Not able to send emails with watcher

I’m trying to send an email using watcher but it’s failing to send an email with the following error, we don’t use TLS and need STARTTLS.

Additionally, where do I need to specify my mail host as a trusted host, in x-pack, you specify as a ssl.trust but did not found anything with SearchGuard. (Tried adding host in TrustedHost section in Search Guard Signals/Accounts but did not work)

[2020-11-10T15:14:22,556][WARN ][c.f.s.e.WatchRunner ] [dc-els-pr-fld02] Error while executing EmailAction myemail of alert-error-500
com.floragunn.signals.execution.ActionExecutionException: Error while sending mail: Third party error
at com.floragunn.signals.watch.action.handlers.email.EmailAction.execute(EmailAction.java:132) ~[search-guard-suite-signals-7.9.2-45.1.0.jar:7.9.2-45.1.0]
at com.floragunn.signals.watch.action.invokers.ActionInvoker.execute(ActionInvoker.java:53) ~[search-guard-suite-signals-7.9.2-45.1.0.jar:7.9.2-45.1.0]
at com.floragunn.signals.execution.WatchRunner.executeActions(WatchRunner.java:404) [search-guard-suite-signals-7.9.2-45.1.0.jar:7.9.2-45.1.0]
at com.floragunn.signals.execution.WatchRunner.execute(WatchRunner.java:160) [search-guard-suite-signals-7.9.2-45.1.0.jar:7.9.2-45.1.0]
at com.floragunn.signals.execution.WatchRunner.execute(WatchRunner.java:126) [search-guard-suite-signals-7.9.2-45.1.0.jar:7.9.2-45.1.0]
at com.floragunn.searchsupport.jobs.execution.AuthorizingJobDecorator.execute(AuthorizingJobDecorator.java:37) [search-guard-suite-scheduler-7.9.2-45.1.0.jar:7.9.2-45.1.0]
at org.quartz.core.JobRunShell.run(JobRunShell.java:202) [quartz-2.3.2.jar:?]
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) [quartz-2.3.2.jar:?]
Caused by: org.simplejavamail.mailer.internal.mailsender.MailSenderException: Third party error
at org.simplejavamail.mailer.internal.mailsender.MailSender.sendMailClosure(MailSender.java:283) ~[simple-java-mail-5.2.1.jar:?]
at org.simplejavamail.mailer.internal.mailsender.MailSender.send(MailSender.java:211) ~[simple-java-mail-5.2.1.jar:?]
at org.simplejavamail.mailer.Mailer.sendMail(Mailer.java:240) ~[simple-java-mail-5.2.1.jar:?]
at org.simplejavamail.mailer.Mailer.sendMail(Mailer.java:231) ~[simple-java-mail-5.2.1.jar:?]
at com.floragunn.signals.watch.action.handlers.email.SignalsMailer$1.run(SignalsMailer.java:70) ~[search-guard-suite-signals-7.9.2-45.1.0.jar:7.9.2-45.1.0]
at com.floragunn.signals.watch.action.handlers.email.SignalsMailer$1.run(SignalsMailer.java:63) ~[search-guard-suite-signals-7.9.2-45.1.0.jar:7.9.2-45.1.0]
at java.security.AccessController.doPrivileged(AccessController.java:554) ~[?:?]
at com.floragunn.signals.watch.action.handlers.email.SignalsMailer.sendMail(SignalsMailer.java:63) ~[search-guard-suite-signals-7.9.2-45.1.0.jar:7.9.2-45.1.0]
at com.floragunn.signals.watch.action.handlers.email.EmailAction.execute(EmailAction.java:125) ~[search-guard-suite-signals-7.9.2-45.1.0.jar:7.9.2-45.1.0]
… 7 more
Caused by: javax.mail.MessagingException: Could not convert socket to TLS
at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:2131) ~[jakarta.mail-1.6.3.jar:1.6.3]
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:728) ~[jakarta.mail-1.6.3.jar:1.6.3]
at javax.mail.Service.connect(Service.java:342) ~[jakarta.mail-1.6.3.jar:1.6.3]
at javax.mail.Service.connect(Service.java:222) ~[jakarta.mail-1.6.3.jar:1.6.3]
at javax.mail.Service.connect(Service.java:171) ~[jakarta.mail-1.6.3.jar:1.6.3]
at org.simplejavamail.mailer.internal.mailsender.MailSender.sendMailClosure(MailSender.java:265) ~[simple-java-mail-5.2.1.jar:?]
at org.simplejavamail.mailer.internal.mailsender.MailSender.send(MailSender.java:211) ~[simple-java-mail-5.2.1.jar:?]
at org.simplejavamail.mailer.Mailer.sendMail(Mailer.java:240) ~[simple-java-mail-5.2.1.jar:?]
at org.simplejavamail.mailer.Mailer.sendMail(Mailer.java:231) ~[simple-java-mail-5.2.1.jar:?]
at com.floragunn.signals.watch.action.handlers.email.SignalsMailer$1.run(SignalsMailer.java:70) ~[search-guard-suite-signals-7.9.2-45.1.0.jar:7.9.2-45.1.0]
at com.floragunn.signals.watch.action.handlers.email.SignalsMailer$1.run(SignalsMailer.java:63) ~[search-guard-suite-signals-7.9.2-45.1.0.jar:7.9.2-45.1.0]
at java.security.AccessController.doPrivileged(AccessController.java:554) ~[?:?]
at com.floragunn.signals.watch.action.handlers.email.SignalsMailer.sendMail(SignalsMailer.java:63) ~[search-guard-suite-signals-7.9.2-45.1.0.jar:7.9.2-45.1.0]
at com.floragunn.signals.watch.action.handlers.email.EmailAction.execute(EmailAction.java:125) ~[search-guard-suite-signals-7.9.2-45.1.0.jar:7.9.2-45.1.0]
… 7 more
Caused by: java.io.IOException: Can’t verify identity of server: mail.domain.com
at com.sun.mail.util.SocketFetcher.checkServerIdentity(SocketFetcher.java:673) ~[jakarta.mail-1.6.3.jar:1.6.3]
at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:610) ~[jakarta.mail-1.6.3.jar:1.6.3]
at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:529) ~[jakarta.mail-1.6.3.jar:1.6.3]
at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:2126) ~[jakarta.mail-1.6.3.jar:1.6.3]
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:728) ~[jakarta.mail-1.6.3.jar:1.6.3]
at javax.mail.Service.connect(Service.java:342) ~[jakarta.mail-1.6.3.jar:1.6.3]
at javax.mail.Service.connect(Service.java:222) ~[jakarta.mail-1.6.3.jar:1.6.3]
at javax.mail.Service.connect(Service.java:171) ~[jakarta.mail-1.6.3.jar:1.6.3]
at org.simplejavamail.mailer.internal.mailsender.MailSender.sendMailClosure(MailSender.java:265) ~[simple-java-mail-5.2.1.jar:?]
at org.simplejavamail.mailer.internal.mailsender.MailSender.send(MailSender.java:211) ~[simple-java-mail-5.2.1.jar:?]
at org.simplejavamail.mailer.Mailer.sendMail(Mailer.java:240) ~[simple-java-mail-5.2.1.jar:?]
at org.simplejavamail.mailer.Mailer.sendMail(Mailer.java:231) ~[simple-java-mail-5.2.1.jar:?]
at com.floragunn.signals.watch.action.handlers.email.SignalsMailer$1.run(SignalsMailer.java:70) ~[search-guard-suite-signals-7.9.2-45.1.0.jar:7.9.2-45.1.0]
at com.floragunn.signals.watch.action.handlers.email.SignalsMailer$1.run(SignalsMailer.java:63) ~[search-guard-suite-signals-7.9.2-45.1.0.jar:7.9.2-45.1.0]
at java.security.AccessController.doPrivileged(AccessController.java:554) ~[?:?]
at com.floragunn.signals.watch.action.handlers.email.SignalsMailer.sendMail(SignalsMailer.java:63) ~[search-guard-suite-signals-7.9.2-45.1.0.jar:7.9.2-45.1.0]
at com.floragunn.signals.watch.action.handlers.email.EmailAction.execute(EmailAction.java:125) ~[search-guard-suite-signals-7.9.2-45.1.0.jar:7.9.2-45.1.0]
… 7 more
[2020-11-10T15:14:22,559][INFO ][c.f.s.e.WatchRunner ] [dc-els-pr-fld02] Finished alert-error-500: ACTION_FAILED All actions failed

Can you please provide the exact mail account configuration you are using?

Did you try the options enable_start_tls and trusted_hosts?

Hi cstaley,

Yes, I tried with enable_start_tls and trusted_hosts but I don’t want to use TLS for this, as this is going to be internal only. Even when I disabled the TLS it still tries to connect on TLS, do I need to reset to restart anything?

Here is the actual config I used to create this account

PUT /_signals/account/email/default
{
    "host": "mail.domain.com",
    "port": 25,
    "enable_tls": false,
    "enable_start_tls": false,
    "trusted_hosts": "mail.domain.com"
}

No, there should be no need to restart anything.

Can you provide the logs of the error when you completely disabled TLS?

BTW, trusted_hosts won’t have any effect when TLS is disabled.