[Watcher] 550 Access denied - Invalid HELO name (See RFC2821 4.1.1.1)

ylasri · October 30, 2020, 11:28am

When running watcher with email action, we are getting this error :
550 Access denied - Invalid HELO name (See RFC2821 4.1.1.1)

We use a corporate SMTP server, elasticsearch.yml config looks like this

xpack.notification.email.account:
    smtp_account:
        profile: standard
        email_defaults:
            from: support@corporate.co
        smtp:
            auth: false
            starttls.enable: false
            host: mail.corporate.co
            port: 587
            user: support@corporate.co

The action work when using a gmail account, but when using our corporate email we get this error. Does anybody had this issue in the past ?

Here is the verbose when sending a telnet to the SMTP server

220-hostXX.corporate.co ESMTP Exim 4.93 #2 Fri, 30 Oct 2020 12:24:21 +0100
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
HELO corporate.co
250 hostXX.corporate.co Hello corporate.co [xx.xx.xx.xx]
HELP
214-Commands supported:
214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP

TimV · November 2, 2020, 3:29am

Can you try adding this:

xpack.notification.email.account:
    smtp_account:
        smtp:
            local_address: corporate.co

ylasri · November 2, 2020, 12:02pm

Thanks @TimV
I am getting this new error

[2020-11-02T12:55:26,851][ERROR][o.e.x.w.a.e.ExecutableEmailAction] [node01] failed to execute action [_inlined_/email_1]
java.security.AccessControlException: access denied ("java.net.SocketPermission" "localhost:0" "listen,resolve")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:?]

I added this

xpack.notification.email.account:
    smtp_account:
        smtp:
            local_address: corporate.co
            local_port: 587

I got this error

[2020-11-02T12:55:26,851][ERROR][o.e.x.w.a.e.ExecutableEmailAction] [node01] failed to execute action [_inlined_/email_1]
java.security.AccessControlException: access denied ("java.net.SocketPermission" "localhost:587" "listen,resolve")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:?]

TimV · November 3, 2020, 1:32am

I don't think there's any solution here, I'm afraid.

As best I can tell the problem is that your corporate SMTP server doesn't want to accept email from the domain that your Elasticsearch host runs on.

I had hoped that you could configure your way around that, but that's not working.

I think your next best option is to talk to your mail admins about why their rejecting mail from your hosts.

Topic		Replies	Views
Could not connect to SMTP host: xxx, port: nn, response: 554 Elasticsearch elastic-stack-alerting	2	474	March 22, 2021
Elasticsearch watcher cannot to connect smtp host Elasticsearch elastic-stack-alerting	5	772	April 29, 2019
Unable to send email Elasticsearch elastic-stack-alerting	3	3681	July 6, 2017
Elasticsearch Alert Email not working - Watcher Elasticsearch elastic-stack-alerting	12	3038	June 22, 2020
Getting error in configuring sender mail in xpack watchers Elasticsearch	3	1023	October 31, 2017

[Watcher] 550 Access denied - Invalid HELO name (See RFC2821 4.1.1.1)

Related topics