Cannot get mail to work using docker compose

[wrekklol]

I just cannot get mailing to work. I've tried both smtp and sendmail, but with no luck. I've tested both smtp and sendmail outside of 2FAuth, and they work. So I'm not sure what I am doing wrong. :(

Another quick question is, can/should I edit the .env file when using docker compose?

This is my docker compose file (I've removed sensitive data):

services:
  2fauth:
    image: 2fauth/2fauth
    container_name: 2fauth
    volumes:
      - ./2fauth:/2fauth
    ports:
      - 8000:8000/tcp
    environment:
      # You can change the name of the app
      - APP_NAME=2FAuth
      # You can leave this on "local". If you change it to production most console commands will ask for extra confirmation.
      # Never set it to "testing".
      - APP_ENV=local
      # The timezone for your application, which is used to record dates and times to database. This global setting can be
      # overridden by users via in-app settings for a personalised dates and times display.
      # If this setting is changed while the application is already running, existing records in the database won't be updated
      - APP_TIMEZONE=Europe/Copenhagen
      # Set to true if you want to see debug information in error screens.
      - APP_DEBUG=true
      # This should be your email address
      - SITE_OWNER=my@mail.com
      # The encryption key for  our database and sessions. Keep this very secure.
      # If you generate a new one all existing data must be considered LOST.
      # Change it to a string of exactly 32 chars or use command `php artisan key:generate` to generate it
      - APP_KEY=mykey
      # This variable must match your installation's external address.
      # Webauthn won't work otherwise.
      - APP_URL=myurl
      # If you want to serve js assets from a CDN (like https://cdn.example.com),
      # uncomment the following line and set this var with the CDN url.
      # Otherwise, let this line commented.
      # - ASSET_URL=http://localhost
      #
      # Turn this to true if you want your app to react like a demo.
      # The Demo mode reset the app content every hours and set a generic demo user.
      - IS_DEMO_APP=false
      # The log channel defines where your log entries go to.
      # 'daily' is the default logging mode giving you 7 daily rotated log files in /storage/logs/.
      # Also available are 'errorlog', 'syslog', 'stderr', 'papertrail', 'slack' and a 'stack' channel
      # to combine multiple channels into a single one.
      - LOG_CHANNEL=daily
      # Log level. You can set this from least severe to most severe:
      # debug, info, notice, warning, error, critical, alert, emergency
      # If you set it to debug your logs will grow large, and fast. If you set it to emergency probably
      # nothing will get logged, ever.
      - LOG_LEVEL=debug
      # Database config (can only be sqlite)
      - DB_DATABASE="/srv/database/database.sqlite"
      # If you're looking for performance improvements, you could install memcached.
      - CACHE_DRIVER=file
      - SESSION_DRIVER=file
      # Mail settings
      # Refer your email provider documentation to configure your mail settings
      # Set a value for every available setting to avoid issue
      - MAIL_MAILER=smtp
      - MAIL_HOST=myhost
      - MAIL_PORT=587
      - MAIL_USERNAME=myhostusername
      - MAIL_PASSWORD=myhostpassword
      - MAIL_ENCRYPTION=tls
      - MAIL_FROM_NAME=Cool Name
      - MAIL_FROM_ADDRESS=myother@mail.com
      # SSL peer verification.
      # Set this to false to disable the SSL certificate validation.
      # WARNING
      # Disabling peer verification can result in a major security flaw.
      # Change it only if you know what you're doing.
      - MAIL_VERIFY_SSL_PEER=true
      # API settings
      # The maximum number of API calls in a minute from the same IP.
      # Once reached, all requests from this IP will be rejected until the minute has elapsed.
      # Set to null to disable the API throttling.
      - THROTTLE_API=60
      # Authentication settings
      # The number of times per minute a user can fail to log in before being locked out.
      # Once reached, all login attempts will be rejected until the minute has elapsed.
      # This setting applies to both email/password and webauthn login attemps.
      - LOGIN_THROTTLE=5
      # The default authentication guard
      # Supported:
      #   'web-guard' : The Laravel built-in auth system (default if nulled)
      #   'reverse-proxy-guard' : When 2FAuth is deployed behind a reverse-proxy that handle authentication
      # WARNING
      # When using 'reverse-proxy-guard' 2FAuth only look for the dedicated headers and skip all other built-in
      # authentication checks. That means your proxy is fully responsible of the authentication process, 2FAuth will
      # trust him as long as headers are presents.
      - AUTHENTICATION_GUARD=web-guard
      # Authentication log retention time, in days.
      # Log entries older than that are automatically deleted.
      - AUTHENTICATION_LOG_RETENTION=365
      # Name of the HTTP headers sent by the reverse proxy that identifies the authenticated user at proxy level.
      # Check your proxy documentation to find out how these headers are named (i.e 'REMOTE_USER', 'REMOTE_EMAIL', etc...)
      # (only relevant when AUTHENTICATION_GUARD is set to 'reverse-proxy-guard')
      - AUTH_PROXY_HEADER_FOR_USER=null
      - AUTH_PROXY_HEADER_FOR_EMAIL=null
      # Custom logout URL to open when using an auth proxy.
      - PROXY_LOGOUT_URL=null
      # WebAuthn settings
      # Relying Party name, aka the name of the application. If blank, defaults to APP_NAME. Do not set to null.
      - WEBAUTHN_NAME=2FAuth
      # Relying Party ID, should equal the site domain (i.e 2fauth.example.com).
      # If null, the device will fill it internally (recommended)
      # See https://webauthn-doc.spomky-labs.com/prerequisites/the-relying-party#how-to-determine-the-relying-party-id
      - WEBAUTHN_ID=null
      # Use this setting to control how user verification behave during the
      # WebAuthn authentication flow.
      #
      # Most authenticators and smartphones will ask the user to actively verify
      # themselves for log in. For example, through a touch plus pin code,
      # password entry, or biometric recognition (e.g., presenting a fingerprint).
      # The intent is to distinguish one user from any other.
      #
      # Supported:
      #   'required': Will ALWAYS ask for user verification
      #   'preferred' (default) : Will ask for user verification IF POSSIBLE
      #   'discouraged' : Will NOT ask for user verification (for example, to minimize disruption to the user interaction flow)
      - WEBAUTHN_USER_VERIFICATION=preferred
      #### SSO settings (for Socialite) ####
      # Uncomment and complete lines for the OAuth providers you want to enable.
      # - OPENID_AUTHORIZE_URL=
      # - OPENID_TOKEN_URL=
      # - OPENID_USERINFO_URL=
      # - OPENID_CLIENT_ID=
      # - OPENID_CLIENT_SECRET=
      # - GITHUB_CLIENT_ID=
      # - GITHUB_CLIENT_SECRET=
      # Use this setting to declare trusted proxied.
      # Supported:
      #   '*': to trust any proxy
      #   A comma separated IP list: The list of proxies IP to trust
      - TRUSTED_PROXIES=null
      # Proxy for outgoing requests like new releases detection or logo fetching.
      # You can provide a proxy URL that contains a scheme, username, and password.
      # For example, "http://username:password@192.168.16.1:10".
      - PROXY_FOR_OUTGOING_REQUESTS=null
      # Leave the following configuration vars as is.
      # Unless you like to tinker and know what you're doing.
      - BROADCAST_DRIVER=log
      - QUEUE_DRIVER=sync
      - SESSION_LIFETIME=120
      - REDIS_HOST=127.0.0.1
      - REDIS_PASSWORD=null
      - REDIS_PORT=6379
      - PUSHER_APP_ID=
      - PUSHER_APP_KEY=
      - PUSHER_APP_SECRET=
      - PUSHER_APP_CLUSTER=mt1
      - VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
      - VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
      - MIX_ENV=local```

[Bubka]

Hi,

No, you don't need to edit any .env file as long as you set your env vars in the environment: block of the docker-compose file.

Do you see any usefull error in the 2FAuth logs? (see 2fauth/storage/logs)

[wrekklol]

Sadly I'm not on my work PC anymore, but no, it says the mail was sent to the user with id 1 or something like that. :)

I have checked my spam folder in case you were wondering.

[Bubka]

Ok, so there is something wrong with the email configuration values. Did you try ssl in place of tls for the encryption method?

[wrekklol]

Hmm no, my smtp uses tls, but I can try tomorrow and see if it helps. :)

[Bubka]

You may also protect the MAIL_PASSWORD value with quotes if your pwd contains a #

[wrekklol]

You may also protect the MAIL_PASSWORD value with quotes if your pwd contains a #

Sadly didn't work, I also tried ssl with no luck. :(

EDIT: This is the entry in the log file: [2024-07-04 08:38:37] local.INFO: Notification of type App\Notifications\TestEmailSettingNotification sent via channel mail to user ID #1

I just tried having it just log the mail as well, and it prints the test mail just fine.

EDIT 2: I also changed from using docker compose to self hosted, and I still have the same issue. Not sure what I am doing wrong.

[Bubka]

Unfortunately it seems to be an issue with the email provider. Is it a public provider? I could try to configure it on my side with a test account.

[wrekklol]

Ah alright. This is the provider: https://mysmtp.com/

[Bubka]

Sorry I can't do anything, there is no free tier 😕 Maybe you could try to contact the mysmtp support?!

[wrekklol]

I'll try that, thanks for your help. I really appreciate it. :)

[koopernick]

Hello,

I'm having the same issue, I can't make the email notifications to work. I'm using fastmail as a relay. It's working fine with my other setup (proxmox and openmediavault notifications). I'm using the same variables here :

      - MAIL_HOST=smtp.fastmail.com
      - MAIL_PORT=587
      - MAIL_USERNAME=myusername
      - MAIL_PASSWORD=mypassword (only letter / number)
      - MAIL_ENCRYPTION=null
      - MAIL_FROM_NAME=2FAuth
      - MAIL_FROM_ADDRESS=random@mydomain
      - MAIL_VERIFY_SSL_PEER=true

From the log, I can only see

[2024-07-06 12:11:14] local.INFO: Notification of type Illuminate\Auth\Notifications\ResetPassword sent via channel mail to user ID #1

When activating the debug level, I see the content of the email

[2024-07-06 12:12:24] local.DEBUG: From: 2FAuth <xxx>
To: xxx
Subject: Reset Password Notification
MIME-Version: 1.0
Date: Sat, 06 Jul 2024 12:12:24 +0200
Message-ID: <xxx>
Content-Type: multipart/alternative; boundary=SN6ZegWu

--SN6ZegWu
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

2FAuth: https://xxx

# Hello!

You are receiving this email because we received a password reset request for your account.
[...]

Any help would be appreciated !

[koopernick]

OK nvm, I didn't notice the "MAIL_MAILER=log" default value.