SMTP sender Timeout while TLS handshake

Hi, I´m trying to send email on notifications. I´ve configured an smtp sender, but got “Request Timeout after 30000ms” on “send test message”.

I can see opensearch connecting to my SMTP server, but while performing SSL/TLS handshake, timeout. Nothing else in my logs, either opensearch, neither smtp server.

Any ideas?

Hi @ruria -

I’m not familiar off the top of my head with the guts of the email notifications, but I do recall something about having to put your user authentication credentials in the Opensearch keystore.

Give this page a whirl and let me know if the steps there help you out at all:

I’ll copy and paste you a snippet to save you a click or two just in case. :slight_smile:


If your email provider requires SSL or TLS, you must authenticate each sender account before you can send an email. Enter these credentials in the OpenSearch keystore using the CLI. Run the following commands (in your OpenSearch directory) to enter your username and password. The <sender_name> is the name you entered for Sender earlier.

./bin/opensearch-keystore add plugins.alerting.destination.email.<sender_name>.username
./bin/opensearch-keystore add plugins.alerting.destination.email.<sender_name>.password

Note: Keystore settings are node-specific. You must run these commands on each node.

To change or update your credentials (after you’ve added them to the keystore on every node), call the reload API to automatically update those credentials without restarting OpenSearch:

POST _nodes/reload_secure_settings
{
  "secure_settings_password": "1234"
}

Let me know if that helps get you moving!

Nate

Hi @nateynate was facing a similar issue but configured the keystore like you said.
But now i am getting another error which i posted here but no response.
Do you have any idea why could this be happening?
Thanks Harshit

Thank you for your response! I´ve been trying this solution but doesn´t work for me.

I´ve managed to create keystore (opensearch-keystore create) an added username and password. It seems to work, reloading setting gets successful response (I´m not using password for keystore)

Trying send test message still gets “timeout”. I can see this on my logs:

[2022-07-29T08:22:58,640][INFO ][o.o.n.s.SendMessageActionHelper] [node-1] notifications:getSingleConfig-get IpvTJYIB4ChLW5EDwtoZ

[2022-07-29T08:22:58,642][INFO ][o.o.n.s.SendMessageActionHelper] [node-1] notifications:getSingleConfig-get 1XnNJYIB4ChLW5EDwsTH

[2022-07-29T08:22:58,646][DEBUG][o.o.n.c.c.DestinationSmtpClient] [node-1] Sending Email-SMTP for IpvTJYIB4ChLW5EDwtoZ

Any other idea?

which verision of the opensearch you are using?
@ruria

I am using version 2.1.0

Hi @ruria - do you happen to have access to the SMTP server handling your mail transmission? I’m wondering if some logs there might be helpful.

Opensearch logs this:


[2022-08-03T11:22:12,065][INFO ][o.o.n.c.c.DestinationSmtpClient] [node-1] EmailException javax.mail.MessagingException: Could not connect to SMTP host: mail.zzircon.com, port: 465, response: -1
[2022-08-03T11:22:12,066][INFO ][o.o.n.s.SendMessageActionHelper] [node-1] notifications:sendMessage:statusCode=424, statusText=sendEmail Error, status:Could not connect to SMTP host: mail.zzircon.com, port: 465, response: -1
[2022-08-03T11:22:12,065][INFO ][o.o.n.c.c.DestinationSmtpClient] [node-1] EmailException javax.mail.MessagingException: Could not connect to SMTP host: mail.zzircon.com, port: 465, response: -1
[2022-08-03T11:22:12,066][INFO ][o.o.n.s.SendMessageActionHelper] [node-1] notifications:sendMessage:statusCode=424, statusText=sendEmail Error, status:Could not connect to SMTP host: mail.zzircon.com, port: 465, response: -1
[2022-08-03T11:22:12,067][INFO ][o.o.n.s.SendMessageActionHelper] [node-1] notifications:1XnNJYIB4ChLW5EDwsTH:statusCode=424, statusText=sendEmail Error, status:Could not connect to SMTP host: mail.zzircon.com, port: 465, response:
 -1
[2022-08-03T11:22:12,067][INFO ][o.o.n.s.SendMessageActionHelper] [node-1] notifications:1XnNJYIB4ChLW5EDwsTH:statusCode=424, statusText=sendEmail Error, status:Could not connect to SMTP host: mail.zzircon.com, port: 465, response:
 -1
 [2022-08-03T11:22:12,068][WARN ][o.o.n.a.PluginBaseAction ] [node-1] notifications:OpenSearchStatusException:
org.opensearch.OpenSearchStatusException: {"event_status_list": [{"config_id":"wS1VY4IBRV1kFr_Qi_Tj","config_type":"email","config_name":"zzircon","email_recipient_status":[{"recipient”:”XXXX@zzircon.com","delivery_status":{"status_code":"424","status_text":"sendEmail Error, status:Could not connect to SMTP host: mail.zzircon.com, port: 465, response: -1"}},{"recipient”:”XXXXXX@zzircon.com","delivery_status":{"status_code":"424","status_text":"sendEmail 
Error, status:Could not connect to SMTP host: mail.zzircon.com, port: 465, response: -1"}}],"delivery_status":{"status_code":"424","status_text":"sendEmail Error, status:Could not connect to SMTP host: mail.zzircon.com, port: 465, 
response: -1"}}]}
        at org.opensearch.notifications.send.SendMessageActionHelper.executeRequest(SendMessageActionHelper.kt:99) ~[?:?]
        at org.opensearch.notifications.send.SendMessageActionHelper$executeRequest$1.invokeSuspend(SendMessageActionHelper.kt) ~[?:?]
        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) [kotlin-stdlib-1.6.10.jar:1.6.10-release-923(1.6.10)]
        at kotlinx.coroutines.internal.ScopeCoroutine.afterResume(Scopes.kt:32) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.AbstractCoroutine.resumeWith(AbstractCoroutine.kt:113) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:46) [kotlin-stdlib-1.6.10.jar:1.6.10-release-923(1.6.10)]
        at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
[2022-08-03T11:22:12,069][ERROR][o.o.n.a.SendTestNotificationAction] [node-1] notifications:SendTestNotificationAction-send Error:OpenSearchStatusException[{"event_status_list": [{"config_id":"wS1VY4IBRV1kFr_Qi_Tj","config_type":"e
mail","config_name":"zzircon","email_recipient_status":[{"recipient”:”XXXXX@zzircon.com","delivery_status":{"status_code":"424","status_text":"sendEmail Error, status:Could not connect to SMTP host: mail.zzircon.com, port: 465, res
ponse: -1"}},{"recipient”:”XXXXX@zzircon.com","delivery_status":{"status_code":"424","status_text":"sendEmail Error, status:Could not connect to SMTP host: mail.zzircon.com, port: 465, response: -1"}}],"delivery_status":{"statu
s_code":"424","status_text":"sendEmail Error, status:Could not connect to SMTP host: mail.zzircon.com, port: 465, response: -1"}}]}]
[2022-08-03T11:22:12,069][DEBUG][r.suppressed             ] [node-1] path: /_plugins/_notifications/feature/test/wS1VY4IBRV1kFr_Qi_Tj, params: {config_id=wS1VY4IBRV1kFr_Qi_Tj}
org.opensearch.OpenSearchStatusException: {"event_status_list": [{"config_id":"wS1VY4IBRV1kFr_Qi_Tj","config_type":"email","config_name":"zzircon","email_recipient_status":[{"recipient”:”XXXXX@zzircon.com","delivery_status":{"statu
s_code":"424","status_text":"sendEmail Error, status:Could not connect to SMTP host: mail.zzircon.com, port: 465, response: -1"}},{"recipient”:”XXXXX@zzircon.com","delivery_status":{"status_code":"424","status_text":"sendEmail 
Error, status:Could not connect to SMTP host: mail.zzircon.com, port: 465, response: -1"}}],"delivery_status":{"status_code":"424","status_text":"sendEmail Error, status:Could not connect to SMTP host: mail.zzircon.com, port: 465, 
response: -1"}}]}
        at org.opensearch.notifications.send.SendMessageActionHelper.executeRequest(SendMessageActionHelper.kt:99) ~[?:?]
        at org.opensearch.notifications.send.SendMessageActionHelper$executeRequest$1.invokeSuspend(SendMessageActionHelper.kt) ~[?:?]
        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) [kotlin-stdlib-1.6.10.jar:1.6.10-release-923(1.6.10)]
        at kotlinx.coroutines.internal.ScopeCoroutine.afterResume(Scopes.kt:32) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.AbstractCoroutine.resumeWith(AbstractCoroutine.kt:113) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:46) [kotlin-stdlib-1.6.10.jar:1.6.10-release-923(1.6.10)]
        at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]

Now my keystore is protected by password, and I successfuly reload secure setting, but nothing changes.

My sender is called “zzircon”, so I executed this:

./opensearch-keystore add plugins.alerting.destination.email.zzircon.username
./opensearch-keystore add plugins.alerting.destination.email.zzircon.password

Keystore path is: config/opensearch.keystore, I think that’s correct.

Another silly question that might help, but does your node have access to the internet? This looks like it can’t even get to the outside world.

Yes, it has. I can see connection coming in email server, but at TLS handshake phase, time out!