Hi!
Graylog is installed on Ubuntu 20.04. Can’t configure email notifications. I get the error:
"Error: Notification has email recipients and is triggered, but sending emails failed. Sending the email to the following server failed: <name server>"
Checked server availability via nc and telnet. Mail server name resolves. There are no errors in the log /var/log/graylog-server/server.log. Where can I see sending errors?
Assuming that you are putting example.com in there just to obfuscate for this post… Is your e-mail server set up for TLS on port 587 connections from your graylog server? Does it require a username and password? (Some don’t). On Ubuntu you can telnet to port 587 on your mail server and manually step through the commands for TLS, username/pass, and try sending an e-mail to see what errors come up.
Thanks for the answer, @tmacgbay. Yes example.com to hide the real server. Our server supports TLS on port 587. Many other services send messages without problems, and Graylog doesn’t want to. I’ll try via telnet.
I checked on the server sending mail via telnet and a python script - everything works for me. And in Graylog I can’t configure it in any way. Maybe someone has some ideas?
Just checking but your original post says you are hitting port 587 and your latest tests against port 465. Also you have TLS on in your settings but in the sample python code you posted it defaults to off. These may be already things that you are accounting for…
It is unlikely that Graylog has a bug - seems to me it has to be a difference between the settings you have vs what your mail server allows.
@tmacgbay has said what I was getting at, your tests don’t reflect your implementation. Your telnet test is against port 465 and the python script you posted uses port 25. Are you sure that your mail server/relay listens on port 587 and that your Graylog server can submit mail via that port (firewall/ACL configs)?
Sorry, of course I’m checking port 587 - “telnet mail.server.com 587". I remade the Python script for my server. I can post it here, but it probably doesn’t make sense. Tried setting up Graylog for gmail.com mail and getting error too.If there were logs, it would be easier to find the error. Graylog has a script notifications setting. I wrote a script, but this option does not work in the community version.
You mention you set up a gmail account. You can’t just use username and password with them anymore, you have to generate application specific passwords. Is the server you were originally testing with an on premises exchange server? Have you tried other configurations, like SMTP without SSL/TLS via port 25? Or SSL/SMTPS on port 465? Often on premises exchange servers are configured with IPSec connectors in their internal server ranges and therefore don’t require username/password and basically allow you to do anything as long as you don’t end up tarpitted.
I think you may be able to increase logging output for email by turning up netty logging but I’ve never tried it.
@ttsandrew thanks for your answer and help. Our company has its own Exchange server and port 25 is closed and TLS is mandatory. IPsec is not used to connect to the server. On our other services, email notifications work without problems, but Graylog does not want to((
I’ll try to set up logging, thanks for the link.
Is your enterprise CA certificate in your Graylog cert store? If TLS is required the connection may be failing because the certificate can’t be validated by Graylog. If you created a certificate for HTTPS/secured inputs using your enterprise CA then this shouldn’t be the issue.
You may need to make sure your Graylog server is scoped properly (IP address listed) to the expected Receive Connector. If your Python script worked while running on your Graylog server and was able to send an e-mail and you received the test where you sent it then this is not an issue… thought I would bring it up anyway since you have a tuned up Exchange server.
No, I haven’t set up the work with the certificate yet. So far, I have only set up a single server to send logs to Graylog and decided to set up notification.
If TLS is required internally and Graylog can’t build a secure connection because it doesn’t trust the enterprise root CA then it won’t work. Trying adding the enterprise CA root certificate to the Graylog Java cert store. Or you can just add the exchange server directly, but presumably you’re going to set up HTTPS and secure inputs at some point and so you’ll want the enterprise root CA certificate to be in the store anyways.
@ttsandrew@tmacgbay Thank you - I will try to install the certificate.The Graylog server is located inside the corporate network and its address is not blocked.
Why not install local postfix server, which will accept messages from graylog and relay them to real mail server. This way you have more option and better logging to setup communiation to smtp server. Point graylog to localhost port 25.
Use this howto, or similar, only replace smtp.gmail.com with your real server.