Sorry for the long message here but hope it helps others.
Information on your n8n setup
n8n version: 1.111.1
self-hosted instance (Google Cloud, AWS)
Runing n8n via Docker
Describe the problem/error/question
We’re reaching out to the community for some assistance with a persistent issue we’re facing on our self-hosted n8n instance (one in Google Cloud and another one in AWS), Both having the same issue.
What is the error message (if any)?
We’re trying to send user invitations to allow other users to use the n8n instance, but we’re consistently getting the following error:
Could not invite user
And in the n8n logs with the debug mode, we see a more detailed error:
Mail command failed: 530 Authentication required
We’ve been troubleshooting this for a while and have followed all the steps in the n8n documentation for user management. Here’s a summary of my setup and the steps we’ve taken:
n8n Setup: Self-hosted instance using docker-compose.yml.
Email Service: AWS SES (Simple Email Service).
AWS SES Status: Our domain and email addresses are verified and validated we’re currently using the AWS SES sandbox, and we’ve also verified the recipient’s email address to comply with sandbox restrictions.
Configuration: n8n environment variables as well as docker-compose.yml have been confirmed with correct SMTP configuration. And container has been restarted to make sure setting are taken.
Also validated by testing with commands in the terminal the SMTP-related environment variables used by n8n.
Connectivity: We have successfully tested the connection from my server to the AWS SES service, confirming that authentication is working properly from the server’s end.
Logs: We enabled debug mode in n8n and checked the logs. The error message is the same as what’s presented in the UI: Mail command failed: 530 Authentication required.
We’re confident that the server can connect and authenticate with AWS SES, which makes the n8n error particularly confusing.
We’re wondering if there’s a specific configuration detail we might be missing, or if anyone has successfully configured this functionality with self-hosted services and any email service such as AWS SES and could offer some guidance.
Major cloud providers like Google Cloud (GCP) and Amazon Web Services (AWS) block outbound traffic on SMTP port 25 by default. This is a critical security measure taken to combat spam and abuse. While it is often possible to request an unblock of port 25 from the cloud provider, it typically requires a detailed justification and is not the recommended approach for most use cases.
We’re searched the forums and looked for videos but haven’t found a detailed guide on this specific setup, so any insights would be incredibly helpful.
The easiest way to battle port 25 being blocked is not to use port 25 and instead use port 587 and 465.
While Google Cloud does block port 25 by default, it does not place any restrictions on traffic sent to external destination IP addresses using destination TCP ports 587 or 465, which is probably something you are using for your smtp configuration, right?
But most importantly, the error you are mentioning “530 Authentication required” points me to believe this is not about cloud providers blocking access to certain ports, but rather a problem with authentication. Why? Because the error “530 Authentication required” comes from the server, which means you are able to reach the server and when you are trying to authenticate the server declines this attempt stating that proper authentication wasn’t completed.
Yes, we have tested with ports 587 and 465 and switching the environment variables as required depending on the port used. With both ports we have the same issue.
N8N_SMTP_SSL=false N8N_SMTP_TLS=true
Also, We can confirm it is not an authentication issue as we have successfully tested the connection from my server to the AWS SES service, confirming that authentication is working properly from the server’s end.
If anyone has successfully configured this functionality with self-hosted services on Google Cloud or AWS, and this functionality of sending invites to users works well, hope they could offer some guidance. It does not have to be with AWS email service. Any solution will work for us.
Have you tried testing the same smtp configuration from a local machine running outside of the cloud or other corp environments? From your desktop/laptop at home maybe? Could you share which email provider you are using (that is failing)?
Let me clarify this functionality before we go any further as I just got a new n8n instance in AWS working and it also works in Hostinger VPS. They both do not have any SMTP settings in the environment variables .env file.
The behavior I see is not sending an email out to the user, instead when I send the invite, it says Invite link copied to clipboard - Send the invite link to your invitee for activation. If I send the link from my own email to the user, the user gets the invite link and by clicking on it he can then activate the user in my n8n instance as a Member because the Admin account type is only available for enterprise service and not the community edition with valid registered license.
Is that then how that functionality works instead of sending the email directly to the user with the link? If that is the functionality, I assume the SMTP settings are not needed since there is no email sent out?
Do you have instructions to configure the “Automatic” option? as it means then that the “Semi-manual” is working. And also as I assume the SMTP is required for password resets?