Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add checksmtp functionality for SMTP configuration verification #231

Open
wants to merge 9 commits into
base: main
Choose a base branch
from

Conversation

fer
Copy link
Contributor

@fer fer commented Mar 18, 2024

Description

Introduces the checksmtp command to the Bitwarden self-hosted management script, enabling administrators to easily verify the SMTP configuration directly from the command line. This functionality aims to streamline the troubleshooting process of email delivery issues by providing a quick and straightforward method to test the SMTP server connection, authentication, and secure communication.

Features

  • Validates the connection to the SMTP server specified in the global.override.env file, ensuring that the Bitwarden instance can communicate with the mail server.
  • Confirms the validity of the SMTP username and password, ensuring that Bitwarden is capable of authenticating with the SMTP server for email delivery.
  • Verifies the secure communication with the SMTP server, based on the SSL configuration globalSettings__mail__smtp__ssl to ensure that emails are sent over a secure channel.

Usage examples

To use this functionality, run the following command from the Bitwarden self-hosted script directory:

./bitwarden.sh checksmtp

When SMTP configuration is wrong:

SMTP authentication failed or connection error occurred.

When SMTP configuration is right:

SMTP settings are correct.

Testing

Please review this PR for inclusion in the next release of Bitwarden self-hosted. Your feedback and suggestions are welcome!

@bitwarden-bot
Copy link

bitwarden-bot commented Mar 18, 2024

Logo
Checkmarx One – Scan Summary & Details404a0a53-277f-481b-96d5-564e88dd38a3

No New Or Fixed Issues Found

Copy link
Member

@vgrassia vgrassia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would check to see if the openssl binary is available before calling it. Shouldn't the AUTH LOGIN section only execute if there is a username or password defined? This doesn't work on my self-host that doesn't use authentication. Also, I'm not sure every SMTP server returns 235 for a successful message, it could be any number of 2XX codes. How do we make sure it actually sent the message?

@fer
Copy link
Contributor Author

fer commented Mar 18, 2024

@vgrassia, thank you very much for your comments!

I've implemented the following enhancements:

  • Added a preliminary check to ensure openssl is installed before proceeding.
  • Modified the script to accept any 2xx SMTP status code as a successful response.
  • Modified the script to only attempt the AUTH section if both the username and password are provided and are not empty.

Currently, this script is designed to verify connectivity without sending any messages. However, I'm open to incorporating a feature to send a test message if we determine it's beneficial for our testing process.

Please let me know if you'd like me to proceed with that addition as your valuable suggestions.

@CLAassistant
Copy link

CLAassistant commented Sep 25, 2024

CLA assistant check
All committers have signed the CLA.

Copy link

sonarqubecloud bot commented Nov 4, 2024

@fer fer requested a review from a team as a code owner December 16, 2024 16:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants