alertmanager: [Bug] smtp.icoremail.net:465 fail to send mail alert due to 'does not advertise the STARTTLS extension'
Here is my config:
global:
resolve_timeout: 15s
route:
receiver: 'slack-notifications'
group_wait: 10s
group_interval: 1m
repeat_interval: 4h
group_by: ["alertname", "instance"]
routes:
- receiver: 'email'
group_by: ['alertname', 'cluster', 'instance']
receivers:
- name: slack-notifications
slack_configs:
- send_resolved: true
api_url: https://hooks.slack.com/services/adadadad123123xxxxxxxx
channel: '#alert'
text: '{{ template "slack.text" . }}'
- name: 'email'
email_configs:
- to: '123@it.com'
send_resolved: true
require_tls: true
from: 123@it.com
smarthost: smtp.icoremail.net:465
auth_username: 123@it.com
auth_password: xxxx
html: '{{ template "email.test.html" . }}'
headers: { Subject: "[Alert] Prometheus Alert Email" }
templates:
- '/etc/alertmanager/templates/alertText.tmpl'
- '/etc/alertmanager/templates/alertEmail.tmpl'
Then start service It could not send alert mail with following error:
time=“2017-09-08T08:46:47Z” level=error msg=“Error on notify: require_tls: true (default), but “smtp.icoremail.net:465” does not advertise the STARTTLS extension” source=“notify.go:283” time=“2017-09-08T08:46:47Z” level=error msg=“Notify for 1 alerts failed: require_tls: true (default), but “smtp.icoremail.net:465” does not advertise the STARTTLS extension” source=“dispatch.go:262”
So, i modify require_tls to false, so I receive message error like
time=“2017-09-08T08:29:52Z” level=error msg=“Error on notify: *smtp.plainAuth failed: wrong host name” source=“notify.go:283” time=“2017-09-08T08:29:52Z” level=error msg=“Notify for 1 alerts failed: *smtp.plainAuth failed: wrong host name” source=“dispatch.go:262”
When changed to gmail , no error , no exception happened. so , I wander does it not supporting icoremail ?
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Reactions: 5
- Comments: 21 (7 by maintainers)
Commits related to this issue
- Update wifi stats to support multiple stations (#977) (#980) Signed-off-by: neiledgar <neil.edgar@btinternet.com> — committed to ii/alertmanager by neiledgar 6 years ago
@linux-xiayun
Replace the
username,companyandpasswordto your mail account info.RFC 8314 requires that SMTP connections to port 465 use TLS (not STARTTLS). STARTTLS on 587 should still be supported but is deprecated.
PLAIN auth was fixed in 352b2ae0 (released in v0.16.0) which allows forced TLS via port 465 to work. It should be possible to use port 465 now.
require_tls(or the globalsmtp_require_tls) must be set to false to avoid alertmanager attempting STARTTLS. This configuration interaction with forced TLS (port 465) probably should be cleaned up since it’s counter intuitive.Tencent mail can work normally using port 587
@ilyache thank you! I spent another 2 hours to find this, turns out to be AWS access keys will not work here. We need to create SMTP credentials from AWS Console which is similar to AWS access keys.
If someone is interested by this issue, he/she may test #1591 (build artifacts are available here).
Using port 465 enters a hardcoded path that attempts to use TLS:
https://github.com/prometheus/alertmanager/blob/master/notify/impl.go#L275-L285
For historical reasons, this port is supported with SSL but port 587 should be used instead if possible.
See the post here: http://blog.mailgun.com/25-465-587-what-port-should-i-use/