Graylog is installed on Ubuntu 20.04. Can’t configure email notifications. I get the error:
"Error: Notification has email recipients and is triggered, but sending emails failed. Sending the email to the following server failed: <name server>"
Checked server availability via nc and telnet. Mail server name resolves. There are no errors in the log /var/log/graylog-server/server.log. Where can I see sending errors?
Help me please!
# Email transport
transport_email_enabled = true
transport_email_hostname = mail.example.com
transport_email_port = 587
transport_email_use_auth = true
transport_email_use_tls = true
transport_email_use_ssl = false
transport_email_auth_username = firstname.lastname@example.org
transport_email_auth_password = password
transport_email_subject_prefix = [graylog]
transport_email_from_email = email@example.com
Assuming that you are putting example.com in there just to obfuscate for this post… Is your e-mail server set up for TLS on port 587 connections from your graylog server? Does it require a username and password? (Some don’t). On Ubuntu you can telnet to port 587 on your mail server and manually step through the commands for TLS, username/pass, and try sending an e-mail to see what errors come up.
Thanks for the answer, @tmacgbay. Yes example.com to hide the real server. Our server supports TLS on port 587. Many other services send messages without problems, and Graylog doesn’t want to. I’ll try via telnet.
I checked on the server sending mail via telnet and a python script - everything works for me. And in Graylog I can’t configure it in any way. Maybe someone has some ideas?
When you say you tested, do you mean you tested sending mail via telnet on the host running Graylog? And it worked, but Graylog can’t send emails?
@ttsandrew: yes I meant it
What parameters did you use for the telnet connection?
Using telnet I checked the connection to the server - “telnet mail.server.com 465”. The connection was successful. Then I took a python script (https://www.zabbix.com/forum/filedata/fetch?id=313430) that I use in Zabbix and checked through it - also successfully.
Just checking but your original post says you are hitting port 587 and your latest tests against port 465. Also you have TLS on in your settings but in the sample python code you posted it defaults to off. These may be already things that you are accounting for…
It is unlikely that Graylog has a bug - seems to me it has to be a difference between the settings you have vs what your mail server allows.
@tmacgbay has said what I was getting at, your tests don’t reflect your implementation. Your telnet test is against port 465 and the python script you posted uses port 25. Are you sure that your mail server/relay listens on port 587 and that your Graylog server can submit mail via that port (firewall/ACL configs)?
Sorry, of course I’m checking port 587 - “telnet mail.server.com 587". I remade the Python script for my server. I can post it here, but it probably doesn’t make sense. Tried setting up Graylog for gmail.com mail and getting error too.If there were logs, it would be easier to find the error. Graylog has a script notifications setting. I wrote a script, but this option does not work in the community version.
You mention you set up a gmail account. You can’t just use username and password with them anymore, you have to generate application specific passwords. Is the server you were originally testing with an on premises exchange server? Have you tried other configurations, like SMTP without SSL/TLS via port 25? Or SSL/SMTPS on port 465? Often on premises exchange servers are configured with IPSec connectors in their internal server ranges and therefore don’t require username/password and basically allow you to do anything as long as you don’t end up tarpitted.
I think you may be able to increase logging output for email by turning up netty logging but I’ve never tried it.
@ttsandrew thanks for your answer and help. Our company has its own Exchange server and port 25 is closed and TLS is mandatory. IPsec is not used to connect to the server. On our other services, email notifications work without problems, but Graylog does not want to((
I’ll try to set up logging, thanks for the link.
Is your enterprise CA certificate in your Graylog cert store? If TLS is required the connection may be failing because the certificate can’t be validated by Graylog. If you created a certificate for HTTPS/secured inputs using your enterprise CA then this shouldn’t be the issue.
You may need to make sure your Graylog server is scoped properly (IP address listed) to the expected Receive Connector. If your Python script worked while running on your Graylog server and was able to send an e-mail and you received the test where you sent it then this is not an issue… thought I would bring it up anyway since you have a tuned up Exchange server.
No, I haven’t set up the work with the certificate yet. So far, I have only set up a single server to send logs to Graylog and decided to set up notification.
If TLS is required internally and Graylog can’t build a secure connection because it doesn’t trust the enterprise root CA then it won’t work. Trying adding the enterprise CA root certificate to the Graylog Java cert store. Or you can just add the exchange server directly, but presumably you’re going to set up HTTPS and secure inputs at some point and so you’ll want the enterprise root CA certificate to be in the store anyways.
And what @tmacgbay said too – make sure the connector isn’t locked down and preventing connection from your server’s IP.
@ttsandrew @tmacgbay Thank you - I will try to install the certificate.The Graylog server is located inside the corporate network and its address is not blocked.
Yesterday I installed the certificate - it didn’t help(( I’ll try some more ideas.
Why not install local postfix server, which will accept messages from graylog and relay them to real mail server. This way you have more option and better logging to setup communiation to smtp server. Point graylog to localhost port 25.
Use this howto, or similar, only replace
smtp.gmail.com with your real server.