Notification has email recipients and is triggered, but sending emails failed. Sending the email to the following server failed : mustafa.local:587

Hi,
I install the graylog and I got the logs. After that I want to send Email from the Graylog about this logs, but I can’t

I opened the TCP/25 and TCP/587 ports but it doesn’t worked. I am sharing the files below this case.

root@mustafa:/home/mustafa# telnet IP ADDRESS 587
Trying IP ADDRESS...
Connected to IP ADDRESS.
Escape character is '^]'.

root@mustafa:/home/mustafa# telnet IP ADDRESS 25
Trying IP ADDRESS...
Connected to IP ADDRESS.
Escape character is '^]'.

graylog/server/server.conf file:


# Email transport
transport_email_enabled = true
transport_email_hostname = mustafa.local
transport_email_port = 587
transport_email_use_auth = true
transport_email_use_tls = true
transport_email_use_ssl = false
transport_email_auth_username = alert
transport_email_auth_password = server
transport_email_auth_prefix = [graylog]
transport_email_web_interface_url = http://IP ADDRESS:9000
transport_email_from_email = alert@mustafa.local

Postfix File :
/etc/postfix/main.cf

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may

smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache


smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mustafa.local
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, mustafa, localhost.localdomain, , localhost
relayhost =
mynetworks = 10.X.X.X/24 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

masquerade_domains = mustafa.local

The Logs:

journalctl -xe | grep -i graylog

Dec 06 14:40:23 mustafa graylog-server[133941]: OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Dec 06 14:40:24 mustafa graylog-server[133941]: WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance.
Dec 06 14:40:27 mustafa graylog-server[133941]: WARNING: An illegal reflective access operation has occurred
Dec 06 14:40:27 mustafa graylog-server[133941]: WARNING: Illegal reflective access by retrofit2.Platform (file:/usr/share/graylog-server/graylog.jar) to constructor java.lang.invoke.MethodHandles$Lookup(java.lang.Class,int)
Dec 06 14:40:27 mustafa graylog-server[133941]: WARNING: Please consider reporting this to the maintainers of retrofit2.Platform
Dec 06 14:40:27 mustafa graylog-server[133941]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
Dec 06 14:40:27 mustafa graylog-server[133941]: WARNING: All illegal access operations will be denied in a future release
Dec 06 14:40:47 mustafa graylog-server[133941]: SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
Dec 06 14:40:47 mustafa graylog-server[133941]: SLF4J: Defaulting to no-operation (NOP) logger implementation
Dec 06 14:40:47 mustafa graylog-server[133941]: SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.

In addition I have the same issue with port 465 too

Thanks in advance

Hey @mustafa && Welcome

Not 100% sure what the issue is, but for troubleshooting purposes try using port 25 (i.e., localhost). ensure the port is opened on the firewall, and if you have SELinux/Apparmor enable check that.

You may want to post logs from Graylog and/or Postfix this may help.

My Lab set up is very simple , I’m using sendmail instead of postfix. With sendmail default uses “localhost” and port 25. The following is what I configured in Graylog server.conf file.

transport_email_enabled = true
transport_email_hostname = localhost
tansport_email_port = 25
transport_email_subject_prefix = [graylog]
transport_email_from_email = root@domain.com
transport_email_web_interface_url = https://192.168.1.100:9000

My Graylog Operations/Enterprise Docker I do use postfix to send email.

myhostname = localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = ansible.enseva-labs.net, ansible.enseva-labs.net, localhost.enseva-labs.net, localhost
relayhost =
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = 172.17.0.1 192.168.1.101
default_transport = smtp
relay_transport = smtp
inet_protocols = all
mynetworks = 172.17.0.4 172.17.0.3 172.17.0.2
root@ansible:/etc/postfix#

Hope that helps

2 Likes

Sorry I missed the port number, You you trying to use Gmail ( 587)

Try to enable TLS encrypted connection, use your real gmail account in from, and the correct smtp server address:

transport_email_hostname = smtp.gmail.com
transport_email_use_tls = true
transport_email_from_email = your_real_gmail_account@gmail.com

This post may help if your wanting to use Gmail

1 Like

Hi @gsmith ,

First of all appreciative for your response and sorry for my late response.

I tried what you said but unfortunately it is still not working :neutral_face:

I think I’m entering wrong information in “transport_email_hostname” and “transport_email_from_email” sections.

to tell the truth i don’t know exactly what value should i put there.
for example where can I find “domain.com” value ? or the other values

In addition I wrote the 587 port for testing purposes. I’m thinking of using port 25

thank you in advance for your help

1 Like

If you can, try it first without TLS on an unencrypted SMTP server. Once you have that working, then you can tighten it up with TLS. For troubleshooting, removing variables is always a good idea. Start basic and add on in steps.

2 Likes

Hello,

Like I post above using sendmail. Postfix should also work. Ensure the correct ports are opened on the firewall

I believe this is what @chris.black was referring to " basic" then work from there.

As shown above in my example you can use localhost for now till you can get it to work.

1 Like

First make sure you can access the email server from the Graylog server… outside of Graylog. Make sure you have encryption turned off on the email you are sending to for testing. You can use this link here to test to make sure you can connect and send e-mail from the local command line on your Graylog server. The link has a lot of detail in there but it gives you all you need to test the connection properly. Once that works, then you can work with and adjust your Graylog settings to make sure it works there as well. Once you have e-mail working and you start testing in Graylog you can watch the Graylog log files:

tail -f /var/log/graylog-server/server.log

Watch for related issues and post them here if you need help figuring out what they are saying.

3 Likes

Hi everyone,

thank you all for your help.
I tried to send mail on port 25 but it did not send mail and I tried to send mail on port 587 (with gmail) and it worked.

I am sharing my /etc/graylog/server/server.conf file to help other users.

transport_email_enabled = true
transport_email_hostname = smtp.gmail.com
transport_email_port = 587
transport_email_use_auth = true
transport_email_use_tls = true
transport_email_use_ssl = false
transport_email_auth_username = your gmail adress
transport_email_auth_password = google application password
transport_email_subject_prefix = [graylog]
transport_email_from_email = your gmail adress
transport_email_web_interface_url = http://Graylog server IP adress:9000
2 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.