I just created a Vaultwarden + Caddy docker in WSL2 from Windows 11.
After initial log on and creating master password I clicked on the Send Email of Verify Email prompt. I have never received the email sent by Vaultwarden.
I have read and followed the instructions here SMTP Configuration · dani-garcia/vaultwarden Wiki - https://github.com/.
extract of SMTP configuration from docke-compose.yml as below…
SMTP_PORT: "465" # 587 starttls
SMTP_SECURITY: "forcetls" # starttls
The password was taken from Google Account App Password facility
Here are the errors from Vaultwarden log …
2023-01-14 23:27:16 [2023-01-15 04:27:16.489][response][INFO] (login) POST /identity/connect/token => 200 OK
2023-01-14 23:27:16 [2023-01-15 04:27:16.532][request][INFO] POST /api/accounts/verify-email
2023-01-14 23:27:16 [2023-01-15 04:27:16.543][vaultwarden::api::core::accounts][ERROR] Error sending verify_email email: Address.
2023-01-14 23:27:16 [CAUSE] InvalidUser
2023-01-14 23:27:16 [2023-01-15 04:27:16.543][response][INFO] (post_verify_email) POST /api/accounts/verify-email => 200 OK
2023-01-14 23:27:22 [2023-01-15 04:27:22.992][request][INFO] GET /api/plans/
2023-01-14 23:27:23 [2023-01-15 04:27:23.005][response][INFO] (get_plans) GET /api/plans => 200 OK
2023-01-14 23:27:26 [2023-01-15 04:27:26.645][request][INFO] GET /api/accounts/revision-date
Can anybody find errors with my configuration? What more information are needed for the investigation?
The error message
InvalidUser points to the local part of the mail address (either in the to: or from:) being wrong.
My guess would be that the quotation marks around the values of the
SMTP_FROM environment variable are causing issues as they seem to be
” and not just
" and thus the value is set to
“firstname.lastname@example.org” instead of
You can check in the /admin page and verify if the SMTP configuration is correct.
still same error with
SMTP_PORT: "587" # 465 587 starttls
SMTP_SECURITY: "starttls" #force_tls starttls
trying /admin saying “The admin panel is disabled, please configure the ‘ADMIN_TOKEN’ variable to enable it”
I have resolved the issues. I think the restart from Docker Desktop did not pick up the updated docker-compose file. I used docker command to down and up the containers and it worked fine now.
As an aside, I would HIGHLY recommend that you change your current Gmail SMTP app password as you appear to have posted it here (as well as your login credentials) unredacted in a public forum (possibly also edit your posting here, but assume it’s already compromised).
Delete the current one you are using and then create another as discussed below.
Even with 2FA on your Google account, this app password bypasses this for SMTP.
While I don’t think (hope) anyone here would use it nefariously, but this is again a public forum open to the internet and anyone can stumble upon this.
Generally good opsec would advise not to have any of your credentials in the clear.
The same would go for your
ADMIN_TOKEN while not sure if your host is publicly available again this is the credential for access to the Admin panel.
So best to change this and keep it closely guarded as well.
Thank you for the advice. I will change the credentials as soon as possible.