Skip to main content Notes about e-mail setup with Authentik : r/selfhosted
r/selfhosted icon
Go to selfhosted
•

Notes about e-mail setup with Authentik

Guide

I was watching this video that explains how to setup password recovery with Authentik, but the video creator didn't explain the email setup in this video (or any others).

I ended up commenting with him back and forth and got a bit more information in the comment section. That lead to a rabbit hole of trying to figure this out (and document it) for using gMail to send emails for Authentik password recovery.

The TL;DR is:

  • From the authentik documentation, copy and paste the block in this section to the .env file, which should be in the same directory as the compose file

  • Follow the steps here from Google on creating an app password. This will be in the .env file as your email credential rather than a password.

  • Edit the .env file with the following settings: 

# SMTP Host Emails are sent to
AUTHENTIK_EMAIL__HOST=smtp.gmail.com
AUTHENTIK_EMAIL__PORT=SEE BELOW
# Optionally authenticate (don't add quotation marks to your password)
[email protected]
AUTHENTIK_EMAIL__PASSWORD=gmail_app_password
# Use StartTLS
AUTHENTIK_EMAIL__USE_TLS=SEE BELOW
# Use SSL
AUTHENTIK_EMAIL__USE_SSL=SEE BELOW
AUTHENTIK_EMAIL__TIMEOUT=10
# Email address authentik will send from, should have a correct @domain
[email protected]

  • The EMAIL__FROM field seems to be ignored, as my emails still come from my gmail address, so maybe there's a setting or feature I have to tweak for that.

  • For port settings, only the below combinations work:

Port 25, TLS = TRUE

Port 487, SSL = TRUE

Port 587, TLS = TRUE

  • Do not try to use the smtp-relay.gmail.com server, it just straight up doesn't work.

My results can be summarized in a single picture:

https://imgur.com/a/h7DbnD0

Authentik is very complex but I'm learning to appreciate just how powerful it is. I hope this helps someone else who may have the same question. If anyone wants to see the log files with the various error messages (they are interesting, to say the least) I can certainly share those.

Reddit, wherever you are on your AI journey, get guidance from Microsoft Security to adopt AI safely
Learn More
microsoft.com
Thumbnail image: Reddit, wherever you are on your AI journey, get guidance from Microsoft Security to adopt AI safely
Sort by:
Best
Open comment sort options
•

Thanks, found I had to apply in docker to both the server and worker containers.

•

Would you mind sharing what your passed in your compose or confirm if you did this: 

environment:
  AUTHENTIK_EMAIL__HOST: ${AUTHENTIK_EMAIL__HOST}
 More replies More replies
•

Thank you for this clear explanation. It is very helpful and I could implement it correctly in one shot. I used the above information to update my .env file and recreated the containers. There is a small typo above, the SSL port is 465. I used the SSL settings. Once the authentik containers were up, I gave the following command from my terminal to test the setup and received an email from authentik successfully.

docker compose exec worker ak test_email <my email>

Thank you once again.

•

Very handy! I tested with normal docker with success:

docker exec <name of the worker container> ak test_email <my email>

More replies
• • Edited

For the gmail app password, are you including spaces? or is it just 16 character string

EDIT: no spaces

You sir are a gentleman and a scholar, thank you for taking the time to make that excel and sharing your work

•

Thank you :) Regarding the app password, it's exactly as it's provided by Google. I don't recall how many characters it is but I don't recall it having any spaces.

More replies
•

Thank you so much for sharing this information. Unfortuantley I receive the following error when I try to test the email function:

authentik@54af96da1315:/$ ak test_email [email protected]

File "/ak-root/venv/lib/python3.12/site-packages/sentry_sdk/integrations/socket.py", line 86, in getaddrinfo

return real_getaddrinfo(host, port, family, type, proto, flags)

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "/usr/local/lib/python3.12/socket.py", line 963, in getaddrinfo

for res in _socket.getaddrinfo(host, port, family, type, proto, flags):

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

socket.gaierror: [Errno -2] Name or service not known

Did you have any Idea, what that means?

More replies
Your one-stop solution for customer service, ensuring customer satisfaction with cost-effective plans & free migrations. Try now!
Read More
bolddesk.com
Thumbnail image: Your one-stop solution for customer service, ensuring customer satisfaction with cost-effective plans & free migrations. Try now!
[deleted]
•

Comment deleted by user

 •

If you haven't figured this out yet. Put your email config to server and worker containers environment.

•

Il faut d'abord activer un 2FA si ce n'est pas déjà le cas pour pouvoir configurer un mot de passe d'application (et que le lien fonctionne)