Challenges getting the ProtonMail bridge to work with Paperless-NGX

[ZuluPilgrim]

I have used the following to setup the ProtonMail Bridge to work with Paperless.

version: "3.4"

networks:
  my-network:

services:
  broker:
    image: docker.io/library/redis:7
    restart: unless-stopped
    networks:
      - my-network
    volumes:
      - redisdata:/data

  db:
    image: docker.io/library/postgres:15
    restart: unless-stopped
    networks:
      - my-network
    volumes:
      - pgdata:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: paperless
      POSTGRES_USER: paperless
      POSTGRES_PASSWORD: paperless

  webserver:
    image: ghcr.io/paperless-ngx/paperless-ngx:latest
    restart: unless-stopped
    networks:
      - my-network
    depends_on:
      - db
      - broker
      - gotenberg
      - tika
    ports:
      - "8000:8000"
    volumes:
      - data:/usr/src/paperless/data
      - media:/usr/src/paperless/media
      - ./export:/usr/src/paperless/export
      - ./consume:/usr/src/paperless/consume
    env_file: docker-compose.env
    environment:
      PAPERLESS_REDIS: redis://broker:6379
      PAPERLESS_DBHOST: db
      PAPERLESS_TIKA_ENABLED: 1
      PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
      PAPERLESS_TIKA_ENDPOINT: http://tika:9998
      PAPERLESS_OCR_USER_ARGS: '{"invalidate_digital_signatures": true}'

  gotenberg:
    image: docker.io/gotenberg/gotenberg:7.10
    restart: unless-stopped
    networks:
      - my-network

    # The gotenberg chromium route is used to convert .eml files. We do not
    # want to allow external content like tracking pixels or even javascript.
    command:
      - "gotenberg"
      - "--chromium-disable-javascript=true"
      - "--chromium-allow-list=file:///tmp/.*"

  tika:
    image: ghcr.io/paperless-ngx/tika:latest
    restart: unless-stopped
    networks:
      - my-network

  protonmail-bridge:
    image: shenxn/protonmail-bridge
    ports:
      - 1025:25/tcp
      - 1143:143/tcp
    restart: unless-stopped
    networks:
      - my-network
    volumes:
      - protonmail:/root
volumes:
  data:
  media:
  pgdata:
  redisdata:
  protonmail:
    name: protonmail

I followed this approach after reading: https://www.richardneililagan.com/posts/paperless-ngx-with-proton-mail/ ).

Paperless requires the below values but when I hit test I am told it cannot connect to the mail server. What should I try for the IMAP server address or is there something else that I am missing?

[ZuluPilgrim]

I re-read the origional bog, removed the port mappings in docker an IMAP port 143 with IMAP Security set to NONE (as explained in the blog).

When I looked at the docker logs, I now get

ERRO[Apr  7 10:00:55.236] Command failed                                cmd="LOGIN 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' <PASSWORD>" error="no such user" pkg=gluon/session session=9
ERRO[Apr  7 10:00:55.236] Incorrect login credentials.                  pkg=imap sessionID=9 username=email@mail.com
An IMAP login attempt failed for user email@mail.com

But the user does exist.

The incorrect login credentials might have something to do with MFA as I can't see how to get that to work with Paperless.

[ZuluPilgrim]

Change encryption to STARTTLS in paperless and now get the following error there:

ERRO[Apr  7 18:55:09.492] Cannot upgrade connection                     error="local error: tls: bad record MAC" pkg=gluon/session session=66
2024/04/07 18:55:09 socat[151] E write(6, 0x55e616f08000, 24): Broken pipe

The abovementioned blog states

Another thing I had to do was patch the bridge container so that the base build image uses golang:1.20 instead of what it's currently using. I haven't dived too deeply into it, but the current master on project does not build, since the Proton bridge codebase now seems to require at least Go 1.20.

So it looks like I need to work out how to do that.

[ZuluPilgrim]

Got it working without doing the golang upgrade. Just paid more attention to ALL the other comments in the original blog.

[m1212e]

Although the article is worth a read, for future visitors:

Switching the IMAP Security to off was what did the trick for me:

[Neriderc]

I just want to add a more full explanation for future visitors to explain how I got it to work. Here's a screen shot:

Key things:

• IMAP server: The name of your docker container as per docker ps
• IMAP port: This is 143 which this docker image maps to, not 1143 that Proton bridge tells you to use
• IMAP security: Set to No encryption
• Username and password: Not your actual login details. These are provided by Proton bridge when you run the info command, after you've run the init step as per the readme of this repo.

Remember your paperlessngx and protonmail-bridge containers need to be on the same docker network.

If it's not working, one troubleshooting step I found helpful is to test the connection.

Dive into paperless container: docker exec -it paperless /bin/sh

Install telnet: apt install telnet

(if it can't be found, run apt update then retry)

Test connection: telnet proton_bridge-protonmail-bridge-1 143

If you get an error about domain resolution, then the containers can't talk to each other and you need to fix your docker networks.