When you say "create new Web Users in the backend", do you mean by running this command:
docker-compose exec service odk-cmd --email YOUREMAIL@ADDRESSHERE.com user-create
or on the Central website as described here: https://docs.getodk.org/central-users/#creating-a-web-user
Do the Central server audit logs show "user create" actions?
Are you resetting the password via the web interface?
For a previous issue with Let's Encrypt, @yanokwa had me run:
cd ~;
docker cp nginx:/var/log/letsencrypt/ /tmp/letsencrypt_logs;
tar -zcvf letsencrypt_logs.tar.gz /tmp/letsencrypt_logs;
I'm not sure if there are mail server specific logs that can be pulled?