Unable to send SMTP message using 25 port

Versions:
OpenSearch 2.5.0-2.9.0

Describe the issue:
Hello.
I got stuck while trying to set up notification via SMTP with no Encryption, but using login and password and port 25.
While sending email via cURL - messages are sent correctly to SMTP server and received by recipients.

curl --url 'smtp://smtp.smtpserver:25'   --mail-from 'sender@test.com'   --mail-rcpt 'recipient@test.net'   --user 'sender:password' -vvv --upload-file testfile.txt

But when i’m trying to set up in Notifications - test email fails with 575 error:

[2023-07-31T17:31:24,962][WARN ][r.suppressed             ] [opensearch-cluster-master-0] path: /_plugins/_notifications/feature/test/TdCmrIkBk2OPKBToRkzn, params: {config_id=TdCmrIkBk2OPKBToRkzn} org.opensearch.OpenSearchStatusException: {"event_status_list": [{"config_id":"TdCmrIkBk2OPKBToRkzn","config_type":"email","config_name":"Test_channel","email_recipient_status":[{"recipient":"recipient@test.net","delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 sender@test.com sender should authenticate\n"}}],"delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 sender@test.com sender should authenticate\n"}}]}

The same error i receive, if cURL without username and password.

curl --url 'smtp://smtp.smtpserver:25' --mail-from 'sender@test.com' --mail-rcpt 'recipient@test.net' -vvv --upload-file testfile.txt

As described in Doc and forum, tried adding both values in keystore in opensearch pod executing

plugins.alerting.destination.email.smtp_sender.username=sender
plugins.alerting.destination.email.smtp_sender.password=password

and

opensearch.notifications.core.email.smtp_sender.username=sender
opensearch.notifications.core.email.smtp_sender.password=password

None of them seems to be working: i see values in keystore by executing:
opensearch-keystore list

Tried adding as from the inside of the OpenSearch pod and restarting security to apply settings,
and from creating and attaching secrets and configuring Helm chart’s keystore section.

In my opinion, Notification plugin is not using/not providing username and password, while encryption is set to None.

PS. In my Lab, I have SMTP server without authentification - it work correctly. I would be glad of any possible help, to solve the issue. (

Configuration:
OpenSearch stack - OpenSearch, OpenSearch-dashboards, Logstash, Filebeats - deployed using the last HELM chart in K8s cluster.
OS - CentOS 7.

Hey @HamsterBob

From what I understand in this documtnation

• Notifications - OpenSearch documentation

And I quote.

If your email provider requires SSL or TLS, you must authenticate each sender account before you can send an email. Enter the sender account credentials in the OpenSearch keystore using the command line interface (CLI). Run the following commands (in your OpenSearch directory) to enter your user name and password. The <sender_name> is the name you entered for Sender earlier.

by chance did you enter the sender account credentials in the OpenSearch keystore using the command line interface (CLI)?

Hello @Gsmitt
Thank you for your reply.

Yes, because of deployment using HelmChart in K8S, i’ve went through this post:

how to add email sender credentials in opensearch-keystore which is hosted on kubernetes? · Issue #392 · opensearch-project/helm-charts · GitHub
I’ve created 2 secrets and added them to keystore section in the HelmChart.

After deploy, inside container, i can see previously added keys, but unable to see their values:

[opensearch@opensearch-cluster-master-0 ~]$ opensearch-keystore list
keystore.seed
opensearch.notifications.core.email.smtp_sender.password
opensearch.notifications.core.email.smtp_sender.username

Then tried to add credentials via keystore inside container:

./bin/opensearch-keystore add opensearch.notifications.core.email.smtp_sender.password
./bin/opensearch-keystore add opensearch.notifications.core.email.smtp_sender.username

And reload security config:

POST _nodes/reload_secure_settings

None of these worked for me (

However, in my opinion, if values were wrong, i would have received authentification error, but not 575, meaning no creds provided.

PS. Looking through various themes, i’ve tried to contact people, with the same issue. No one was able to send email using 25 port and auth required. As a workaround - change auth method, or use proxy gateway and set up webhook in Opensearch.

Added log info (viped-out sensitive information):

[2023-08-02T07:48:29,698][INFO ][o.o.n.s.SendMessageActionHelper] [opensearch-cluster-master-0] notifications:sendMessage:statusCode=502, statusText=sendEmail Error, status:575 <sender@email> sender should authenticate

[2023-08-02T07:48:29,698][INFO ][o.o.n.s.SendMessageActionHelper] [opensearch-cluster-master-0] notifications:ONCnrIkBk2OPKBToPl2S:statusCode=502, statusText=sendEmail Error, status:575 <sender@email> sender should authenticate

[2023-08-02T07:48:29,698][WARN ][o.o.n.a.PluginBaseAction ] [opensearch-cluster-master-0] notifications:OpenSearchStatusException:
org.opensearch.OpenSearchStatusException: {"event_status_list": [{"config_id":"vms4tYkBd1wIiA9RPaJ_","config_type":"email","config_name":"temp-Main_alerting","email_recipient_status":[{"recipient":"<recipientr@email>","delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 <sender@email> sender should authenticate\n"}}],"delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 <sender@email> sender should authenticate\n"}}]}
        at org.opensearch.notifications.send.SendMessageActionHelper.executeRequest(SendMessageActionHelper.kt:99) ~[?:?]
        at org.opensearch.notifications.send.SendMessageActionHelper$executeRequest$1.invokeSuspend(SendMessageActionHelper.kt) ~[?:?]
        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) [kotlin-stdlib-1.6.10.jar:1.6.10-release-923(1.6.10)]
        at kotlinx.coroutines.internal.ScopeCoroutine.afterResume(Scopes.kt:32) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.AbstractCoroutine.resumeWith(AbstractCoroutine.kt:113) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:46) [kotlin-stdlib-1.6.10.jar:1.6.10-release-923(1.6.10)]
        at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
[2023-08-02T07:48:29,700][ERROR][o.o.n.a.SendTestNotificationAction] [opensearch-cluster-master-0] notifications:SendTestNotificationAction-send Error:OpenSearchStatusException[{"event_status_list": [{"config_id":"vms4tYkBd1wIiA9RPaJ_","config_type":"email","config_name":"temp-Main_alerting","email_recipient_status":[{"recipient":"<recipientr@email>","delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 <sender@email> sender should authenticate\n"}}],"delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 <sender@email> sender should authenticate\n"}}]}]
[2023-08-02T07:48:29,700][WARN ][r.suppressed             ] [opensearch-cluster-master-0] path: /_plugins/_notifications/feature/test/vms4tYkBd1wIiA9RPaJ_, params: {config_id=vms4tYkBd1wIiA9RPaJ_}
org.opensearch.OpenSearchStatusException: {"event_status_list": [{"config_id":"vms4tYkBd1wIiA9RPaJ_","config_type":"email","config_name":"temp-Main_alerting","email_recipient_status":[{"recipient":"<recipientr@email>","delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 <sender@email> sender should authenticate\n"}}],"delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 <sender@email> sender should authenticate\n"}}]}
        at org.opensearch.notifications.send.SendMessageActionHelper.executeRequest(SendMessageActionHelper.kt:99) ~[?:?]
        at org.opensearch.notifications.send.SendMessageActionHelper$executeRequest$1.invokeSuspend(SendMessageActionHelper.kt) ~[?:?]
        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) [kotlin-stdlib-1.6.10.jar:1.6.10-release-923(1.6.10)]
        at kotlinx.coroutines.internal.ScopeCoroutine.afterResume(Scopes.kt:32) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.AbstractCoroutine.resumeWith(AbstractCoroutine.kt:113) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:46) [kotlin-stdlib-1.6.10.jar:1.6.10-release-923(1.6.10)]
        at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]

UPD. Tried to dig into code (i’m not good at programming), but found smth really interesting, ad i think, this can make situation clear:

https://github.com/opensearch-project/notifications/blob/216dfcb95eff41ab04785980e89c0bd260b34042/notifications/core/src/main/kotlin/org/opensearch/notifications/core/client/DestinationSmtpClient.kt

        when (smtpDestination.method) {
            "ssl" -> prop["mail.smtp.ssl.enable"] = true
            "start_tls" -> prop["mail.smtp.starttls.enable"] = true
            "none" -> {
            }
            else -> throw IllegalArgumentException("Invalid method supplied")
        }

        if (smtpDestination.method != "none") {
            val secureDestinationSetting = getSecureDestinationSetting(smtpDestination)
            if (secureDestinationSetting != null) {
                prop["mail.smtp.auth"] = true
                session = Session.getInstance(
                    prop,
                    object : Authenticator() {
                        override fun getPasswordAuthentication(): PasswordAuthentication {
                            return PasswordAuthentication(
                                secureDestinationSetting.emailUsername.toString(),
                                secureDestinationSetting.emailPassword.toString()
                            )
                        }
                    }
                )
            }
        }

For me it seems that, if Encryption is set != None, then auth process will be started, else nothing is going to happen., and no creds will be provoded.

Hey @HamsterBob

It seams that way. Judge from your Logs its wanting you to authenticate that user. As for a howto, im unsure besides what the doc’s show.

Hi @Gsmitt
Thank you for you reply.

Seems that without decompiling plugin, this cannot be achieved ( . Unfortunately, i don’t have enough skills in Java - will try to ask colleagues for help.

Added feature request in github, maybe this will be aded in the nearest future:

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.