Message: hello 😉

Is there any way to setup SMTP on a existing OpenCVE instance?

You can update the conf when you want and restart the docker stack to load the new settings.

I also would like to test the SMTP mailing, is there an easy way to do this?

For the web component you can simply try the reset password feature, it will send you an email. For the scheduler component the only way is to receive real notifications. You can subscribe common vendors (linux & microsoft for example) with low notification rules, you will quickly receive an email ^^

Message: hello 😉

Is there any way to setup SMTP on a existing OpenCVE instance?

You can update the conf when you want and restart the docker stack to load the new settings.

I also would like to test the SMTP mailing, is there an easy way to do this?

For the web component you can simply try the reset password feature, it will send you an email. For the scheduler component the only way is to receive real notifications. You can subscribe common vendors (linux & microsoft for example) with low notification rules, you will quickly receive an email ^^

Thank you for the reply. I also have some problems with email notifications. When I test it with password reset/account's email confirmation it works - I receive the emails. However, I do not receive any CVE reports' emails. I have set it up more than 10 days ago and my mailbox is empty (checked spam).

I have a lot of subscriptions: ~30 vendors including entire Microsoft and Linux. Alert settings are also configured.
Nothing interesting in docker compose logs. The only regular error is this:

airflow-webserver | [2025-01-04 13:30:46 +0000] [13] [INFO] Handling signal: ttin
airflow-webserver | [2025-01-04 13:30:46 +0000] [110859] [INFO] Booting worker with pid: 110859
airflow-webserver | [2025-01-04 13:30:47 +0000] [13] [INFO] Handling signal: ttou
airflow-webserver | [2025-01-04 13:30:47 +0000] [108452] [INFO] Worker exiting (pid: 108452)
airflow-webserver | [2025-01-04 13:30:48 +0000] [13] [ERROR] Worker (pid:108452) was sent SIGTERM!

Hello, I have the same problem on my installation. Application emails (e.g. password reset) work fine, but I'm not getting any notifications. The configurations (server, user...) are identical. I'm not sure what to check?

Hello, i am having the same issue than @yusben
Works fine for password resetting, but do not receive any email report/alert.
I use mail relay as SMTP config, which is correct (works for pwdreset)

Hello, i am having the same issue than @yusben Works fine for password resetting, but do not receive any email report/alert. I use mail relay as SMTP config, which is correct (works for pwdreset)

5137 | 2025-01-07, 23:00:11 | opencve | notifications.send_notifications | success | 2025-01-07, 22:00:00 | airflow

Here is what i can find in audit logs, which would indicates that the operation of sending notification works correctly, meanwhile, no mail is sent.
There is no revelant logs in airflow docker logs, neither on webserver logs

Hello everyone,

We understand that testing the SMTP configuration of the scheduler while waiting for actual CVE changes is not ideal. To address this, we’ve created a new DAG (a workflow in Airflow) that allows you to test your scheduler's SMTP configuration by sending a test email.

You can find the documentation here: Testing SMTP Configuration.

This guide explains how to configure the SMTP settings and test them to ensure everything works correctly. If there’s a misconfiguration, the logs will display the error, allowing you to adjust your settings and resolve the issue.

You can use this new DAG by installing a fresh instance of OpenCVE based on the master branch:

./install -r master

Send an email

Receive the test email

@ncrocfer
Thank you for the provided solution. I checked it.
Just to be sure, I have used a clean Ubuntu 22 Server with Docker and followed deployment steps with the amendment of ./install.sh -r master. Actually it is only this command after cloning the repo. I did not do anything else.

The new DAG appeared. Have set SMTP settings in scheduler/airflow.cfg as well and restarted the stack.

As a result check_smtp DAG fails and in logs of its task I see this:

This is quite default ubuntu and docker installation. Both host and containers for example can execute successfully curl 2ip.io, so no issues with DNS. Maybe I need to verify container names or hostnames in docker compose yaml, but I have not touched it at all.

Googled this Temporary failure in name resolution problem and realised, that 2 GB RAM is not enough according to Airflow system requirements. In spite of the fact, that only 1G was occupied on my VM, I extended RAM up to 8 GB and increased cores from 4 to 8 just in case. The error Temporary failure in name resolution was gone and I saw the actual reason in logs:"The start_tls and use_tls options are not compatible."

In airflow.cfg I configured SMTP settings under [smtp] section. Did not realise, that this file contains two different SMTP settings sections (awesome...). So, there was another place with SMTP settings under [opencve] section. Put my SMTP settings there and test DAG started to work - received a test email.

This article https://docs.opencve.io/guides/smtp_configuration/#scheduler contains correct instructions, but it never mentions, that there are other SMTP settings in this config. So, when you open the config file, firstly you see the wrong SMTP settings section. Thus, to avoid similar mistakes it would be great to have something like "The SMTP configuration of the scheduler component can be set in the scheduler/airflow.cfg file under [opencve] section:"

Of course, this is only my use case and peculiarity, that I do not read every line of instructions for SMTP and comments in config file thoroughly since I do not expect any trickery in such typical settings.
Will see if the actual CVE notifications will come. Thank you!