I can’t seem to get my email alerts working. I downloaded and imported an OVA template to vmware. When I click test alert it says: Sending test alert notification failed with message: Sending the email to the following server failed : 10.1.1.80:25
If I tcpdump you can see the connection is being made when I hit test.
If I telnet to the exchange server from the command line it works just fine and I do get the email to my inbox
ubuntu@graylog:/opt/graylog/conf$ telnet 10.1.1.80 25
Trying 10.1.1.80…
Connected to 10.1.1.80.
Escape character is ‘^]’.
220 EXCHANGESERVER.local Microsoft ESMTP MAIL Service ready at Tue, 10 Apr 2018 08:09:45 -0500
HELO linuxserver
250 EXCHANGESERVER.local Hello [10.2.2.53]
MAIL FROM: graylog@dot com
250 2.1.0 Sender OK
RCPT TO:myemailaddress@dot com
250 2.1.5 Recipient OK
DATA
354 Start mail input; end with .
SUBJECT: sending a test email
Hello from this graylog test setup
.
250 2.6.0 <ace82be2-774f-4682-b17f-26d7272c1c24@EXCHANGESERVER local> [InternalId=5108656] Queued mail for delivery
quit
221 2.0.0 Service closing transmission channel
Connection closed by foreign host.
Is there any other logs on the system I can look at to see why it is failing? If I had to guess the exchange server is rejecting the test email alert.
if you redacted anything and haven’t done that at all levels the same way we can’t help you. But your telnet test wasn’t match the configuration in graylog.
redacted information is for privacy reasons not sure what you mean by “haven’t done that at all levels the same way”
telnet session is just to prove that I can communicate with my exchange server from the command line just fine. Its only from the graylog GUI where setting up an alert fails
That’s why I am here asking why it is not working The information is exactly the same. The GUI says it fails but doesn’t tell me why. very little for me to go off of.
Please post the necessary information again but this time redact only the necessary parts and most important, redact the information consistently. From your first post it’s pretty non-obvious which credentials and connection details you’ve been using.
What they’re saying is that your line:
transport_email_hostname = ipaddress
does not match your telnet session using IP: 10.1.1.80
If you redacted the transport_email_hostname, and then didn’t redact the IP in the telnet output, the redaction wasn’t useful, so maybe that wasn’t actually a redaction, maybe that’s what your conf file looks like.
If you didn’t redact it, and transport_email_hostname is set to ‘ipaddress’, then that’s the problem. It should be set to the IP you used in the telnet session.
From what you’ve posted, we can’t tell which it is.
When I posted originally it wouldn’t let me post because I was a new member, it said you are only allowed two links and it converted some of the information to URLs so I have to format it a little so it would let me post and I also had to remove our domain for privacy reasons.
The transport host name is the same in my telnet session sorry about all the confusion I will post my telnet results tomorrow time permitting been a little busy today, thanks for the help.
I had to use graylog-ctl script to configure SMTP relay. Then ensure that in Alerts GUI, I have no FROM email address set. Then notifications will work. This is for Graylog 2.4.0 appliance
Also remember that you need to explicitly state that you arent using TLS nor SSL for SMTP email. It seems by default the email channel from Graylog is in SSL.
What it says from the web browser when I select test alert.
Could not send test alert notification
Sending test alert notification failed with message: Sending the email to the following server failed : 10.1.1.80:25
2018-04-11_13:56:25.80509 onnect(SMTPTransport.java:748) ~[graylog.jar:?]
2018-04-11_13:56:25.80517 at javax.mail.Service.connect(Service.java:388) ~[graylog.jar:?]
2018-04-11_13:56:25.80935 at javax.mail.Service.connect(Service.java:246) ~[graylog.jar:?]
2018-04-11_13:56:25.81647 at javax.mail.Service.connect(Service.java:195) ~[graylog.jar:?]
2018-04-11_13:56:25.82210 at javax.mail.Transport.send0(Transport.java:254) ~[graylog.jar:?]
2018-04-11_13:56:25.82451 at javax.mail.Transport.send(Transport.java:124) ~[graylog.jar:?]
2018-04-11_13:56:25.82894 at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1459) ~[graylog.jar:?]
2018-04-11_13:56:25.83274 … 33 more
I run tail -f then hit test, this is what I see. let me dig some more