Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Unable to verify bitwarden user with Cloudron email domain config set to disabled

    Support
    5
    13
    611
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ChristopherMag
      ChristopherMag last edited by

      Due to compliance requirements I cannot enable email on our cloudron instance and so the domain that was configured is set to disabled:

      a1150419-5327-440f-a38a-3cd4e5c7ae00-image.png

      I have several bitwarden users setup but they were all setup and their email addresses verified before the domain was disabled.

      I have created a new cloudron user and then created a new bitwarden user by opening the bitwarden app as the new cloudron user and selecting Create Account on the bitwarden login screen.

      The user can now log in to bitwarden but after logging in they see the orange Verify Email box in the top right indicating that they need to verify their email address to unlock all features.

      I have accessed the vaultwarden admin panel and can see that this user doesn't have the green verified label whereaas all the other users I have do.

      How do I get this user verified/turn on the verified flag so that the user has full functionality without enabling email on our cloudron server?

      robi RoundHouse1924 2 Replies Last reply Reply Quote 0
      • robi
        robi @ChristopherMag last edited by

        @christophermag click the action buttons to find the link that is sent in email for verification.

        Life of Advanced Technology

        nebulon ChristopherMag 2 Replies Last reply Reply Quote 0
        • nebulon
          nebulon Staff @robi last edited by

          @ChristopherMag just to be sure, sending out emails on a domain is usually still possible to be supported, even if the receiving/mailbox side is disabled. Only sending is also the default on Cloudron. I am just mentioning that, since nearly all apps eventually require sending out emails for various reasons and just wanted to make sure the distinction of purely sending and a whole email solution is known.

          ChristopherMag 1 Reply Last reply Reply Quote 1
          • ChristopherMag
            ChristopherMag @robi last edited by

            @robi Clicking either of these two buttons under the Actions heading does not show the link that was sent:

            259ed571-867d-4d70-add6-516c63e1e868-image.png

            I think your referring to the ability to see emails that pass through cloudron and so if bitwarden had generated an email you would be able to view it but when incoming email is disabled in cloudron then the SMTP server configuration that gets pushed into the apps points to a smtp server that doesn't respond so no email is even generated by bitwarden.

            1 Reply Last reply Reply Quote 0
            • RoundHouse1924
              RoundHouse1924 @ChristopherMag last edited by RoundHouse1924

              @christophermag said in Unable to verify bitwarden user with Cloudron email domain config set to disabled:

              Due to compliance requirements I cannot enable email on our cloudron instance

              I'm puzzled as to what requirements would prevent outbound only email.

              ChristopherMag 1 Reply Last reply Reply Quote 0
              • ChristopherMag
                ChristopherMag @RoundHouse1924 last edited by

                @roundhouse1924 As an example we use Wekan and it sends email notifications when a card has been moved and includes the title of the card that was moved.

                That title might contain personally identifiable information about a client and so cannot be sent out via email.

                In theory apps like Wekan can be configured to restrict what it sends or sanitize it but I have experienced issues where some code path incorrectly sent out an email even though it shouldn't.

                The easiest we to prevent that from happening seemed to be setting the Email Relay to disable:
                8c42f2ce-8efb-43da-a2ad-26067f80b240-image.png

                If it was possible to only allow outbound email for bitwarden that would probably be ok.

                1 Reply Last reply Reply Quote 0
                • ChristopherMag
                  ChristopherMag @nebulon last edited by

                  @nebulon Maybe I didn't word this well.

                  We have Outbound email set to disabled.

                  With this setting when apps try to make an SMTP connection to send email to the mail server that Cloudron specified the app use it fails to make the smtp connection.

                  If it was possible for the Cloudron SMTP server to receive Outbound destined email from apps but then never actually send it on that would allow us to go in and pull out the emails that we need like those generated by bitwarden.

                  ChristopherMag 1 Reply Last reply Reply Quote 0
                  • ChristopherMag
                    ChristopherMag @ChristopherMag last edited by ChristopherMag

                    Here is a more clear example a specific issue I am hitting that I believe is the the same root cause, outgoing email being disabled which internally disables the cloudron smtp server.

                    If I add a user to a Bitwarden Organization it tries to send them an email and fails with the following:

                    6e509323-4c36-461e-aba8-16ccd348c5fd-image.png

                    This currently is preventing me from sharing the passwords we use within that organization with this new user.

                    ChristopherMag 1 Reply Last reply Reply Quote 0
                    • ChristopherMag
                      ChristopherMag @ChristopherMag last edited by ChristopherMag

                      @nebulon can you please mark this issue solved?

                      To resolve this I did the following:

                      • Installed smtp4dev on another computer on the network
                      • Configured Cloudron with the External SMTP Server (No Authentication) Email relay option
                        167c7bc0-aa66-4cc0-bc3f-4925544927c8-image.png
                      • Put in the ip address of the system running smtp4dev

                      After that I could view the emails being sent by bitwarden in the smtp4dev web interface and then open the "verify email address" and "join organization" links bitwarden sent out via email so that the user is fully setup in bitwarden and then finally confirm the user's joining the organization in bitwarden as that also requires an email to be able to be sent to complete.

                      I have now set Email Relay back to disable and will repeat these steps when needing to add new users's in the future.

                      nebulon 1 Reply Last reply Reply Quote 0
                      • nebulon
                        nebulon Staff @ChristopherMag last edited by

                        @christophermag interesting solution then. Also this likely gives you a better view on those mails instead of raw mail data or mail event logs from the Cloudron mail server.

                        ChristopherMag 1 Reply Last reply Reply Quote 0
                        • ChristopherMag
                          ChristopherMag @nebulon last edited by

                          @nebulon If it was possible to get "raw mail data or mail event logs from the Cloudron mail server" with Outbound > Email Relay, Disabled configured it would really help out in situations like this as I would prefer not to have to take the steps I did.

                          In case anyone is looking at this later, the SMTP server that Cloudron configures apps to use will not respond to any connections from those apps (as evidenced by the error messages above in this thread) when Email Relay is set to Disabled.

                          It would be nice if when Email Relay was set to Disabled the internal Cloudron mail server still received the email from the app and just didn't forward it anywhere but that is not the current behavior.

                          girish 1 Reply Last reply Reply Quote 0
                          • girish
                            girish Staff @ChristopherMag last edited by

                            @christophermag The email server currently does not store raw email. This is probably quite a bit of work! But the mail server actually does have a way to log raw emails. Maybe that's sufficient? We should have something to have verbose logs in the next release as part of the various email improvements.

                            ChristopherMag 1 Reply Last reply Reply Quote 1
                            • ChristopherMag
                              ChristopherMag @girish last edited by

                              @girish That sounds great, if there was a way to access the content of what the app was trying to send that would be good enough for me, no specific need for it to be in a mail format, json, or any other specific data structure.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Powered by NodeBB