Event Alerts timeout when sending email
Article ID: 297460
Updated On:
Products
VMware Tanzu Application Service for VMs
Issue/Introduction
You are experiencing a server timeout issue when using the command below and you have configured Event Alerts to use SMTP and TLS.
cf eva-create-target mail-aptbox email test@testemail Creating email target 'mail-aptbox' as admin... FAILED Unable to create target: could not send verification email to 'test@testemail': failed to send to email target mail-aptbox: server timeout
For example, you have checked the "Enable TLS" box and configured port 465:
Resolution
1. Go to the system org and event-alerts space. Check for recent logs to see if there are any 500 errors reported.
2. Check connectivity to your SMTP server. Use bosh ssh to SSH to one of your Diego Cells and run the following commands:
If the command hangs or fails, then traffic is not being allowed to your SMTP server on the given port.
Note: Ports will vary, but they are often port 25, 587 or 2587.
If the above command does not work, you can also run the openssl s_client command, where port-no is your SMTP port.
This will also confirm that the port is open and you are able to connect. In addition, it will perform TLS negotiation so you can validate that there are no certificate related trust issues. You should see lines similar to, Verify return code: 0 (ok) and 250 AUTH=PLAIN LOGIN. These indicate that the connection was made, TLS was negotiated, and you are able to start speaking the SMTP protocol.
3. If you are still having issues, please make sure that your SMTP server is configured to use STARTTLS, and is not expecting a direct TLS/SSL connection to be used.
There are two different ways to encrypt communications when using SMTP:
Note: Using the TLS wrapper/port 465 is not supported with the Event Alerts tile. This is due to the underlying Golang net/smtp library's lack of support for this functionality. Your SMTP server must support STARTTLS and you must configure the Event Alerts tile to use a port which accepts STARTTLS.
cf target -o system -s event-alerts
cf logs event-alerts --recent
2. Check connectivity to your SMTP server. Use bosh ssh to SSH to one of your Diego Cells and run the following commands:
diego_cell/08f4ef1d-ffce-46be-ae67-0d72793d5c59:~$ nc -v your-smtp-host.example.com <port-no> Connection to your-smtp-host.example.com port [tcp/urd] succeeded!
If the command hangs or fails, then traffic is not being allowed to your SMTP server on the given port.
Note: Ports will vary, but they are often port 25, 587 or 2587.
If the above command does not work, you can also run the openssl s_client command, where port-no is your SMTP port.
openssl s_client -starttls smtp -connect smtp.sendgrid.com:port-no
This will also confirm that the port is open and you are able to connect. In addition, it will perform TLS negotiation so you can validate that there are no certificate related trust issues. You should see lines similar to, Verify return code: 0 (ok) and 250 AUTH=PLAIN LOGIN. These indicate that the connection was made, TLS was negotiated, and you are able to start speaking the SMTP protocol.
3. If you are still having issues, please make sure that your SMTP server is configured to use STARTTLS, and is not expecting a direct TLS/SSL connection to be used.
There are two different ways to encrypt communications when using SMTP:
a. The first is to connect over a plain text and issue the STARTTLS command. This will then upgrade your connection to use TLS and be secure.
b. The other option is to connect and directly negotiate a TLS connection, which wraps the entire connection in TLS, similar to HTTPS. STARTTLS is often done on ports 25, 587 or 2587. A TLS wrapper is often done on port 465.
b. The other option is to connect and directly negotiate a TLS connection, which wraps the entire connection in TLS, similar to HTTPS. STARTTLS is often done on ports 25, 587 or 2587. A TLS wrapper is often done on port 465.
Note: Using the TLS wrapper/port 465 is not supported with the Event Alerts tile. This is due to the underlying Golang net/smtp library's lack of support for this functionality. Your SMTP server must support STARTTLS and you must configure the Event Alerts tile to use a port which accepts STARTTLS.
Feedback
Yes
No
Powered by
