Skip to main content
← All Guides
Plugin Config · 4 min read

AuthMe, Email Recovery Setup

Configure authme email recovery setup so players can reset forgotten passwords via email. Covers SMTP config, email templates, security settings, and troubleshooting.

Why Enable Email Recovery

On cracked or offline-mode servers running AuthMe, players forget their passwords constantly. Without a recovery option, staff waste time manually resetting passwords or players lose access to their accounts entirely. An authme email recovery setup lets players reset their own password through a verification email, reducing support tickets and improving account security.

If you have not installed AuthMe yet, see our AuthMe login security guide for the full setup walkthrough.

SMTP Configuration

AuthMe sends recovery emails through an SMTP server. You can use Gmail, a transactional email service like Mailgun or SendGrid, or your own mail server. Open plugins/AuthMe/config.yml and configure the email section:

# config.yml (AuthMe) - Email settings
Email:
  mailSMTP: smtp.gmail.com
  mailPort: 465
  mailAccount: [email protected]
  mailPassword: 'app-password-here'
  mailSenderName: 'Astroworld MC'
  useTls: true
  mailOAuth2Token: ''
  recoverPasswordLength: 8
  recoveryPasswordsTimeout: 60

For Gmail, you must use an App Password (not your regular password). Go to your Google account security settings, enable 2FA, then generate an app password for "Mail." Use that 16-character code as the mailPassword.

Using Mailgun or SendGrid

For production servers, a transactional email service is more reliable than Gmail (which has daily sending limits). The SMTP settings for Mailgun:

Email:
  mailSMTP: smtp.mailgun.org
  mailPort: 587
  mailAccount: [email protected]
  mailPassword: 'mailgun-smtp-password'
  mailSenderName: 'Astroworld MC'
  useTls: true

These services handle deliverability, spam filtering, and rate limiting for you. The authme email recovery setup works identically regardless of which SMTP provider you choose.

Email Template

AuthMe uses an HTML email template stored at plugins/AuthMe/email.html. Customize it with your server branding:

<!DOCTYPE html>
<html>
<body style="font-family: Arial, sans-serif;">
  <h2>Password Recovery</h2>
  <p>Hello <playername>,</p>
  <p>Your temporary password is: <b><generatedpass></b></p>
  <p>Log in with this password and change it immediately using <code>/changepassword</code>.</p>
  <p>If you did not request this, ignore this email.</p>
  <p>- Astroworld MC Staff</p>
</body>
</html>

The placeholders <playername> and <generatedpass> are replaced automatically by AuthMe when sending the email.

Player Commands

Once configured, players can register their email and recover their password:

/email add [email protected] [email protected]
/email recover [email protected]

The first command registers the email address (typed twice for confirmation). The second triggers the recovery email. Players receive a temporary password, log in with it, and then set a new password with /changepassword <temp> <new>.

Security Settings

Prevent abuse of the recovery system with rate limiting and cooldowns:

# config.yml
Email:
  recoveryPasswordsTimeout: 60      # minutes between recovery requests
  maxRegPerEmail: 1                  # accounts per email address
  recoverPasswordLength: 8          # length of generated password
  emailObbligatoire: false          # force email registration

Setting maxRegPerEmail to 1 prevents alt accounts from sharing recovery emails. If you want every player to have a recovery email, set emailObbligatoire to true, though this adds friction to the registration process. Balance security against player convenience for your server.

Testing the Setup

After configuring SMTP, test the email system:

/authme debug mail

This sends a test email to the configured admin address. If it fails, check the server console for SMTP errors. Common issues:

  • "Authentication failed": Wrong password or missing app password (Gmail requires app passwords, not regular ones)
  • "Connection refused" on port 465: Your hosting provider blocks outbound SMTP. Try port 587 with useTls: true, or contact your host about unblocking mail ports
  • Emails land in spam: Use a custom domain with SPF and DKIM records, or switch to a transactional email service

Forcing Email Registration

By default, email registration is optional. Players can skip it and lose their only recovery path. If you want to require an email address during registration, set emailObbligatoire: true in the AuthMe config. New players will be prompted to add an email before they can finish registering. Existing players without an email on file will be reminded each time they log in. This increases the effectiveness of your recovery system because every account has a valid recovery path from day one.

Summary

An authme email recovery setup takes about 10 minutes to configure and saves hours of manual password resets. Set up SMTP credentials, customize the email template, configure rate limits, and test with the debug command. For the complete AuthMe installation and security configuration, revisit the AuthMe login security guide.

Full config access on every plan: Astroworld Hosting, NVMe SSDs, Pterodactyl panel.

Related Tools & Resources

🔧

Minecraft Tools

Calculators, generators & server tools

🧱

Item Database

Browse all Minecraft items, stats & recipes

⚒️

Crafting Recipes

Visual crafting guides for every recipe