Configure your email server settings

Introduction

Passbolt relies heavily on emails:

Account creation
Account recovery
Notifications on different user actions

Having a working email setup is essential if you want to use passbolt at its best. There are many email providers and each one has its own setup process. The aim of this help page is to provide the basic concepts so each admin can setup their provider adjusting to their particular case.

Requirements

You can follow this procedure if you are meeting the following requirements:

You are running Passbolt Pro > 3.8.0 or Passbolt Cloud
You have an active administrator account

You are running Passbolt Pro < 3.7.3 ?

How does it work?

Configuring the email server through the UI is a feature introduced with Passbolt v3.8.0 to help all administrators manage their SMTP server settings easily.

We moved the email configuration from config/passbolt.php directly into the database and your credentials are encrypted with the server GPG public key.

Access to email server configuration

In order to configure your email server configuration, go to administration setting workspace.

Administration > Email server

Choose your email provider

When you consult your email server settings for the first time, by default, the provider is Other. Everything is filled out except logins details. You are free to edit thoses fields to match your email configuration.

We also provide pre-filled configuration for the SMTP providers listed below.

But still, you can navigate through advanced settings to change all the setings like SMTP host, TLS, and port.

Configure email authentication with your SMTP provider

AWS SES

Elastic Email

Google

Mailchimp

Mailgun

Mailjet

Office 365

Sendgrid

Sendinblue

Zoho

Others

Save the settings

To save the settings, you have to click on the save settings button.

If at least one mandatory field is empty or doesn’t have the expected format, an error alert will appears and the interface jumps to the first mandatory field that doesn’t fit the requirements. This field will also shows an error message in red.

Test email notifications

You can test your configuration by clicking on the send test email button. You must enter a valid recipient email to start the test procedure but the administrator current email is pre-filled.

If the email has been successfully sent and you haven't received anything you should check your spam folder. The logs are also available in a text area if you unfolds the logs section.

Configure SMTP server using custom/self-signed certificate

With the v4.7 release, we have introduced support for SMTP servers using self-signed certificates.

You can set SSL/TLS options in your passbolt.php or environment variables to specify your custom root CA certificate or skip verification (not recommended).

Allow self-signed certificate verification

// config/passbolt.php

return [
    'passbolt' => [
        ...

        'plugins' => [
            ...

            'smtpSettings' => [
                ...
                'security' => [
                    'sslVerifyPeer' => true,
                    'sslVerifyPeerName' => true,
                    'sslAllowSelfSigned' => true, // default = false
                    'sslCafile' => '/path/to/ca.crt'
                ],
            ],

            ...

        ],

        ...
    ],
];

Or, you can also use environment variables:

export PASSBOLT_PLUGINS_SMTP_SETTINGS_SECURITY_SSL_VERIFY_PEER=true
export PASSBOLT_PLUGINS_SMTP_SETTINGS_SECURITY_SSL_VERIFY_PEER_NAME=true
export PASSBOLT_PLUGINS_SMTP_SETTINGS_SECURITY_SSL_ALLOW_SELF_SIGNED=true
export PASSBOLT_PLUGINS_SMTP_SETTINGS_SECURITY_SSL_CAFILE="/path/to/ca.crt"

Skip TLS/SSL verification

The approach of skipping TLS/SSL verification is not recommended but can be useful if you want to test if you are able to connect to your SMTP server.

// config/passbolt.php

return [
    'passbolt' => [
        ...

        'plugins' => [
            ...

            'smtpSettings' => [
                ...
                'security' => [
                    'sslVerifyPeer' => false, // default true
                    'sslVerifyPeerName' => false, // default true
                    'sslAllowSelfSigned' => true, // default false
                ],
            ],

            ...

        ],

        ...
    ],
];

Or, via environment variables:

export PASSBOLT_PLUGINS_SMTP_SETTINGS_SECURITY_SSL_VERIFY_PEER=false
export PASSBOLT_PLUGINS_SMTP_SETTINGS_SECURITY_SSL_VERIFY_PEER_NAME=false
export PASSBOLT_PLUGINS_SMTP_SETTINGS_SECURITY_SSL_ALLOW_SELF_SIGNED=true

Configure SMTP with Passbolt 3.7.3 or earlier version

TLS email providers

If your email provider supports TLS encryption your setup should look like this in config/passbolt.php:

    'EmailTransport' => [
        'default' => [
            'host' => 'your.smtp.provider.host.com',
            'port' => 587,
            'username' => 'user',
            'password' => 'secret',
            'tls' => true,
        ],
    ],

You should replace:

your.smtp.provider.host.com
user
secret

With the actual values for your provider. Usually email providers that support TLS use port 587 however you should check with your provider specific requirements.

SSL email providers

Some providers support SSL encryption and the setup is slightly different from the TLS case. Just change your config/passbolt.php file to look like this:

    'EmailTransport' => [
        'default' => [
            'host' => 'ssl://your.smtp.provider.host.com',
            'port' => 465,
            'username' => 'user',
            'password' => 'secret',
            'tls' => null,
        ],
    ],

All the changes are the same as the TLS providers except that you will set tls to null and replace placeholders with the actual values for your provider.

Introduction​

Requirements​

How does it work?​

Access to email server configuration​

Choose your email provider​

Configure email authentication with your SMTP provider​