SMTP with STARTTLS


(César) #1

Good day dear Graylog community, I hope you’re having a good day.

I have an issue, I’m trying to configure a SMTP server but the enterprise SMTP server is working with STARTTLS and after graylog.conf configuration, the connection is unsuccessful:

Sending test alert notification failed with message: Sending the email to the following server failed : smtpservercompany:25

The graylog.conf is the next:

transport_email_enabled = true
transport_email_hostname = smtpservercompany
transport_email_port = 25
transport_email_use_auth = true
transport_email_use_tls = true
transport_email_use_ssl = true
transport_email_auth_username = domainuser
transport_email_auth_password = password
transport_email_subject_prefix = [graylog]
transport_email_from_email = domainuser@company.com

I can say that the authentication based on the domain user is working because I used Febooti (Tools -> Options… ->Email Server) and after the test I received the test mail, so no problem with user or domain.

I don´t know if there is a special configuration into Graylog in order to configure STARTTLS, this is my doubt, how can I configure Graylog for this purpose? I have tried different options (transport_email_use_ssl = false, installing sendmail locally) but no results.

I have to say that I downloaded virtual machine in OVA format.

Best regards and thanks in advance! :slight_smile:


#2

Are you sure SMTP server is using port 25 not 587


(Jan Doberstein) #3

This part of the docs might help you: http://docs.graylog.org/en/2.4/pages/configuration/server.conf.html#email


(César) #4

Yes, it’s part of the technical specifications that were provided me. Port: 25 even for STARTTL.


(César) #5

Thanks for your comment, Ok, I tried to configure the following in order to get STARTTL configuration:

  • `transport_email_enabled = false
  • `transport_email_hostname = mail. example. com
  • `transport_email_port = 25
  • `transport_email_use_auth = true
  • `transport_email_use_tls = true

So the configuration that I have into graylog.conf is:

transport_email_enabled = true
transport_email_hostname = smtpauth. mail. zzz. net
transport_email_port = 25
transport_email_use_auth = true
transport_email_use_tls = true
transport_email_use_ssl = false
transport_email_auth_username = xxxxx
transport_email_auth_password = yyyyy
transport_email_subject_prefix = [graylog]
transport_email_from_email = xxxxx @ zzz. com

But the configuration that I have in the graylog-settings.json file is the following:

{
“timezone”: “America/Mexico_City”,
“smtp_server”: “smtpauth. mail. zzz. net”,
“smtp_port”: 25,
“smtp_user”: “xxxxx”,
“smtp_password”: “yyyyy”,
“smtp_from_email”: “xxxxx @ zzz. com”,
“smtp_web_url”: “http :// graylog”,
“smtp_no_tls”: false,
“smtp_no_ssl”: true,
“master_node”: “127.0.0.1”,
“local_connect”: false,
“current_address”: “10.201.1.98”,
“last_address”: “10.201.1.98”,
“enforce_ssl”: true,
“journal_size”: 1,
“node_id”: false,
“internal_logging”: false,
“web_listen_uri”: false,
“web_endpoint_uri”: false,
“rest_listen_uri”: false,
“rest_transport_uri”: false,
“external_rest_uri”: false,
“custom_attributes”: {

}
}

When I modified transport_email_enabled = true to transport_email_enabled = false, and after I execute the command “graylog-ctl reconfigure” the line configuration is still transport_email_enabled = true and I understand that it should be “false”.

So, I don’t know where to modify “graylog-settings.json” or “graylog.conf” in order to get “false” for " transport_email_enabled" without self-changing after “graylog-ctl reconfigure” command.

Best regards :slight_smile:


(Jan Doberstein) #6

http://docs.graylog.org/en/2.4/pages/configuration/graylog_ctl.html#configuration-commands

sudo graylog-ctl set-email-config
<smtp server> [--port=<smtp port>
--user=<username>
--password=<password>
--from-email=<sender-address>
--web-url=<graylog web-interface url>
--no-tls --no-ssl]