this post was submitted on 10 Sep 2023
24 points (92.9% liked)

Selfhosted

40226 readers
1047 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hi guy, I've managed to get bitwarden up and running in a docker instance as per the instructions provided by bitwarden here.

Its up and available inside and outside the local network but I can't figure out how to get it to connect to an email provider so it can send verification emails and invitations. I used my Microsoft hosted email, lets call it me@mydomain.com.au (domain provided by a 3rd party).

I've edited the global.override.env file to suit the values given by Microsoft and opened port 587 in my router, (unclear whether they want SSL or TLS but I've tried both)

I've also tried to connect with my gmail but no luck. When I try to verify my email I just get "An unhandled server error has occurred"

Bitwarden is also accessed through bitwarden.mydomain.com.au in this example.

Can anyone point me in the right direction, or even let me know where I might find relevant logs. the stuff in the /bwdata/ folder hasn't been very helpful.

The only thing I can think of is that when I run "docker ps" in the terminal, none of the bitwarden related containers seem to be specifically passing port 587 through, but that was never mentioned in the guide, and I don't know which container would need it.

Thanks

EDIT: I've closed port 587. I also ran the recommended telnet commands to check if I could get to the STMP server and got back a response including STARTTLS so that all good

I found these log entries in the api folder.

With my Microsoft account info

2023-09-10 12:12:42.840 +00:00 [Information] Api started.
2023-09-10 12:13:36.357 +00:00 [Error] 535: 5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully. Contact your administrator>

MailKit.Security.AuthenticationException: 535: 5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully. Contact your administrator>

 ---> MailKit.Net.Smtp.SmtpCommandException: 5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully. Contact your administrator>
  
***
End of inner exception stack trace
***

With google info

2023-09-10 12:00:34.585 +00:00 [Error] 534: 5.7.9 Application-specific password required. Learn more at
5.7.9  https://support.google.com/mail/?p=InvalidSecondFactor i8-20020a17090a2ac800b002696aeb72e5sm6280939pjg.2 - gsmtp

MailKit.Security.AuthenticationException: 534: 5.7.9 Application-specific password required. Learn more at
5.7.9  https://support.google.com/mail/?p=InvalidSecondFactor i8-20020a17090a2ac800b002696aeb72e5sm6280939pjg.2 - gsmtp

 ---> MailKit.Net.Smtp.SmtpCommandException: 5.7.9 Application-specific password required. Learn more at
5.7.9  https://support.google.com/mail/?p=InvalidSecondFactor i8-20020a17090a2ac800b002696aeb72e5sm6280939pjg.2 - gsmtp

I then followed the link supplied by google, it leads to a page about two factor authentication and app passwords. After enabling two factor authentication, generating an app password through gmail and using that password in the global.override.env file it's now all working.

Thanks for your help guys.

Still can't figure out how to get an app password from Microsoft though.

top 8 comments
sorted by: hot top controversial new old
[–] herrfrutti@lemmy.world 10 points 1 year ago* (last edited 1 year ago) (1 children)

First, I think you can close that port. You don't need incoming traffic on that port.

I myself use Vaultwarden. But looking on the documentation you need to configure the enviroment correctly.

[–] giddy@aussie.zone 4 points 1 year ago

+1 for Vaultwarden. Much simpler to set up

[–] keyez@lemmy.world 6 points 1 year ago (1 children)

As the other user commented you will need to ensure you have the right ENV vars configured for your SMTP domain. 587 is the incoming port for the SMTP service and none of the containers will have it open and it doesn't need to be open on your router since bitwarden will only send outgoing to SMTP.

Have you tested sending SMTP via CLI or any other service? You will need auth, and an endpoint and your email setup to receive via that method it should all work.

For example I use mailgun.org to send emails from my homelab to my gmail, you cannot send directly to your email address.

[–] SheeEttin@lemmy.world 1 points 1 year ago

I've definitely been able to send unauthenticated to my gmail address. The first few usually go to spam, but once I mark them not spam they arrive in my inbox.

[–] brickfrog@lemmy.dbzer0.com 4 points 1 year ago* (last edited 1 year ago)

and opened port 587 in my router

Agreed with the other comment, you definitely don't need or want to do that on your end. Note that your self hosted instance is trying to establish an outgoing connection with a random port to port 587 at wherever your hosted email is e.g. yourdockeripaddress:randomport --> mydomain.com.au:587

I don't have Bitwarden self hosted so can't offer much advice on a solution but...

I’ve also tried to connect with my gmail but no luck. When I try to verify my email I just get “An unhandled server error has occurred”

This makes me think there's something off with your environment, or the Bitwarden instance itself. Is there a way for you to verify that you can actually use those SMTP servers outside of Bitwarden? This sounds silly but in the past I've done a test installation of an email client with ability to connect to 3rd party SMTP servers e.g. Thunderbird just to verify my own internet connection can actually initiate an SMTP connection to an external server. You want to at least rule out that the hosted email server isn't blocking you and/or have some over-active firewall on your end blocking things.

This is all in the absence of more verbose logging (not sure if Docker or Bitwarden can give you that, something worth checking).

[–] redcalcium@lemmy.institute 4 points 1 year ago* (last edited 1 year ago)

Port 587 is typically support TLS. You can confirm it using telnet (telnet your-email-server 587) then type ehlo your-email-server. If you see STARTTLS in response, then the server can use TLS. By using telnet, you'll also confirm that you can actually connect to the smtp port because some ISP and cloud vendors start to block outgoing traffics to port 587 these days. If it's blocked, then you'll need to find out if your email provider provides alternate ports (e.g. port 2525)

[–] False@lemmy.world 3 points 1 year ago

A lot of ISPs and hosting providers block outbound email by default.

[–] Decronym@lemmy.decronym.xyz 3 points 1 year ago* (last edited 1 year ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
SMTP Simple Mail Transfer Protocol
SSL Secure Sockets Layer, for transparent encryption
TLS Transport Layer Security, supersedes SSL

2 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.

[Thread #126 for this sub, first seen 10th Sep 2023, 11:25] [FAQ] [Full list] [Contact] [Source code]