Hi guy, I’ve managed to get bitwarden up and running in a docker instance as per the instructions provided by bitwarden here.

Its up and available inside and outside the local network but I can’t figure out how to get it to connect to an email provider so it can send verification emails and invitations. I used my Microsoft hosted email, lets call it [email protected] (domain provided by a 3rd party).

I’ve edited the global.override.env file to suit the values given by Microsoft and opened port 587 in my router, (unclear whether they want SSL or TLS but I’ve tried both)

I’ve also tried to connect with my gmail but no luck. When I try to verify my email I just get “An unhandled server error has occurred”

Bitwarden is also accessed through bitwarden.mydomain.com.au in this example.

Can anyone point me in the right direction, or even let me know where I might find relevant logs. the stuff in the /bwdata/ folder hasn’t been very helpful.

The only thing I can think of is that when I run “docker ps” in the terminal, none of the bitwarden related containers seem to be specifically passing port 587 through, but that was never mentioned in the guide, and I don’t know which container would need it.

Thanks

EDIT: I’ve closed port 587. I also ran the recommended telnet commands to check if I could get to the STMP server and got back a response including STARTTLS so that all good

I found these log entries in the api folder.

With my Microsoft account info

2023-09-10 12:12:42.840 +00:00 [Information] Api started.
2023-09-10 12:13:36.357 +00:00 [Error] 535: 5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully. Contact your administrator>

MailKit.Security.AuthenticationException: 535: 5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully. Contact your administrator>

 ---> MailKit.Net.Smtp.SmtpCommandException: 5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully. Contact your administrator>
   --- End of inner exception stack trace ---

With google info

2023-09-10 12:00:34.585 +00:00 [Error] 534: 5.7.9 Application-specific password required. Learn more at
5.7.9  https://support.google.com/mail/?p=InvalidSecondFactor i8-20020a17090a2ac800b002696aeb72e5sm6280939pjg.2 - gsmtp

MailKit.Security.AuthenticationException: 534: 5.7.9 Application-specific password required. Learn more at
5.7.9  https://support.google.com/mail/?p=InvalidSecondFactor i8-20020a17090a2ac800b002696aeb72e5sm6280939pjg.2 - gsmtp

 ---> MailKit.Net.Smtp.SmtpCommandException: 5.7.9 Application-specific password required. Learn more at
5.7.9  https://support.google.com/mail/?p=InvalidSecondFactor i8-20020a17090a2ac800b002696aeb72e5sm6280939pjg.2 - gsmtp

I then followed the link supplied by google, it leads to a page about two factor authentication and app passwords. After enabling two factor authentication, generating an app password through gmail and using that password in the global.override.env file it’s now all working.

Thanks for your help guys.

Still can’t figure out how to get an app password from Microsoft though.

  • @[email protected]
    link
    fedilink
    English
    4
    edit-2
    1 year ago

    Port 587 is typically support TLS. You can confirm it using telnet (telnet your-email-server 587) then type ehlo your-email-server. If you see STARTTLS in response, then the server can use TLS. By using telnet, you’ll also confirm that you can actually connect to the smtp port because some ISP and cloud vendors start to block outgoing traffics to port 587 these days. If it’s blocked, then you’ll need to find out if your email provider provides alternate ports (e.g. port 2525)