NetXMS Support Forum

Hi, 


I'm new to NetXMS, and I was trying to setup some notifications channels: it works well for Slack, but I struggle with SMTP which is always in error (ends up with status "Failure"  and error message "Driver error").

I've set the ncd.smtp debug level to 6, and I can see the following messages:
Sending mail with url="smtp://pro1.mail.ovh.net:587", to="[email protected]", subject="test", login="[email protected]"
2023.10.09 12:15:18.234 *D* [ncd.smtp           ] Call to curl_easy_perform("smtp://pro1.mail.ovh.net:587") failed (56: Failure when receiving data from the peer)

There is my SMTP notification channel configuration:

[email protected]
FromName=NetXMS
IsHTML=no
[email protected]
Password=my_smtp_password
Port=587
Server=pro1.mail.ovh.net
TLSMode=STARTTLS
My mail provider (OVH) needs a secure SMTP connection on port 587 with STARTTLS and authentication is required using my email/password.
There is the ';' caracter at the end of my password, so I thought the problem might be here, but even when I encode the password with the "nxencpassd" utility, SMTP notification are still in error.

How could I solve this issue?

Thanks

Please try to capture traffic on NetXMS using tcpdump:
tcpdump -s 0 -w smtp.pcap -i INTERFACE_NAME host pro1.mail.ovh.net and tcp and port 587
STARTTLS has unencrypted phase of communications in the beginning, so we might see some clue there. You can send capture file to me in a private message.

From the capture it's seen that exchange successfully switches to TLS mode, but we don't see much beyond that due to encryption.
Please try sending email using curl from command line of machine where netxms is running:

curl -v --ssl-reqd  --url 'smtp://pro1.mail.ovh.net:587' --user '[email protected]:password' --mail-from '[email protected]' --mail-rcpt '[email protected]' --upload-file mail.txt
for that you need mail.txt file in the folder where you launch curl with content like this:

From: "User Name" <[email protected]>
To: "John Smith" <[email protected]>
Subject: This is a test

Hi John,
I'm sending this mail with curl thru my gmail account.
Bye!
Please adjust the command and mail.txt file with your actual addresses. curl should produce verbose output, pls share that.

Hi,

It doesn't work. I tried with two different accounts to be sure the password was not involved. I had sensu on the same machine and I can send email with the same smtp account and credentials. Here's the command output:

* Connected to pro1.mail.ovh.net (79.137.0.66) port 587 (#0)
< 220 pro1.mail.ovh.net Microsoft ESMTP MAIL Service ready at Wed, 11 Oct 2023 10:26:50 +0200
> EHLO mail.txt
< 250-pro1.mail.ovh.net Hello [176.191.46.127]
< 250-SIZE 104857600
< 250-PIPELINING
< 250-DSN
< 250-ENHANCEDSTATUSCODES
< 250-STARTTLS
< 250-AUTH GSSAPI NTLM
< 250-8BITMIME
< 250-BINARYMIME
< 250 CHUNKING
> STARTTLS
< 220 2.0.0 SMTP server ready
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS header, Certificate Status (22):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [85 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3433 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [657 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [138 bytes data]
* TLSv1.2 (OUT), TLS header, Finished (20):
} [5 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS header, Finished (20):
{ [5 bytes data]
* TLSv1.2 (IN), TLS header, Certificate Status (22):
{ [5 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA384
* Server certificate:
*  subject: CN=pro1.mail.ovh.net
*  start date: Jun  7 00:00:00 2023 GMT
*  expire date: Jun  6 23:59:59 2024 GMT
*  subjectAltName: host "pro1.mail.ovh.net" matched cert's "pro1.mail.ovh.net"
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
*  SSL certificate verify ok.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
> EHLO mail.txt
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
< 250-pro1.mail.ovh.net Hello [176.191.46.127]
< 250-SIZE 104857600
< 250-PIPELINING
< 250-DSN
< 250-ENHANCEDSTATUSCODES
< 250-AUTH GSSAPI NTLM LOGIN
< 250-8BITMIME
< 250-BINARYMIME
< 250 CHUNKING
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
> AUTH GSSAPI
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
< 334 GSSAPI supported
* gss_init_sec_context() failed: No credentials were supplied, or the credentials were unavailable or inaccessible. No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000).
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
* TLSv1.2 (OUT), TLS header, Unknown (21):
} [5 bytes data]
* TLSv1.2 (OUT), TLS alert, close notify (256):
} [2 bytes data]
curl: (94) An authentication function returned an error

I don't understand because I pass the --user '[email protected]:mypassword'. I even tried to remove the password from the command line, so curl prompt for it, but I have the same error message then...

I finally find the working command: I had to add the "--ntlm" flag at the end of the command line.


curl -v --ssl-reqd  --url 'smtp://pro1.mail.ovh.net:587' --user '[email protected]:password' --mail-from '[email protected]' --mail-rcpt '[email protected]' --upload-file mail.txt --ntlm

What would be the netxms setup then?

We will add option to specify authentication method in a future release, but currently that's not possible. Meanwhile you can use "shell" notification channel and call some script that would invoke curl from command line

Thanks for your quick reply, I'll do that!