Logstash doesn't send any emails

Bob04 · July 5, 2017, 5:53pm

I am using Logstash-email output with the following configuration:

  email {
    to => "..."
    subject => "..."
    port => 25
    via => "smtp"
    body => "%{message}"
  }

But I didn't receive any email.

telnet localhost 25 shows this:

# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 <host_name> ESMTP Postfix

Are there any errors in my config file?

magnusbaeck · July 5, 2017, 5:58pm

If Logstash has problems sending email it'll tell you about it in its log.

Bob04 · July 5, 2017, 6:00pm

I checked the logs and didn't find any error messages there.

magnusbaeck · July 5, 2017, 6:02pm

And how do you know your events even reach the output? Also, have you tried increasing Logstash's log level to get more entries in the log?

Bob04 · July 5, 2017, 6:03pm

I am also using Elasticsearch output and stdout { codec => rubydebug } and I can see new messages are coming.

Bob04 · July 5, 2017, 6:15pm

I found this error in Logstash logs:

12:27:29.769 [[main]>worker0] ERROR logstash.outputs.email - Something happen while delivering an email {:exception=>#<Errno::ECONNREFUSED: Connection refused - Connection refused>}
12:27:30.044 [[main]>worker0] ERROR logstash.outputs.email - Something happen while delivering an email {:exception=>#<Errno::ECONNREFUSED: Connection refused - Connection refused>}

I am able to send and receive email from terminal, though:

mailx -v -s "email_subject" <send_to_address>

magnusbaeck · July 5, 2017, 7:24pm

Errno::ECONNREFUSED: Connection refused - Connection refused

This certainly suggests that nobody's listening on localhost:25. Is Postfix perhaps only listening on the IPv6 interface an Logstash only support IPv4? That could explain why "telnet localhost 25" works and seemingly does so by connecting to ::1.

I am able to send and receive email from terminal, though:

mailx doesn't use SMTP.

Bob04 · July 5, 2017, 7:28pm

Thanks for explanation.
Is there any way to fix that problem to be able to receive emails from Logstash?

magnusbaeck · July 5, 2017, 7:32pm

That's a Postfix question, but check the inet_protocols parameter in /etc/postfix/main.cf.

Bob04 · July 5, 2017, 7:45pm

In /etc/postfix/main.cf I can see all inet_protocols are enabled:

# Enable IPv4, and IPv6 if supported
inet_protocols = all

magnusbaeck · July 6, 2017, 8:52am

And is Postfix actually listening on 127.0.0.1:25? Does "telnet 127.0.0.1 25" work? Does Wireshark reveal anything about what's going on? Could a firewall be blocking the access?

Bob04 · July 6, 2017, 4:47pm

It looks like everything should work.

I also tried to send email this way and I was able to receive it:

mail -s "subject" recipient@email.com <email_body>

And this way:

sendmail EMAILADDRESS
FROM: FROMADDRESS
SUBJECT: hello world
this is a test email
.

When I tried to send email via sendmail I got this errors:

11:56:31.514 [[main]>worker0] ERROR logstash.outputs.email - Something happen while delivering an email {:exception=>#<IOError: Cannot run program "/usr/sbin/sendmail" (in directory "/"): error=2, No such file or directory>}
11:56:31.590 [[main]>worker0] ERROR logstash.outputs.email - Something happen while delivering an email {:exception=>#<IOError: Cannot run program "/usr/sbin/sendmail" (in directory "/"): error=2, No such file or directory>}

It looks like it happened because I am running Logstash in Docker.

Though when I mounted local file /usr/sbin/sendmail by -v /usr/sbin/sendmail:/usr/sbin/sendmail I got another error:

/usr/share/logstash/vendor/bundle/jruby/1.9/gems/mail-2.6.4/lib/mail/network/delivery_methods/sendmail.rb:73 warning: unsupported popen option: err
/usr/share/logstash/vendor/bundle/jruby/1.9/gems/mail-2.6.4/lib/mail/network/delivery_methods/sendmail.rb:73 warning: unsupported popen option: err
12:29:35.742 [[main]>worker0] ERROR logstash.outputs.email - Something happen while delivering an email {:exception=>#<Errno::EPIPE: Broken pipe - Broken pipe>}

magnusbaeck · July 6, 2017, 8:00pm

mail -s "subject" recipient@email.com <email_body>

mail doesn't use SMTP.

sendmail EMAILADDRESS

sendmail doesn't use SMTP.

It looks like it happened because I am running Logstash in Docker.

That's crucial information! With containers running in bridge mode (the default), connections to localhost inside the container won't reach the host. You need to make sure you really connect to the host (e.g. by using its DNS name). Another option is to run the container in host network mode.

Though when I mounted local file /usr/sbin/sendmail by -v /usr/sbin/sendmail:/usr/sbin/sendmail I got another error:

That'll never work. The sendmail binary needs access to various other files.

Bob04 · July 11, 2017, 3:11pm

Thanks for clarification.

In my case, ELK containers are connected to each other with with link. Is there any way to connect to a local host from a container to be able to run Sendmail or Postfix?

magnusbaeck · July 11, 2017, 5:52pm

In my case, ELK containers are connected to each other with with link. Is there any way to connect to a local host from a container to be able to run Sendmail or Postfix?

I don't think there's a way to connect to the loopback interface of the host if you're running a container in bridge mode. As I said, either connect to the non-loopback interface on the host (e.g. by using its DNS name) or run the container in host network mode.

system · August 8, 2017, 5:53pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.