Unable to send Watcher E-mail using Microsoft Exchange

saif3r · May 9, 2019, 11:48am

Hello Guys,

I'm trying out X-Pack's Watcher and I have stumbled upon an error for which I'm unable to find a resolution.
Here's the elasticsearch.yml snippet set for this purpose:

 xpack.notification.email.account:
    exchange_account:
        profile: outlook
        email_defaults:
            from: elastic@company.com
        smtp:
            auth: false
            starttls.enable: false
            host: exchange.company.com
            port: 25

As per their suggestion and experience for setting up other tools with similar capabilities (sending an automated email) they advised me to disable smtp auth and use port 25. This configuration is confirmed working with other software.
Please note that after enabling Trial License, haven't done any changes in my cluster settings, so I don't even have the Kibana security enabled yet.

Before i enabled watcher, i made sure that Elasticsearch is able to telnet exchange server using:

telnet exchange.company.com 25

Output:

Trying 10.10.10.10...
Connected to exchange.company.com.
Escape character is '^]'.
220 exchange.company.com Microsoft ESMTP MAIL Service ready at Thu, 9 May 2019 04:36:28 -0700

Here's the error i got when hitting test button in the watcher settings:

[2019-05-09T13:15:31,052][ERROR][o.e.x.w.a.e.ExecutableEmailAction] [elastic] failed to execute action [_inlined_/email_1]
javax.mail.MessagingException: failed to send email with subject [Watch [Test] has exceeded the threshold] via account [exchange_account]
        at org.elasticsearch.xpack.watcher.notification.email.EmailService.send(EmailService.java:153) ~[?:?]
        at org.elasticsearch.xpack.watcher.notification.email.EmailService.send(EmailService.java:145) ~[?:?]
        at org.elasticsearch.xpack.watcher.actions.email.ExecutableEmailAction.execute(ExecutableEmailAction.java:72) ~[?:?]
        at org.elasticsearch.xpack.core.watcher.actions.ActionWrapper.execute(ActionWrapper.java:144) [x-pack-core-7.0.0.jar:7.0.0]
        at org.elasticsearch.xpack.watcher.execution.ExecutionService.executeInner(ExecutionService.java:460) [x-pack-watcher-7.0.0.jar:7.0.0]
        at org.elasticsearch.xpack.watcher.execution.ExecutionService.execute(ExecutionService.java:299) [x-pack-watcher-7.0.0.jar:7.0.0]
        at org.elasticsearch.xpack.watcher.transport.actions.execute.TransportExecuteWatchAction$1.doRun(TransportExecuteWatchAction.java:159) [x-pack-watcher-7.0.0.jar:7.0.0]
        at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-7.0.0.jar:7.0.0]
        at org.elasticsearch.xpack.watcher.execution.ExecutionService$WatchExecutionTask.run(ExecutionService.java:549) [x-pack-watcher-7.0.0.jar:7.0.0]
        at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:681) [elasticsearch-7.0.0.jar:7.0.0]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
        at java.lang.Thread.run(Thread.java:835) [?:?]
Caused by: javax.mail.AuthenticationFailedException: No authentication mechanisms supported by both server and client
        at com.sun.mail.smtp.SMTPTransport.authenticate(SMTPTransport.java:880) ~[?:?]
        at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:780) ~[?:?]
        at javax.mail.Service.connect(Service.java:366) ~[?:?]
        at org.elasticsearch.xpack.watcher.notification.email.Account.lambda$executeConnect$2(Account.java:158) ~[?:?]
        at java.security.AccessController.doPrivileged(AccessController.java:551) ~[?:?]
        at org.elasticsearch.xpack.watcher.notification.email.Account.executeConnect(Account.java:157) ~[?:?]
        at org.elasticsearch.xpack.watcher.notification.email.Account.send(Account.java:116) ~[?:?]
        at org.elasticsearch.xpack.watcher.notification.email.EmailService.send(EmailService.java:151) ~[?:?]
        ... 12 more

Caused by: javax.mail.AuthenticationFailedException: No authentication mechanisms supported by both server and client

I focused on this part, browsed various topics across different message boards and all of them focused on setting proper auth or actualy removing it for exchange servers with no smtp authentication. This is what i did but no luck.

I'd appreciate the suggestions.
Thanks.

spinscale · May 9, 2019, 12:09pm

I assume that your mailserver requires authentication, which you disabled explicitely in the alerting configuration.

saif3r · May 9, 2019, 12:17pm

Hi @spinscale

As per the info i got from our admins, auth is disabled. To confirm that, i retreived the piece of configuration out of the tool, that also uses our exchange to send emails and the part about smtp auth is set to false. The mentioned tool is able to send emails from the same exchange I try to use. Here's the config snippet of that tool:

mail.smtp.auth=false

spinscale · May 9, 2019, 12:25pm

can you further debug in the mail server side and try sending an email just using telnet, and see if that works as expected? This way we would know for sure if disabled SMTP auth works.

saif3r · May 9, 2019, 12:33pm

Hi @spinscale

As per your suggestion i tried to use telnet to send an email using terminal within elasticsearch machine. I was able to succesfuly send it using below commands:

telnet exchange.company.com 25
Trying 10.10.10.10...
Connected to exchange.company.com.
Escape character is '^]'.
220 exchange.company.com Microsoft ESMTP MAIL Service ready at Thu, 9 May 2019 05:27:38 -0700
ehlo exchange.company.com
250-exchange.company.com Hello [10.10.10.180]
250-SIZE 36700160
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-AUTH
250-8BITMIME
250-BINARYMIME
250 CHUNKING
mail from: elastic@company.com
250 2.1.0 Sender OK
rcpt to: me@company.com
250 2.1.5 Recipient OK
data
354 Start mail input; end with <CRLF>.<CRLF>
Subjects: Hello
asd
.
250 2.6.0 <400a034f-b1c9-4f2a-ad7f-b3473f273bf0@company.com> [InternalId=123] Queued mail for delivery
quit

Few seconds later i got an email.

saif3r · May 9, 2019, 1:19pm

I think i figured it out. Instead of setting the following:

smtp:
    auth: false
    starttls.enable: false

I simply removed it from the configuration, leaving only:

 xpack.notification.email.account:
    exchange_account:
        profile: outlook
        email_defaults:
            from: elastic@company.com
        smtp:
            host: exchange.company.com
            port: 25

It works now.
It's kinda weird, because according to the documentation both smtp.auth and smtp.starttls.enable are false by default and this is what i had in my configuration. So with both values set to false the issue persisted, but once i removed those settings entirely, allowing them to use their default values watcher started to work properly.

system · June 6, 2019, 1:19pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Watcher Email is Failing Elasticsearch elastic-stack-alerting	2	364	April 16, 2020
X-pack Watcher service : not able to send the mail Elasticsearch	3	2028	July 19, 2017
Failed to execute action [email_watch/send _email] Elasticsearch	4	1740	May 20, 2018
Watcher email configuration Elasticsearch elastic-stack-alerting	2	1615	December 19, 2019
Unable to send email Elasticsearch elastic-stack-alerting	3	3619	July 6, 2017

Unable to send Watcher E-mail using Microsoft Exchange

Related topics