Hi Magnus.
My ELK version 5.5.2
For some events i use email output plugin, and send events to local exchange, works fine.
But then i add new email output block with different email and server i get error:
[root@logstash ~]# tail -f /var/log/logstash/logstash-plain.log
[2017-09-14T14:18:40,468][ERROR][logstash.outputs.email ] Something happen while delivering an email {:exception=>#<Net::SMTPFatalError: 550 5.7.1 Unable to relay
>}
Logstash output conf:
#this block ok
if [event_id] == 18502 {
email {
to => "admin@exchange.local"
address => "192.168.1.5"
from => "logstash@exchange.local"
subject => "sudj"
htmlbody => "body"
}
}
#this blok not work
if [event_id] == 18502 {
email {
to => "admin@my_mail.com"
address => "smtp.my_mail.com"
port => 25
username => "logstash@my_mail.com"
password => "pass"
from => "logstash@my_mail.com"
subject => "subj"
htmlbody => "body"
}
}
Wireshark show local exchange ip (192.168.1.5) for second block (not smtp.my_mail.com) :
44 7.859411600 192.168.1.9 192.168.1.5 TCP 74 39624>25 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=322351535 TSecr=0 WS=128 45 7.860537500 192.168.1.9 192.168.1.5 TCP 66 39624>25 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=322351536 TSecr=32265825
46 7.862588900 192.168.1.9 192.168.1.5 TCP 66 39624>25 [ACK] Seq=1 Ack=90 Win=29312 Len=0 TSval=322351538 TSecr=32265826
47 7.864838100 192.168.1.9 192.168.1.5 SMTP 82 C: EHLO localhost
48 7.866743100 192.168.1.39 192.168.1.5 SMTP 98 C: MAIL FROM:<logstash@my_mail.com>
49 7.869035000 192.168.1.9 192.168.1.5 SMTP 91 C: RCPT TO:<admin@my_mail.com>
50 12.880061400 192.168.1.9 192.168.1.5 SMTP 72 C: QUIT
Telnet to smtp.my_mail.com 25 work fine
What's wrong with my conf?