Hi, I'm trying to make the email action work for office365 and I keep getting this error. I'm able to make the smtp work fine when I use the email output in my logstash config file but now I think I'd rather do it with Watcher.
"id": "send_email",
"type": "email",
"status": "failure",
"reason": "MessagingException[failed to send email with subject [Watcher Notification] via account [outlook_account]]; nested: SMTPSendFailedException
[550 5.7.60 SMTP; Client does not have permissions to send as this sender\n]; "
Here are my elasticsearch.yml and watcher actions
xpack.notification.email.account:
outlook_account:
profile: outlook
smtp:
auth: true ##I've tried to make false but same error
starttls.enable: true
host: smtp.office365.com ## instead of smtp-mail.outlook.com
port: 587
user: <username>
password: <password>
this is not a watcher error, but seems a configuration glitch. Your SMTP server is telling you Client does not have permissions to send as this sender - which means that this username, password combination are not allowed with the configured from address (at least that's what I understood). Maybe there is an additional step to allow this specifically instead of only supplying username/password (many email providers work like that)?
yes, something to allow sending email from other hosts - this varies per email provider and is also just a guess as I dont have concrete experience with office365.
Ok, so after trying every combination of field it works. For anyone looking to do any kind of email process with office365, it seems to be important to indicate the "from" field. The elasticsearch.yml field is the same that I posted above and in the watch, my action is:
"actions" : {
"send_email" : {
"email" : {
"from" : "<the same user as specified in the "user" field in the .yml>",
"to" : "<toUser>",
"subject" : "Watcher Notification",
"body" : "{{ctx.payload.hits.total}} error logs found"
}
}
}
just to get this right: So when configuring the exact samefrom address in the elasticsearch.yml configuration, sending email did not work. But it did work when put into the action directly? And there was no other change inbetween? I want to make sure that there is no bug on our side...
I didn't put a "from" address in the .yml, only in the action directly. On the action >> email page, it didn't say anything about putting a "from" address in the .yml nor do i know if one can. I just followed the instructions from that page and only included the auth, starttls.enabled, host, port user and password fields.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.