[User Management] How to invite users with SSL-less/unauthenticated SMTP server?

Describe the issue/error/question

I’d like to test out this new User Management feature and be able to invite users for collaboration.

The current way of using this feature involves sending out invitation emails by the owner, as far as I can tell.
The thing is I have my own self hosted SMTP server that is unauthenticated, nor does it use an SSL certificate of any kind.
I would like to disable the SSL/certificate check and the need for authentication on the n8n part.
How do I do that?

The documentation reveals the N8N_SMTP_SSL environment variable that I have set to false:

$ echo $N8N_SMTP_SSL
false

but I think that’s not it or it’s not working, because I’m still getting error messages like:

  • ResponseError: There is a problem with your SMTP setup! self signed certificate in certificate chain
  • ResponseError: There is a problem with your SMTP setup! certificate has expired
  • ResponseError: There is a problem with your SMTP setup! unable to get local issuer certificate

Or perhaps is there a way to skip configuring SMTP server altogether and just create accounts for the users with notifying them later manually?
Such would also work in my scenario.

My tests were conducted using the following docker images:

  • n8nio/n8n:0.171.0
  • n8nio/n8n:0.171.0-debian

Information on your n8n setup

  • n8n version: 0.171.0
  • Database you’re using (default: SQLite): SQLite
  • Running n8n with the execution process [own(default), main]:
  • Running n8n via [Docker, npm, n8n.cloud, desktop app]: Docker

Hi @zerkujukku, welcome to the community!

I am sorry you’re having trouble here. Are you by any chance trying to connect to the wrong port? The default N8N_SMTP_PORT used by n8n is 465 which often is used for SSL-SMTP communication. Is your SMTP relay possibly listening for unencrypted traffic on port 25 instead?

I am in the same case as you, self hosted SMTP on the same server as n8n.

I can’t manage to make n8n send invitations. The button is just light grey and this message “Set up SMTP before adding users (so that n8n can send them invitation emails)”

I can send mail via a workflow just by using the 25 port.

It is possible for n8n to send invitation with a self-host smtp ?

i did set theses variables :
N8N_EMAIL_MODE=smtp
N8N_SMTP_HOST=localhost
N8N_SMTP_PORT=25
[email protected] (not real value)

I also tried to set N8N_SMTP_USER and N8N_SMTP_PASS since the documentations tells they are required but the button is still grey

I do not use docker btw

Hi @kater, it looks like n8n would indeed require a few more variables before allowing users to be invited. However, when running a new docker container like using

docker run -it --rm --name n8n -p 5678:5678 -e [email protected] -e N8N_SMTP_PORT=25 -e N8N_SMTP_HOST=localhost -e N8N_EMAIL_MODE=smtp -e N8N_SMTP_USER=foo -e N8N_SMTP_PASS=bar n8nio/n8n:0.171.1

…the Invite button is enabled as expected:

Could you try setting all of the variables used in the above example and confirm if you’re still having any issues here? If so, can you confirm how exactly you are running n8n?

Hi @MutedJam

I am not using docker but using pm2 so maybe my method is wrong :slight_smile:

I did set variables in a systemd unit like this

[Unit]
Description=PM2 process manager
Documentation=https://pm2.keymetrics.io/
After=network.target

[Service]
Type=forking
User=n8n
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
Environment=PM2_HOME=/home/n8n/.pm2
Environment=N8N_LISTEN_ADDRESS=XXX
Environment=N8N_HOST=XXX
...

And then i start n8n like this (after i reloaded the systemctl deamon)

pm2 --update-env start n8n

It did work for setting others variables, so i assume it work but i don’t know what is the “correct” way to do this with pm2.

Thanks for your time

Hm, tbh I am not 100% sure what might be wrong here as I am not a pm2 user myself unfortunately.

From reading @harshil1712’s article on this process manager I think a pm2 restart command might be needed (pm2 restart n8n --update-env).

In the past this approach has worked with pm2: Cannot use variable with pm2 - #3 by MutedJam, as for checking the variables this looks like a suitable approach: Self Host - Where does ENV variables get saved? - #4 by pradilla

Hi all,

I have a similar issue to @kater but I am running under Docker. Using our email server without SSL or auth - it works fine for the Send Email node in a workflow (as long as I set the Ignore SSL Errors option !) but not for Invite Users.

I have set SSL=false in Environments etc. and provided a username and password (even tho SMTP server does not require it). As the Send Email node works but Invite User does not, I am guessing it has something to do with the IGNORE SSL ERROR option that I can set for the Send Email Node (and cannot set for the Invite Email).

Container logs (docker logs ) say “Failed to send email” and the web UI responds with “Couldn’t send invite email

Hope this sheds some light - would be great to crack this one !

Thanks
Si

1 Like

Hey @simon.lewis,

It could be down to the ignore SSL option not being there although if it is using 25 with SSL set to false it should only try to use SSL still if the server is claiming to support starttls. It could be that as well as an option to ignore self signed certificates we might also need an option to support fully unencrypted options.

Out of interest which mail server are you using? I should probably get something local set up for testing.

Hey Jon,
It’s Microsoft Exchange on-prem. Confirmed its using port 25 with TLS/SSL set to false.
Si

Hi @simon.lewis,

I don’t suppose the exchange server has StartTLS enabled does it?

Hi Jon,
Apparently not, no, but I suspect it does not matter as the SMTP communication is actually with an IIS server (does not actually touch Exchange). That is, it gets more complex as we actually use an IIS SMTP relay internally and that is what is configured for n8n to use. No TLS at all on that (and I checked) and it is configured for anonymous access.
S

Hey @simon.lewis,

That has got more complex :smile:

Out of interest when n8n says it can’t send the email what does the relay log? That could provide more of a hint on this one.

Good question ! … will see if I can find out.

Meanwhile, is there a way to ‘invite’ someone to the system and bypass the verification email thing ? I guess I just need to copy / construct whatever verification link gets sent out in the email ?

Thanks
Si

Hey @simon.lewis,

So what you could do is manually build out the sign up URL, It will be something like…

/signup?inviterId=ID_OF_INVITING_USER&inviteeId=ID_OF_INVITED_USER

From the database you can find both of these values as ID under the user table, It isn’t pretty but it would get you started.

1 Like

Thanks Jon - that worked ! Will update if I can get the SMTP logs …

Hi @Jon,
Example of a request logged at the SMTP relay …
Si
2022-04-19 03:33:49 163.7.22.59 [127.0.0.1] SMTPSVC1 V-ROT-aaa 163.7.18.150 0 EHLO - +[127.0.0.1] 250 0 217 16 0 SMTP - - - -
2022-04-19 03:33:49 163.7.22.59 [127.0.0.1] SMTPSVC1 V-ROT-aaa 163.7.18.150 0 STARTTLS - - 220 0 0 8 0 SMTP - - - -
2022-04-19 03:33:49 163.7.22.59 [127.0.0.1] SMTPSVC1 V-ROT-aaa 163.7.18.150 0 STARTTLS - - 220 0 29 8 0 SMTP - - - -
2022-04-19 03:33:49 163.7.22.59 [127.0.0.1] SMTPSVC1 V-ROT-aaa 163.7.18.150 0 EHLO - +[127.0.0.1] 250 0 277 16 0 SMTP - - - -
2022-04-19 03:33:49 163.7.22.59 [127.0.0.1] SMTPSVC1 V-ROT-aaa 163.7.18.150 0 MAIL - +FROM:[email protected] 250 0 117 33 0 SMTP - - - -
2022-04-19 03:33:49 163.7.22.59 [127.0.0.1] SMTPSVC1 V-ROT-aaa 163.7.18.150 0 RCPT - +TO:[email protected] 250 0 117 39 0 SMTP - - - -
2022-04-19 03:33:49 163.7.22.59 [127.0.0.1] SMTPSVC1 V-ROT-aaa 163.7.18.150 0 DATA - +[email protected] 250 0 282 671 47 SMTP - - - -
2022-04-19 03:33:49 163.7.22.59 [127.0.0.1] SMTPSVC1 V-ROT-aaa 163.7.18.150 0 QUIT - [127.0.0.1] 240 109 282 671 47 SMTP - - - -

Hey @simon.lewis,

That looks like it might have worked, I assume the 52877xxxxx is a message ID, That also shows the starttls command so it is enabled but it looks like it got past that :thinking:

Is there a debug option that can be enabled to get the full handshake?

Hi @MutedJam and thank you for the answer.

It is, but I believe I have configured my n8n instance accordingly, to actually use port 25.
Here is a excerpt from my docker-compose.yaml, from the environment section:

N8N_EMAIL_MODE: smtp
N8N_SMTP_HOST: <host>
N8N_SMTP_PORT: '25'
N8N_SMTP_USER: NA
N8N_SMTP_PASS: NA
N8N_SMTP_SENDER: <sender>
N8N_SMTP_SSL: "false"

And here is the corresponding printout from the environment from inside of my container:

N8N_EMAIL_MODE=smtp
N8N_SMTP_HOST=<host>
N8N_SMTP_PORT=25
N8N_SMTP_USER=NA
N8N_SMTP_PASS=NA
N8N_SMTP_SENDER=<sender>
N8N_SMTP_SSL=false

Does it look correct, if my intention is indeed to use port 25?

Also, should setting N8N_SMTP_SSL=false be enough if I want to use uencrypted traffic over to 25?
Somewhere down the discussion it has been suggested, that

so I guess it’s not yet there at this point?

I have been conducting part of my tests with using a mock SMTP server, which has nothing to do with SSL, but just listens for unencrypted traffic on port 25 and does not send out any actual emails, rather saving them to a file as EML instead. Extremely useful for testing services that send out emails. I don’t see any reason why n8n should not be able to cooperate with such arrangement, so that I can extract the invitation link from an EML file later.

Finally, is there perhaps a way to skip configuring SMTP server altogether and just create accounts for the users some other way with notifying them later manually?
Such would also work in my scenario.

Generally, right now I find myself in a situation were in order to use the user management feature I need to have an SMTP server configured in a particular way that I have no control over. In my particular use case it’s very limiting.

Thanks and appreciating every help.
Have a good day.

1 Like

Hello @Jon,

This method of manually building out the sign up URL got my interest but I’m having difficulties using it.
When I want to invite a user and I keep having problems related to my SMTP server configuration as I described in my original post at the very top (SSL issues in short), at the moment of an unsuccessful invite user button click there is no invitee record created in the user table in the database, so I have nowhere to get the invitee id from at that point.

Is there any way I can get around that?
At what point does this new user actually get created?

Thanks

Hi Jon,
Sorry but I am told that is all the info we can get.
Si