaultwarden send through the docker mailserver.

For the sake of this help request, I have configured vaultwarden to send emails with the exact same configuration as my docker mail server and using the verified single sender as configured in sendgrid.

Sendgrid Sender Authentication

2023-04-02 10_20_03-SendGrid — Mozilla Firefox
2023-04-02 10_20_03-SendGrid — Mozilla Firefox1488×607 40.6 KB

Vaultwarden Diagnostics

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.28.0
  • Web-vault version: v2023.3.0b
  • OS/Arch: linux/x86_64
  • Running within Docker: true (Base: Debian)
  • Environment settings overridden: true
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Browser/Server Time Check: true
  • Server/NTP Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Database type: SQLite
  • Database version: 3.39.2
  • Clients used:
  • Reverse proxy and version:
  • Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, INVITATIONS_ALLOWED, ADMIN_TOKEN

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_smtp_img_src": "cid:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*************************",
  "domain_origin": "*****://*************",
  "domain_path": "************",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "extended_logging": true,
  "helo_name": "*************",
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "XXXXXXXXXX",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "trace",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "***************",
  "smtp_from_name": "XXXXXXXXXXXXX",
  "smtp_host": "*****************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "******",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

[2023-04-02 10:14:01.781][vaultwarden::mail][DEBUG] SMTP 5xx error: lettre::transport::smtp::Error {
kind: Permanent(
Code {
severity: PermanentNegativeCompletion,
category: MailSystem,
detail: Zero,
},
),
source: “The from address does not match a verified Sender Identity. Mail cannot be sent until this error is resolved. Visit Sender Identity | Twilio to see the Sender Identity requirements”,
}
[2023-04-02 10:14:01.781][vaultwarden::mail][ERROR] SMTP 5xx error: permanent error (550): The from address does not match a verified Sender Identity. Mail cannot be sent until this error is resolved. Visit Sender Identity | Twilio to see the Sender Identity requirements

As stated above, I do have docker mailserver relaying mail to sendgrid successfully. I also have instances of wikijs, gitea, as well as a handful of users sending emails successfully. I originally setup vaultwarden the same way (sending through the mailserver) but immediately encountered the same 550 error from sendgrid. At this point, I configured vaultwarden to use sendgrid directly (even using the single verified sender method), but its still getting the same 550 error.

Is there any way to configure vaultwarden to show the actual message being sent to sendgrid? This might help in indentifying the issue. I already have it set to trace with extended set to true, but the above messages are all that are printed on the output using the admin panel’s test email functionality.

Thanks for your time in this matter.

2

The problem has corrected itself somehow.

I pulled down my own copy of the source and was in the process of testing my own build so I could add more debug around the email functionality when I found I was not able to replicate the original issue. Returning to the already running instance, it too is now able to send emails. I had changed nothing. I then returned the instance to using the local mailserver to relay messages to sendgrid and it too was now working. I cannot explain why other addresses being relayed were not similarly affected. I am pretty confident the actual error resided with sendgrid and whatever the problem was with this new sender has been resolved.

tl;dr Email functionality using sendgrid is working as expected.