New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] Don't connect to STMP server using TLS unless configured. #7189
Comments
I would like to let you know that we are patiently waiting for this bug to be fixed. Given our infrastructure, we will only be able to send e-mails without TLS authentication. We know you are working hard, so this is just to let you know that it would really help us if this is implemented and that we are hoping that it will make the 4.3.0 milestone! 👍 |
Just like @vanduijnjordi we are too waiting for this as we are setup not to use TLS auth. This is preventing us from setting up alerts that send emails. |
we are unable to replicate this with any SMTP server we are testing with. Tested port 25 (no TLS setup) with |
I am getting related error for test send email updated to server name and got below t=2017-05-10T10:32:13-0400 lvl=eror msg="Failed to send alert notification email" logger=alerting.notifier.email error="x509: certificate signed by unknown authority" |
@systems1 This sounds like you are using a self signed certificate. If this is being used internally with no risk of a MITM (Man in the middle) attack then try this:
|
I am also experiencing this issue. We are using an internal smtp relay which does not require authentication. We specify the HOST and usually provide some non-existent email address for the FROM_ADDRESS. We have SKIP_VERIFY=true. The error from Grafana is "TLS not available due to local problem". On the mail relay server, the error is "lost connection after STARTTLS from unknown". We are using the Grafana 4.2.0 docker image. |
Yes, we have the same problem on grafana 4.3.1 grafana.log: SMTP config: |
I just chased this down, my server is having the same issue with my one LAN using a mail forwarder to my primary server. TLS appears to be enabled always following this implementation, if I'm reading this correctly you can never use SMTP without TLS: So, choosing to enable skip_verify doesn't help us because that still requires the use of TLS cert, but just allows one to use a self signed rather than one from a CA. I just resolved this on the LAN's postfix forwarder with the following. Update grafana to send an email via a mail server with a self signed cert:
Update the postfix install on the mail-forwarder box with a self signed cert:
Next update the postfix configs:
Restart grafana-server and postfix and then send yourself a test message. Cheers. I really hope this gets fixed, the default settings makes it appear that we are able to use SMTP over tcp/25 without encryption. |
Strange, we tested against port 25 without tls, works fine., issue is I think if the SMTP server cannot handle the test to upgrade the connection |
Still have the same problem with last version, should be reopened ?
Smtp config:
|
Bug in gomail fix here go-gomail/gomail#107 |
@sergeylanzman thank you for letting us know. Unfortunately I don't think we have time to fix this before 5.0 |
seems to be fixed in the new fork https://github.com/go-mail/mail/blob/v2/smtp.go#L87 |
gomail is missing a maintainer so we are switching to an active fork ref go-gomail/gomail#108 closes grafana#7189
Hello! Checked on Grafana 5.1.3 - used rpm on CentOS 6, grafana still sends STARTLS. Config is: [smtp] |
Hi, I have the same issue here using the 5.2.1 docker build. Settings set via env variable should result in the following configuration:
grafana log the following errors:
And postfix log the following errors:
|
This configuration worked fine for me!
Grafana Server version:
|
Grafana seems to lack these settings for email alerts: We need these settings because Grafana cannot send any emails when using MS Exchange mailer. |
@gdcrocx thanks for your suggestion, it has helped! |
Hi, still seem to be hitting this bug Config (helm chart):
Log Error: |
same issue here with version grafana-server -v |
I tried to downgrade to the version this version 6.0.2 , still the same error: t=2020-04-01T10:55:46+0000 lvl=info msg="Sending alert notification to" logger=alerting.notifier.email addresses=[sasa.asa@sassss.com] |
I hope I'm not adding to the noise but I just stumbled upon this so I figured I'd share my issue and solution for anyone in the same situation. I'm using Exim4 in smarthost mode, outbound only, no local mail. I didn't generate a certificate and I could send a test mail using the mailx command. However, when sending a mail from Grafana, I got this error in exim logs:
Grafana accepts a self-signed certificate thanks to the skip_verify config parameter, but it still requires a certificate. I generated a self-signed certificate using the command found in the Debian docs:
(Since it is only local, I left all the fields blank.) And now it works. So unless I'm misunderstanding something and my exim config is wrong, this should be the way to go. Edit I do have another VM with a similar exim config with no cert. I don't even need the |
It should be possible to send emails to an SMTP server that doesn't require TLS connections.
ref #7116
The text was updated successfully, but these errors were encountered: