Unable to send Emails

Products

CA API Developer Portal CA API Gateway

Issue/Introduction

We have configured the Our Test Portal server to use our SMTP host as per the documentation.

The Portal server IP has been added to the SMTP relay allow list. However we are unable to send any emails.

Environment

API Gateway 4.2

Cause

There was a conflict in subnet specification.

In this case the email server was in the range 10.0.1.X we found that the docker container could resolve the mail server name to the correct IP address, but that because docker was using the subnet 10.0.1.X it was not possible to route to the external 10.0.1.X mail server machine.

In setup of docker it is using internally three created networks -when we connect to the container trying to connect to the SMTP server :

docker exec -it 143701b52e37 sh

Then run the route command :

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.18.0.1      0.0.0.0         UG    0      0        0 eth1
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0       0 eth0
10.0.1.0        0.0.0.0         255.255.255.0   U     0      0        0 eth2
172.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth1

Unfortunately one of them is the 10.0.1.X network, which blocks access to the external subnet 10.0.1.X, and hence blocks access to the mail server.

In the container, the DNS resolution works and we get the right IP for the mail server,

for i in `docker network ls | awk '{ print $1 }' `; do echo $i; (docker network inspect $i ); done

Resolution

In this case, the customer was able to setup SMTP server in another subnet.

Alternatively it may be possible to change the subnet used for the API Portal docker as per :

https://docops.ca.com/ca-api-developer-portal-enhanced-experience/4-2/en/install-configure-and-upgrade/troubleshoot-the-installation

This documents the setup of the 172.18.0.0 network, but may also be applicable to the 10.0.0.0 and 10.0.1.0 networks as well - in our case we did not need to go that far as we had an alternative.

Additional Information

# To find which image did the SMTP message : we used :

While
journalctl -f
will give trace of all the logs (assuming /etc/docker/daemon.json is setup correctly) - but it will not identify which container the logs come from.

Here we needed to find which container was making the SMTP call - so we did this :

for i in `docker ps | awk '{ print $1 }' `; do echo $i; (docker logs $i 2>&1 | grep SMTP); done

Gave us the container : 143701b52e37 as the container tryign to connect to the mail server.

143701b52e37

Jul 19 05:34:28 islandportal.example.com dockerd[27108]: WARNING: 4: Unable to send email: Unknown SMTP host: mail.example.com. Exception caught!

Then we could connect to that container :

docker exec -it 143701b52e37 sh

to print out the network and test resolving the SMTP host name: