self signed docker mail server not working with self hosted bitwarden

Ask the Community Password Manager
, ,
1

Hello,

I am trying to set up bitwarden self hosted, offline (private closed network) with docker server mail.

Everything with self signed certificates, made by small step ca.

docker compose for bitwarden (generated by bitwarden.sh install)

services:
mssql:
image: Package mssql · GitHub
container_name: bitwarden-mssql
restart: always
stop_grace_period: 60s
volumes:

  • ../mssql/data:/var/opt/mssql/data
  • ../logs/mssql:/var/opt/mssql/log
  • ../mssql/backups:/etc/bitwarden/mssql/backups
    env_file:
  • mssql.env
  • ../env/uid.env
  • ../env/mssql.override.env

web:
image: Package web · GitHub
container_name: bitwarden-web
restart: always
volumes:

  • ../web:/etc/bitwarden/web
    env_file:
  • global.env
  • ../env/uid.env

attachments:
image: Package attachments · GitHub
container_name: bitwarden-attachments
restart: always
volumes:

  • ../core/attachments:/etc/bitwarden/core/attachments
    env_file:
  • global.env
  • ../env/uid.env

api:
image: Package api · GitHub
container_name: bitwarden-api
restart: always
volumes:

  • ../core:/etc/bitwarden/core
  • ../ca-certificates:/etc/bitwarden/ca-certificates
  • ../logs/api:/etc/bitwarden/logs
    env_file:
  • global.env
  • ../env/uid.env
  • ../env/global.override.env
    networks:
  • default
  • public

identity:
image: Package identity · GitHub
container_name: bitwarden-identity
restart: always
volumes:

  • ../identity:/etc/bitwarden/identity
  • ../core:/etc/bitwarden/core
  • ../ca-certificates:/etc/bitwarden/ca-certificates
  • ../logs/identity:/etc/bitwarden/logs
    env_file:
  • global.env
  • ../env/uid.env
  • ../env/global.override.env
    networks:
  • default
  • public

sso:
image: Package sso · GitHub
container_name: bitwarden-sso
restart: always
volumes:

  • ../identity:/etc/bitwarden/identity
  • ../core:/etc/bitwarden/core
  • ../ca-certificates:/etc/bitwarden/ca-certificates
  • ../logs/sso:/etc/bitwarden/logs
    env_file:
  • global.env
  • ../env/uid.env
  • ../env/global.override.env
    networks:
  • default
  • public

admin:
image: Package admin · GitHub
container_name: bitwarden-admin
restart: always
depends_on:

  • mssql
    volumes:
  • ../core:/etc/bitwarden/core
  • ../ca-certificates:/etc/bitwarden/ca-certificates
  • ../logs/admin:/etc/bitwarden/logs
    env_file:
  • global.env
  • ../env/uid.env
  • ../env/global.override.env
    networks:
  • default
  • public

icons:
image: Package icons · GitHub
container_name: bitwarden-icons
restart: always
volumes:

  • ../ca-certificates:/etc/bitwarden/ca-certificates
  • ../logs/icons:/etc/bitwarden/logs
    env_file:
  • global.env
  • ../env/uid.env
    networks:
  • default
  • public

notifications:
image: Package notifications · GitHub
container_name: bitwarden-notifications
restart: always
volumes:

  • ../ca-certificates:/etc/bitwarden/ca-certificates
  • ../logs/notifications:/etc/bitwarden/logs
    env_file:
  • global.env
  • ../env/uid.env
  • ../env/global.override.env
    networks:
  • default
  • public

events:
image: Package events · GitHub
container_name: bitwarden-events
restart: always
volumes:

  • ../ca-certificates:/etc/bitwarden/ca-certificates
  • ../logs/events:/etc/bitwarden/logs
    env_file:
  • global.env
  • ../env/uid.env
  • ../env/global.override.env
    networks:
  • default
  • public

nginx:
image: Package nginx · GitHub
container_name: bitwarden-nginx
restart: always
depends_on:

  • web
  • admin
  • api
  • identity
    ports:
  • ‘80:8080’
  • ‘443:8443’
    volumes:
  • ../nginx:/etc/bitwarden/nginx
  • ../letsencrypt:/etc/letsencrypt
  • ../ssl:/etc/ssl
  • ../logs/nginx:/var/log/nginx
    env_file:
  • ../env/uid.env
    networks:
  • default
  • public

networks:
default:
internal: true
public:
internal: false

its up and running. i can login into it (as a user to the vault. not the admin panel, because of non working smtp)

Browsing, I have been following this topic: Can't connect to self-hosted SMTP - #14 by jsaathof and topics adjacent to it. With them, I have modified my global.override.conf to this:

globalSettings__baseServiceUri__vault=https://vault.lab
globalSettings__baseServiceUri__cloudRegion=EU
globalSettings__sqlServer__connectionString=“Data Source=tcp:mssql,1433;Initial Catalog=vault;Persist Security Info=False;User ID=sa;Password=[password];Multiple Active Result Sets=False;Connect Timeout=30;Encrypt=True;Trust Server Certificate=True”
globalSettings__identityServer__certificatePassword=[password_cert]
globalSettings__internalIdentityKey=[Internal_Identity_key]
globalSettings__oidcIdentityClientKey=[oidcIdentityKey]
globalSettings__duo__aKey=[akey]
globalSettings__installation__id=[installation_id]
globalSettings__installation__key=[key]
globalSettings__mail__replyToEmail=no-reply@mail.lab
globalSettings__mail__smtp__host=mail.lab
globalSettings__mail__smtp__port=25
globalSettings__mail__smtp__ssl=false
globalSettings__mail__smtp__checkRevocation = false
globalSettings__mail__smtp__trustServer=true
globalSettings__mail__smtp__username=root@mail.lab
globalSettings__mail__smtp__password=[password]
globalSettings__disableUserRegistration=false
adminSettings__admins=admin@mail.lab

With these settings? at least i can get a success on bitswarden.sh checksmtp

But, when attempting to login to admin panel, the following happens:

  1. credentials input

  2. loads

  3. Looks like there’s a problem with this site

    https://vault.lab/login sent back an error.

    Error code: 404 Not Found

    • Check to make sure you’ve typed the website address correctly.

  4. if I (manually) go back to /admin: i can see a pop up on the upper right hand corner saying “The smtp server does not support authentication”

This is my docker mail server log:

2025-10-28T11:10:57.320504+01:00 mail dovecot: imap-login: Login: user=root@mail.lab, method=PLAIN, rip=192.168.236.1, lip=172.18.0.3, mpid=717515, TLS, session=<q/RiOzVCqMLAqOwB>
2025-10-28T11:11:28.040259+01:00 mail dovecot: imap(root@mail.lab)<717515><q/RiOzVCqMLAqOwB>: Disconnected: Logged out in=537 out=3610 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
2025-10-28T11:23:28.507283+01:00 mail postfix/postscreen[718845]: CONNECT from [192.168.236.125]:49910 to [172.18.0.3]:25
2025-10-28T11:23:28.507795+01:00 mail postfix/postscreen[718845]: PASS OLD [192.168.236.125]:49910
2025-10-28T11:23:28.537850+01:00 mail postfix/smtpd[718846]: connect from unknown[192.168.236.125]
2025-10-28T11:23:28.557863+01:00 mail postfix/smtpd[718846]: lost connection after EHLO from unknown[192.168.236.125]
2025-10-28T11:23:28.557945+01:00 mail postfix/smtpd[718846]: disconnect from unknown[192.168.236.125] ehlo=1 commands=1

this is my bitwarden-admin logs:
fail: Bit.Core.Utilities.LoggingExceptionHandlerFilterAttribute[0]
=> SpanId:6305a56b82572d61, TraceId:014599a685f330c02597dec35d95ed76, ParentId:0000000000000000 => ConnectionId:0HNGM0833UV36 => RequestPath:/admin/login RequestId:0HNGM0833UV36:00000001 => Bit.Admin.Auth.Controllers.LoginController.Index (Admin)
The SMTP server does not support authentication.
System.NotSupportedException: The SMTP server does not support authentication.
at MailKit.Net.Smtp.SmtpClient.ValidateArguments(Encoding encoding, ICredentials credentials)
at MailKit.Net.Smtp.SmtpClient.AuthenticateAsync(Encoding encoding, ICredentials credentials, CancellationToken cancellationToken)
at Bit.Core.Services.MailKitSmtpMailDeliveryService.SendEmailAsync(MailMessage message, CancellationToken cancellationToken) in /source/src/Core/Services/Implementations/MailKitSmtpMailDeliveryService.cs:line 112
at Bit.Core.Services.MailKitSmtpMailDeliveryService.SendEmailAsync(MailMessage message) in /source/src/Core/Services/Implementations/MailKitSmtpMailDeliveryService.cs:line 45
at Bit.Core.Services.HandlebarsMailService.SendPasswordlessSignInAsync(String returnUrl, String token, String email) in /source/src/Core/Services/Implementations/HandlebarsMailService.cs:line 467
at Bit.Admin.Auth.IdentityServer.PasswordlessSignInManager`1.PasswordlessSignInAsync(String email, String returnUrl) in /source/src/Admin/Auth/IdentityServer/PasswordlessSignInManager.cs:line 37
at Bit.Admin.Auth.Controllers.LoginController.Index(LoginModel model) in /source/src/Admin/Auth/Controllers/LoginController.cs:line 43
at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object arguments)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Logged|12_1(ControllerActionInvoker invoker)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
fail: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware[1]
=> SpanId:6305a56b82572d61, TraceId:014599a685f330c02597dec35d95ed76, ParentId:0000000000000000 => ConnectionId:0HNGM0833UV36 => RequestPath:/admin/login RequestId:0HNGM0833UV36:00000001
An unhandled exception has occurred while executing the request.
System.NotSupportedException: The SMTP server does not support authentication.
at MailKit.Net.Smtp.SmtpClient.ValidateArguments(Encoding encoding, ICredentials credentials)
at MailKit.Net.Smtp.SmtpClient.AuthenticateAsync(Encoding encoding, ICredentials credentials, CancellationToken cancellationToken)
at Bit.Core.Services.MailKitSmtpMailDeliveryService.SendEmailAsync(MailMessage message, CancellationToken cancellationToken) in /source/src/Core/Services/Implementations/MailKitSmtpMailDeliveryService.cs:line 112
at Bit.Core.Services.MailKitSmtpMailDeliveryService.SendEmailAsync(MailMessage message) in /source/src/Core/Services/Implementations/MailKitSmtpMailDeliveryService.cs:line 45
at Bit.Core.Services.HandlebarsMailService.SendPasswordlessSignInAsync(String returnUrl, String token, String email) in /source/src/Core/Services/Implementations/HandlebarsMailService.cs:line 467
at Bit.Admin.Auth.IdentityServer.PasswordlessSignInManager`1.PasswordlessSignInAsync(String email, String returnUrl) in /source/src/Admin/Auth/IdentityServer/PasswordlessSignInManager.cs:line 37
at Bit.Admin.Auth.Controllers.LoginController.Index(LoginModel model) in /source/src/Admin/Auth/Controllers/LoginController.cs:line 43
at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object arguments)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Logged|12_1(ControllerActionInvoker invoker)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ExceptionContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Logged|17_1(ResourceInvoker invoker)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Logged|17_1(ResourceInvoker invoker)
at Microsoft.AspNetCore.Routing.EndpointMiddleware.g__AwaitRequestTask|7_0(Endpoint endpoint, Task requestTask, ILogger logger)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.g__Awaited|10_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)

how can i get self signed (docker) mail server to work with self hosted bitwarden?

thank you!

Regards,

2

solved.

globalSettings__mail__smtp__port=587

and not

globalSettings__mail__smtp__port=25