SMTP not working

Hello everybody,

I am really new to Vautlwarden, in fact, password managers for that matter. I find that a working SMTP, it’s a must for one(might be wrong).
Anyway, I have an alpine-vaultwarden container on a Proxmox host that apart from the SMTP thingy works fine and snappy.

What is strange is the fact I do not seem to find these exact symptoms online.

Here is a photo of the error I got when trying to test the functionality of the SMTP configuration:

Capture d’écran 2023-03-24 à 22.01.40898×222 19.1 KB

If I try to send an invitation to a mail address, i get this in the acces.log:

[2023-03-24 20:42:34.526][vaultwarden::mail][ERROR] SMTP timeout error: Connection error: connection timed out
[2023-03-24 20:43:05.375][vaultwarden::mail][ERROR] SMTP timeout error: Connection error: connection timed out
[2023-03-24 20:44:08.445][vaultwarden::mail][ERROR] SMTP timeout error: Connection error: connection timed out

And here is my Suport String:

Your environment (Generated via diagnostics page)

• Vaultwarden version: v
• Web-vault version: v2022.12.0
• Running within Docker: false (Base: Alpine)
• Environment settings overridden: true
• Uses a reverse proxy: true
• IP Header check: true (X-Real-IP)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Database type: SQLite
• Database version: 3.39.2
• Clients used:
• Reverse proxy and version:
• Other relevant information:

Config (Generated via diagnostics page)

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": false,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_smtp_img_src": "https://auth.cabivr.net/vw_static/",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "/var/lib/vaultwarden/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "/var/lib/vaultwarden",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "*******************************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://***************",
  "domain_origin": "*****://***************",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "/var/lib/vaultwarden/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "/var/lib/vaultwarden/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "/var/lib/vaultwarden/sends",
  "show_password_hint": false,
  "signups_allowed": true,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": false,
  "smtp_explicit_tls": null,
  "smtp_from": "*******************",
  "smtp_from_name": "vaultwarden",
  "smtp_host": "***************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "*******************",
  "templates_folder": "/var/lib/vaultwarden/templates",
  "tmp_folder": "/var/lib/vaultwarden/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "/var/lib/vaultwarden/web-vault",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": false,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Vaultwarden isn’t able to connect to the smtp server for some reason. That is at least what the message is telling me.

Are you able to connect to that mail server manually?
Something like

nc -vz mail.host.tld 587

Hey,
Thanks for your reply.
It does connect, yes:

nc -vz  smtp.gmail.com 587
smtp.gmail.com ([2a00:1450:4013:c08::6c]:587) open

And what about

docker exec -it vaultwarden nc -w5 -vz smtp.gmail.com 587

Because if that works, or should work for Vaultwarden also, unless you made a typo somewhere.

This is a Proxmox LXC container actually, so the first command was made in the container and not on the host.
Here is the result for the second try:

alpine-vaultwarden:~# nc -w5 -vz smtp.gmail.com 587
smtp.gmail.com ([2a00:1450:400c:c00::6c]:587) open

Strange. Then i have no clue why it is not working.
You could try to enable trace logging and smtp_debug and see if that provides some info.

Other then that, i have no clue.

Gmail uses specific security measures and configurations for third-party applications. Here are some additional steps to troubleshoot SMTP settings for Gmail:

1. Allow less secure apps: For sending emails through Gmail SMTP from any third-party app, you have to enable the setting “Less secure app access.” You can do this from the Google Account settings here. Note that this option is only available for accounts that do not have 2-step verification enabled. If 2-step verification is enabled, you will need to generate and use an App password (see next point).
2. Use App Password: If you have 2-step verification enabled, you will have to generate an App Password and use that instead of your regular password. You can generate an App Password here. The App Password will have to be used in the smtp_password setting.
3. Unlock CAPTCHA: Sometimes Google may block sign-in attempts from new locations or devices. You can unlock it using this link.
4. SMTP Server: Ensure the SMTP server is set to smtp.gmail.com.
5. SMTP Port: For Gmail, you can also try using port 465 with smtp_security set to ssl, which is another configuration Gmail supports for SMTP.

Remember to restart your Vaultwarden instance after making these changes.

Hello,
Thanks for your reply, I actually found the problem, a week or so after this post and I forgot to mention it.
I had a space in the smtp_password variable, once that was corrected, all went fine.

Hi, this might be a bit off topic but I’m trying to use the Brevo SMTP with Vaultwarden but I’m getting connection timeout errors.

nc -vz -w 15 smtp-relay.brevo.com 587
nc: connect to smtp-relay.brevo.com (1.179.115.1) port 587 (tcp) timed out: Operation now in progress
nc -vz -w 15 smtp.gmail.com 587
Connection to smtp.gmail.com (2a00:1450:400c:c0c::6c) 587 port [tcp/submission] succeeded!

Seems like all IPv6 connections work but all IPv4 connections get timed out. Is this a hosting provider issue? Thanks

Looks like you are not allowed to connect to those servers.

nc -vz -w 15 smtp-relay.brevo.com 2525
Connection to smtp-relay.brevo.com (1.179.115.1) 2525 port [tcp/*] succeeded!

Port 2525 works, is that equivalent to 587 and TLS compatible? Thanks a lot!

That is unknown for me. The server can use any port for Abby service.