After upgrading, emails are not being sent/received
Article ID: 187195
Updated On:
Products
Issue/Introduction
We see the following error in DMService.log:
ERROR | EmailJobTaskThreadPool-Thread-28 | 2020-03-09 09:29:28,588 | com.ca.im.portal.dm.scheduling.email.EmailJobTask
| Error sending e-mail: Mail server connection failed; nested exception is javax.mail.MessagingException: Can't send command to SMTP host;
nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake. Failed messages: javax.mail.MessagingException: Can't send command to SMTP host;
nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
org.springframework.mail.MailSendException: Mail server connection failed; nested exception is javax.mail.MessagingException: Can't send command to SMTP host;
nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake. Failed messages: javax.mail.MessagingException: Can't send command to SMTP host;
nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake; message exception details (1) are:
Failed message 1:
javax.mail.MessagingException: Can't send command to SMTP host;
nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
...
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
... 12 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
... 19 more
Environment
If you are on a release prior to 21.2.1, and upgrade to 21.2.1+, you may see this problem.
Cause
In 21.2.x we made a change to enable STARTTLS
Emails could not be sent securely if email server supported STARTTLS.
Resolution
For this issue do the following:
- Run: echo quit | openssl s_client -starttls smtp -connect <EMAILSERVERIP>:25 > certcheck.log
- Collect certcheck.log file for review
- Look in certcheck.log for: Server certificate -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----
- Copy from certcheck.log, lines starting from BEGIN line to END line into a new file: /tmp/email.cer
- Run: /opt/CA/jre/bin/keytool -import -file /tmp/email.cer -keystore /opt/CA/jre/lib/security/cacerts -storepass changeit -alias emailserver
- Answer "yes" when asked to trust cert.
- Run the following command and check for "emailserver" in the output to confirm the cert was added
- /opt/CA/jre/bin/keytool -list -v -keystore /opt/CA/jre/lib/security/cacerts -storepass changeit -alias emailserver
- Restart DM and PC service.
- Try sending an email.
Emails should now work. If they do not, do the following:
- Go to http://PC_HOST:8181/pc/center/admin/debug
- Login with admin user
- Follow the links to the Device Manager logging runtime configuration. Add/Update a logging category - enter the following names for categories and set the log level from INHERITED to TRACE, then click Add.
- com.ca.im.portal.dm.scheduling.email.EmailJobTask
- com.ca.im.portal.dm.scheduling.email.EmailJobScheduler
- com.ca.im.portal.api.services.scheduling.email.EmailJobManager
- Email another dashboard as a test and collect the /opt/CA/PerformanceCenter/DM/logs/DMService.log for further investigation
Additional Information
Note that if you have a configuration that may hit multiple mail servers such as a bank of mail servers behind a load balancer (you can only configure one mail server in DX Netops Performance Management) you must have the certificates from ALL the mail servers you may connect to. To do this you must repeat steps 4 and 5 above, using a different alias for each mail server, and making sure you copy the contents of certcheck.log to a new "cer" file name for each mail server
Additionally, you must have any related root/intermediate certificates if the mail server certificate is not self signed.
Feedback
