SMTP Configuration
OpenCVE relies on two main components to manage email notifications:
- Webserver: Handles emails related to user management (e.g., account creation, password resets, email changes).
- Scheduler: Manages emails for CVE notifications.
Each component requires separate SMTP configurations:
web/opencve/conf/settings.py
for the webserverscheduler/airflow.cfg
for the scheduler
The steps below will help you test email functionality and troubleshoot any issues.
Webserver
Configuration
You may need to change the email settings to use you own smtp relay, otherwise the emails are displayed in the webserver logs.
To specify your smtp, add the following lines inside the web/opencve/conf/settings.py
file:
# Email backend
EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
EMAIL_HOST = "smtp.example.com"
EMAIL_HOST_USER = "user"
EMAIL_HOST_PASSWORD = "password"
EMAIL_PORT = 587
EMAIL_USE_TLS = True
DEFAULT_FROM_EMAIL = "OpenCVE.dev <no-reply@example.com>"
Info
You can follow this Django documentation to customize your email backend.
If you keep the default email backend (i.e django.core.mail.backends.console.EmailBackend
), you can consult the emails with the docker logs
command:
$ docker logs webserver
Try it
The simplest way to verify the webserver's SMTP configuration is by triggering a password reset email.
-
Navigate to the https://your-instance/settings/password/reset/ URL
-
Enter the email address of the user you created during the initial setup
If you do not receive the email, check the webserver
logs for error messages:
$ docker logs -f webserver
[...]
ConnectionRefusedError: [Errno 111] Connection refused
172.18.0.3 - - [05/Jan/2025:09:38:40 +0000] "POST /settings/password/reset/ HTTP/1.0" 500 145 "http://localhost/settings/password/reset/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
This will provide insights into potential configuration issues.
Scheduler
Configuration
The SMTP configuration of the scheduler component can be set in the scheduler/airflow.cfg
file:
# The base URL of the OpenCVE webserver
web_base_url = <your_listening_ip or fqdn>
# The SMTP server used to send the email notifications
notification_smtp_host = smtp.example.com
notification_smtp_user = user
notification_smtp_password = password
notification_smtp_mail_from = john@example.com
notification_smtp_port = 587
notification_smtp_use_tls = True
notification_smtp_start_tls = False
notification_smtp_validate_certs = True
notification_smtp_timeout = 30
Try it
A dedicated DAG named check_smtp
has been created for debugging the scheduler’s SMTP configuration.
First create a user if not already done:
$ docker exec -it airflow-webserver airflow users create --username admin --email admin@localhost --firstname John --lastname Doe --role Admin
Password:
Repeat for confirmation:
[2025-01-05T10:12:30.463+0000] {override.py:1458} INFO - Added user admin
User "admin" created with role "Admin"
Then access the Airflow UI in your browser (default port: 8080, as per the Deployment & Setup guide) and trigger the check_smtp
DAG:
Provide an email address where the test email will be sent:
If everything is correctly configured, you should receive a test email:
If any issues persist, use the logs to diagnose and resolve the problem: