SMTP Error - Emailing from Watcher Service

Elastic Stack Elasticsearch
1

When attempting to send emails using the watcher service, an SMTP error is generated saying that the Client was not authenticated to send anonymous mail and fails. I am trying to send email from our relay service with no SSL or any authentication.

Stack Trace:

[2019-03-27T20:52:43,572][INFO ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [sptesingst-wc-01] publish_address {Redacted IP}, bound_addresses {Redacted IP}
[2019-03-27T20:52:43,572][INFO ][o.e.n.Node ] [Redacted Host Name] started
[2019-03-27T20:53:22,013][ERROR][o.e.x.w.a.e.ExecutableEmailAction] [Redacted Host Name] failed to execute action [inlined/email_1]
javax.mail.MessagingException: failed to send email with subject [Watch [test] has exceeded the threshold] via account [outlook_account]
at org.elasticsearch.xpack.watcher.notification.email.EmailService.send(EmailService.java:154) ~[?:?]
at org.elasticsearch.xpack.watcher.notification.email.EmailService.send(EmailService.java:146) ~[?:?]
at org.elasticsearch.xpack.watcher.actions.email.ExecutableEmailAction.execute(ExecutableEmailAction.java:72) ~[?:?]
at org.elasticsearch.xpack.core.watcher.actions.ActionWrapper.execute(ActionWrapper.java:144) [x-pack-core-6.5.4.jar:6.5.4]
at org.elasticsearch.xpack.watcher.execution.ExecutionService.executeInner(ExecutionService.java:455) [x-pack-watcher-6.5.4.jar:6.5.4]
at org.elasticsearch.xpack.watcher.execution.ExecutionService.execute(ExecutionService.java:295) [x-pack-watcher-6.5.4.jar:6.5.4]
at org.elasticsearch.xpack.watcher.transport.actions.execute.TransportExecuteWatchAction$1.doRun(TransportExecuteWatchAction.java:154) [x-pack-watcher-6.5.4.jar:6.5.4]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-6.5.4.jar:6.5.4]
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) [?:1.8.0_121]
at java.util.concurrent.FutureTask.run(Unknown Source) [?:1.8.0_121]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:624) [elasticsearch-6.5.4.jar:6.5.4]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:1.8.0_121]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:1.8.0_121]
at java.lang.Thread.run(Unknown Source) [?:1.8.0_121]
Caused by: com.sun.mail.smtp.SMTPSendFailedException: 530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM

    at com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:2358) ~[?:?]
    at com.sun.mail.smtp.SMTPTransport.mailFrom(SMTPTransport.java:1823) ~[?:?]
    at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:1300) ~[?:?]
    at org.elasticsearch.xpack.watcher.notification.email.Account.send(Account.java:141) ~[?:?]
    at org.elasticsearch.xpack.watcher.notification.email.EmailService.send(EmailService.java:152) ~[?:?]
    ... 13 more

Configuration (elasticsearch.yml):

xpack.notification.email:
default_account: outlook_account
account:
outlook_account:
profile: outlook
smtp:
auth: false
ssl.trust: "*"
starttls.enable: false
host: [Redacted Relay]
port: 587
user: [Redacted User Name]
email_defaults:
from: [Redacted Email]

2

Hi team, are there any updates to this request?

3

the important message is this one:

This means, that your authentication data was not allowing you to send emails.

Can you provide a gist/pastebin of your YAML configuration, maybe this is just an indentation issue. It is hard to tell due to the YAML not being formatted properly.

Thanks!

4

Hello,

Thank you for your reply. Please see this pastebin for the xpack configuration in our elasticsearch.yml file: https://pastebin.com/vb0mN1d1

Thank you,

Jared

5

how did you set your SMTP user password? Can you paste the full command if set via the keystore command?

6

Hello,

No SMTP user password was set as we are trying to send email notifications with no authentication.

7

Hey,

you need to make sure there is neither a user, nor a password nor a auth configuration in your user account config. See this example:

PUT /_cluster/settings
{
    "transient" : {
        "xpack.notification.email.account.my_account.smtp" : {
          "host": "localhost",
          "port": 1025
        }
    }
}

POST _xpack/watcher/watch/_execute
{
  "watch": {
    "trigger": {
      "schedule": {
        "interval": "10h"
      }
    },
    "input": {
      "simple": {
        "foo": "bar"
      }
    },
    "actions": {
      "send_email": {
        "email": {
          "to": "foo@example.org",
          "subject": "Watcher Notification",
          "body": "PAYLOAD {{ctx.payload}}"
        }
      },
      "logme": {
        "logging": {
          "text": "{{ctx}}"
        }
      }
    }
  }
}

hope this helps!

8

Hey Spin,

I performed the steps you suggested and restarted the elasticsearch service, however we are still seeing errors:

[2019-04-09T21:12:36,681][INFO ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [sptesingst-wc-01] publish_address {10.124.5.90:9200}, bound_addresses {10.124.5.90:9200}
[2019-04-09T21:12:36,681][INFO ][o.e.n.Node ] [sptesingst-wc-01] started
[2019-04-09T21:13:04,220][ERROR][o.e.x.w.a.e.ExecutableEmailAction] [sptesingst-wc-01] failed to execute action [inlined/email_1]
javax.mail.MessagingException: failed to send email with subject [Watch [bat] has exceeded the threshold] via account [outlook_account]
at org.elasticsearch.xpack.watcher.notification.email.EmailService.send(EmailService.java:154) ~[?:?]
at org.elasticsearch.xpack.watcher.notification.email.EmailService.send(EmailService.java:146) ~[?:?]
at org.elasticsearch.xpack.watcher.actions.email.ExecutableEmailAction.execute(ExecutableEmailAction.java:72) ~[?:?]
at org.elasticsearch.xpack.core.watcher.actions.ActionWrapper.execute(ActionWrapper.java:144) [x-pack-core-6.5.4.jar:6.5.4]
at org.elasticsearch.xpack.watcher.execution.ExecutionService.executeInner(ExecutionService.java:455) [x-pack-watcher-6.5.4.jar:6.5.4]
at org.elasticsearch.xpack.watcher.execution.ExecutionService.execute(ExecutionService.java:295) [x-pack-watcher-6.5.4.jar:6.5.4]
at org.elasticsearch.xpack.watcher.transport.actions.execute.TransportExecuteWatchAction$1.doRun(TransportExecuteWatchAction.java:154) [x-pack-watcher-6.5.4.jar:6.5.4]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-6.5.4.jar:6.5.4]
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) [?:1.8.0_121]
at java.util.concurrent.FutureTask.run(Unknown Source) [?:1.8.0_121]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:624) [elasticsearch-6.5.4.jar:6.5.4]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:1.8.0_121]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:1.8.0_121]
at java.lang.Thread.run(Unknown Source) [?:1.8.0_121]
Caused by: com.sun.mail.smtp.SMTPSendFailedException: 530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM

    at com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:2358) ~[?:?]
    at com.sun.mail.smtp.SMTPTransport.mailFrom(SMTPTransport.java:1823) ~[?:?]
    at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:1300) ~[?:?]
    at org.elasticsearch.xpack.watcher.notification.email.Account.send(Account.java:141) ~[?:?]
    at org.elasticsearch.xpack.watcher.notification.email.EmailService.send(EmailService.java:152) ~[?:?]

Thanks,

Jared

9

hey,

have you explicitely removed the other options from the YAML file or set them to null, if you are using the cluser update settings API? Otherwise those settings might still be set.

--Alex

10

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.