Unable to get email alerts working

greyclear · April 10, 2018, 1:20pm

I can’t seem to get my email alerts working. I downloaded and imported an OVA template to vmware. When I click test alert it says: Sending test alert notification failed with message: Sending the email to the following server failed : 10.1.1.80:25

Here are my settings

transport_email_enabled = true
transport_email_hostname = ipaddress
transport_email_port = 25
transport_email_use_auth = true
transport_email_use_tls = true
transport_email_use_ssl = true
transport_email_auth_username = noreply@dot com
transport_email_auth_password = xxxxx
transport_email_subject_prefix = [graylog]
transport_email_from_email = graylog@example dot com

If I tcpdump you can see the connection is being made when I hit test.

If I telnet to the exchange server from the command line it works just fine and I do get the email to my inbox

ubuntu@graylog:/opt/graylog/conf$ telnet 10.1.1.80 25
Trying 10.1.1.80…
Connected to 10.1.1.80.
Escape character is ‘^]’.
220 EXCHANGESERVER.local Microsoft ESMTP MAIL Service ready at Tue, 10 Apr 2018 08:09:45 -0500
HELO linuxserver
250 EXCHANGESERVER.local Hello [10.2.2.53]
MAIL FROM: graylog@dot com
250 2.1.0 Sender OK
RCPT TO:myemailaddress@dot com
250 2.1.5 Recipient OK
DATA
354 Start mail input; end with .
SUBJECT: sending a test email
Hello from this graylog test setup
.
250 2.6.0 <ace82be2-774f-4682-b17f-26d7272c1c24@EXCHANGESERVER local> [InternalId=5108656] Queued mail for delivery
quit
221 2.0.0 Service closing transmission channel
Connection closed by foreign host.

Is there any other logs on the system I can look at to see why it is failing? If I had to guess the exchange server is rejecting the test email alert.

jan · April 10, 2018, 1:45pm

if you redacted anything and haven’t done that at all levels the same way we can’t help you. But your telnet test wasn’t match the configuration in graylog.

greyclear · April 10, 2018, 1:53pm

redacted information is for privacy reasons not sure what you mean by “haven’t done that at all levels the same way”

telnet session is just to prove that I can communicate with my exchange server from the command line just fine. Its only from the graylog GUI where setting up an alert fails

jan · April 10, 2018, 1:58pm

you have not tested the telnet session with the data that is present in your graylog configuration.

AFAIK it could be easy to not accept messages from @example.com by the Mail server configuration and is default at exchange.

Test with the same data you have configured in graylog - check your graylog server.log what is written if you hit the test notification button.

greyclear · April 10, 2018, 1:59pm

Information is the same

jochen · April 10, 2018, 3:09pm

If it was the same, it would work, wouldn’t it?

greyclear · April 10, 2018, 3:35pm

That’s why I am here asking why it is not working The information is exactly the same. The GUI says it fails but doesn’t tell me why. very little for me to go off of.

jan · April 10, 2018, 3:48pm

let me quote myself:

Test with the same data you have configured in graylog - check your graylog server.log what is written if you hit the test notification button.

Location of Logfiles are documented here: http://docs.graylog.org/en/2.4/pages/configuration/file_location.html#omnibus-package

jochen · April 10, 2018, 3:52pm

Please post the necessary information again but this time redact only the necessary parts and most important, redact the information consistently. From your first post it’s pretty non-obvious which credentials and connection details you’ve been using.

And of course what Jan already said twice:

Grakkal · April 10, 2018, 7:42pm

What they’re saying is that your line:
transport_email_hostname = ipaddress

does not match your telnet session using IP: 10.1.1.80

If you redacted the transport_email_hostname, and then didn’t redact the IP in the telnet output, the redaction wasn’t useful, so maybe that wasn’t actually a redaction, maybe that’s what your conf file looks like.
If you didn’t redact it, and transport_email_hostname is set to ‘ipaddress’, then that’s the problem. It should be set to the IP you used in the telnet session.

From what you’ve posted, we can’t tell which it is.

greyclear · April 10, 2018, 9:48pm

When I posted originally it wouldn’t let me post because I was a new member, it said you are only allowed two links and it converted some of the information to URLs so I have to format it a little so it would let me post and I also had to remove our domain for privacy reasons.

The transport host name is the same in my telnet session sorry about all the confusion I will post my telnet results tomorrow time permitting been a little busy today, thanks for the help.

jochen · April 11, 2018, 7:32am

Either properly format your text snippets (see Creating and highlighting code blocks - GitHub Docs) or use a pastebin service such as https://gist.github.com/ or https://0bin.net/ to share your configuration and text files.

ofentselogger · April 11, 2018, 11:08am

I had to use graylog-ctl script to configure SMTP relay. Then ensure that in Alerts GUI, I have no FROM email address set. Then notifications will work. This is for Graylog 2.4.0 appliance

ofentselogger · April 11, 2018, 11:12am

Also remember that you need to explicitly state that you arent using TLS nor SSL for SMTP email. It seems by default the email channel from Graylog is in SSL.

greyclear · April 11, 2018, 1:22pm

Here are two screenshots of the telnet results and my config. I have tried with SSL/TLS and without SSL/TLS

What it says from the web browser when I select test alert.

Could not send test alert notification
Sending test alert notification failed with message: Sending the email to the following server failed : 10.1.1.80:25

greyclear · April 11, 2018, 1:22pm

jochen · April 11, 2018, 1:35pm

Unless you provide the logs of your Graylog node(s) which have been requested three times now, we can’t help you.

This being said, you should take another look at what @ofentselogger wrote:

greyclear · April 11, 2018, 1:45pm

ubuntu@graylog:/opt/graylog/conf$ cd /var/log/graylog/server/
-bash: cd: /var/log/graylog/server/: Permission denied

ubuntu@graylog:/opt/graylog/conf$ cd /var/opt/graylog/data/journal
-bash: cd: /var/opt/graylog/data/journal: Permission denied

Reason I haven’t posted logs is because I cannot access them.

jochen · April 11, 2018, 1:53pm

They’re only readable for the root user.

Try changing to root via sudo -i first.

greyclear · April 11, 2018, 2:22pm

2018-04-11_13:56:25.80509 onnect(SMTPTransport.java:748) ~[graylog.jar:?]
2018-04-11_13:56:25.80517 at javax.mail.Service.connect(Service.java:388) ~[graylog.jar:?]
2018-04-11_13:56:25.80935 at javax.mail.Service.connect(Service.java:246) ~[graylog.jar:?]
2018-04-11_13:56:25.81647 at javax.mail.Service.connect(Service.java:195) ~[graylog.jar:?]
2018-04-11_13:56:25.82210 at javax.mail.Transport.send0(Transport.java:254) ~[graylog.jar:?]
2018-04-11_13:56:25.82451 at javax.mail.Transport.send(Transport.java:124) ~[graylog.jar:?]
2018-04-11_13:56:25.82894 at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1459) ~[graylog.jar:?]
2018-04-11_13:56:25.83274 … 33 more

I run tail -f then hit test, this is what I see. let me dig some more

Topic		Replies	Views
Unable to send emails notification Graylog Central (peer support) basic-configuration	13	3560	December 31, 2021
Could not send test alert notification Graylog Central (peer support)	2	1684	February 4, 2018
Unable to use gmail to send alerts Graylog Central (peer support)	3	3199	December 13, 2019
Email alert not working Graylog Central (peer support)	6	587	December 4, 2017
Alerts Not Sending Mails Graylog Central (peer support)	4	514	December 25, 2017

Unable to get email alerts working

Related topics