Hi community

I cannot figure out what’s going on here. Am trying to test email alerting and get the following message.
I’ve tried telnet and its all allowed.

Error: Notification has email recipients and is triggered, but sending emails failed. Sending the email to the following server failed : smtp-relay.gmail.com:587

Email transport

transport_email_enabled = true
transport_email_protocol = smtp
transport_email_hostname = smtp-relay.gmail.com
transport_email_port = 587
transport_email_use_auth = true
transport_email_auth_username = noreply@xxxxxxx.com
transport_email_auth_password = xxxxxxxxxxx
transport_email_subject_prefix = graylog2
transport_email_from_email = graylog@xxxxxx.com
transport_email_web_interface_url = http://10.89.0.11:9000
transport_email_use_tls = true
transport_email_use_ssl = false

Any advise or suggestion is much appropriated.

hello && welcome!

There are a bunch of posts in the community about sending e-mail via gmail - maybe one of those will help? If you find the answer in them, be sure to post and mark it here since some of those are missing the “Solution”. If you don’t find a solution, let me know what you tried and we can troubleshoot more.

Hello, I’ve had a look on those posts, and i’ve pretty much used the same config that i’ve posted above.

Non of them seems to work. The logs aren’t much use either, as I can’t see any email related logs.
Any further advise would be much appreciated

try using telnet to the mail port from the machine. If you can’t get that to work - the issue is not in Graylog…

Hi

Ive aleady tested this prior.
I can connect to the mail port via telnet.

Kind regards

Ach, missed that. is the wording in your original post the exact wording of the error? Where do you see it appearing? Do you see anything coming up in the graylog logs?

perhaps from e-mail address may need to match the auth?

This is when I do a test

image2798×442 45.8 KB

Output of telnet
root@ip-10~# telnet smtp-relay.gmail.com 587
Trying 74.125.193.28…
Connected to smtp-relay.gmail.com.
Escape character is ‘^]’.
220 smtp-relay.gmail.com ESMTP l21sm21sssssss.31 - gsmtp

Couldn’t see anything on the logs - /var/log/graylog-server/server.log

I also tried changing the sender email address to the auth one, but get the same error

Kind regards

Hmmm…

Have you set up the gmail account to allow external e-mail to relay through? Do you have other systems that e-mail through this account?

yeah this email is used by various prod firewalls, etc. All able to send email notifications.
So can’t suspect it’s an issue on the gmail replay end.
Not been able to see any logs also puzzles me.

I transferred your settings onto my system and spent the morning coffee playing with it. I was getting the same error and realized it was likely because I had 2FA set up on my gmail account. I went in and generated an app password for gmail which got me through the error only to be blocked by my own firewall rule that only allows e-mail via authorized systems… more change than I am willing to test out. Since you have other systems happily accessing Gmail, this is likely not the solution, but maybe it will jostle some area you have where the fix is?

Thanks for taking time to investigate, much appreciated. though I was going mad. yeah we have done everything from the gmail side, less secure apps enabled, as well as 2fa disabled for this email.
Will prob have to think about what notification method we could use, slack, opsgenie,etc.
or a postfix server

Kind regards

My next suggestion was to use/build something internal - if you find a solution, post it for future searches… and my own curiosity. Good luck!

A big facepalm from this end . The issue wasn’t anything to do with Graylog, but a simple password typo.
correcting it worked like a charm… And a big thank you, you last comment, and prompt, and timely response. made me re-check my entire config

Out of courtesy have posted the working config - also if your using gsuite as your IDP, you need to whitelist the IP of the server, ours was in AWS, so Nat Gateway Public IP.
Apps → Google Workspace - > Settings for Gmail → Routing
under SMTP relay service
edit - and add your IP address

image1180×628 38.7 KB

• also turning off 2fa, and enabling less secure apps on gmail.

Config
/etc/graylog/server/server.conf - > working config

transport_email_enabled = true
transport_email_protocol = smtp
transport_email_hostname = smtp-relay.gmail.com
transport_email_port = 587
transport_email_use_auth = true
transport_email_auth_username = noreply@company.com
transport_email_auth_password = password
transport_email_subject_prefix = Graylog-Syslog-Alerts
transport_email_from_email = graylog@company.com

transport_email_use_tls = true
transport_email_use_ssl = false

Kind regards

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.