Skip to content

SMTP Configuration

OpenCVE relies on two main components to manage email notifications:

  1. Webserver: Handles emails related to user management (e.g., account creation, password resets, email changes).
  2. Scheduler: Manages emails for CVE notifications.

Each component requires separate SMTP configurations:

  • web/opencve/conf/settings.py for the webserver
  • scheduler/airflow.cfg for the scheduler

The steps below will help you test email functionality and troubleshoot any issues.

Webserver

Configuration

You may need to change the email settings to use you own smtp relay, otherwise the emails are displayed in the webserver logs.

To specify your smtp, add the following lines inside the web/opencve/conf/settings.py file:

# Email backend
EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"

EMAIL_HOST = "smtp.example.com"
EMAIL_HOST_USER = "user"
EMAIL_HOST_PASSWORD = "password"
EMAIL_PORT = 587
EMAIL_USE_TLS = True

DEFAULT_FROM_EMAIL = "OpenCVE.dev <no-reply@example.com>"

Info

You can follow this Django documentation to customize your email backend.

If you keep the default email backend (i.e django.core.mail.backends.console.EmailBackend), you can consult the emails with the docker logs command:

$ docker logs webserver

Try it

The simplest way to verify the webserver's SMTP configuration is by triggering a password reset email.

  1. Navigate to the https://your-instance/settings/password/reset/ URL

  2. Enter the email address of the user you created during the initial setup

Reset Password

If you do not receive the email, check the webserver logs for error messages:

$ docker logs -f webserver
[...]
ConnectionRefusedError: [Errno 111] Connection refused
172.18.0.3 - - [05/Jan/2025:09:38:40 +0000] "POST /settings/password/reset/ HTTP/1.0" 500 145 "http://localhost/settings/password/reset/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"

This will provide insights into potential configuration issues.

Scheduler

Configuration

The SMTP configuration of the scheduler component can be set in the scheduler/airflow.cfg file:

# The base URL of the OpenCVE webserver
web_base_url = <your_listening_ip or fqdn>

# The SMTP server used to send the email notifications
notification_smtp_host = smtp.example.com
notification_smtp_user = user
notification_smtp_password = password
notification_smtp_mail_from = john@example.com
notification_smtp_port = 587
notification_smtp_use_tls = True
notification_smtp_start_tls = False
notification_smtp_validate_certs = True
notification_smtp_timeout = 30

Try it

A dedicated DAG named check_smtp has been created for debugging the scheduler’s SMTP configuration.

First create a user if not already done:

$ docker exec -it airflow-webserver airflow users create --username admin --email admin@localhost --firstname John --lastname Doe --role Admin
Password:
Repeat for confirmation:
[2025-01-05T10:12:30.463+0000] {override.py:1458} INFO - Added user admin
User "admin" created with role "Admin"

Then access the Airflow UI in your browser (default port: 8080, as per the Deployment & Setup guide) and trigger the check_smtp DAG:

Trigger check-smtp DAG

Provide an email address where the test email will be sent:

Fill check-smtp param

If everything is correctly configured, you should receive a test email:

Email check-smtp

If any issues persist, use the logs to diagnose and resolve the problem:

Display check-smtp logs