How to configure Nagios to send emails over TLS

[ssax]

Please follow this guide as that indicates sudoers issues:

https://support.nagios.com/kb/article.p ... ategory=44

Please do this as I'm seeing some sourceguardian loader errors:

PHP script '/usr/local/nagiosxi/html/includes/dbl.inc.php' is protected by SourceGuardian and requires a SourceGuardian loader 'ixed.7.4.lin' to be installed.

https://support.nagios.com/kb/article/n ... s-816.html

If that doesn't resolve it, try restarting the crond service, wait five minutes, and check again:

Code: Select all

service crond restart

Then send the output of this command:

Code: Select all

grep -R 'ixed' /etc/php*

[mccrakem]

Hi Sean

Yeah Nagios is reporting all green now but i am still seeing the message when trying to Download the System Profile

PROFILE BUILD FAILED

Array
(
)

CODE: 1

But I do see this on other systems so I am not that bother with this at the moment



The fix was this to get Nagios up and running correctly was the second link that you send
https://support.nagios.com/kb/article/n ... s-816.html



Now that we have nagios up and running again on this server can you let me know 2 things

How can I remove all this information from showing up when I send a Test email

2020-10-16 12:40:35 Connection: opening to wylbproductmail.pa-dev.knxa:25, timeout=300, options=array ()
2020-10-16 12:40:35 Connection: opened
2020-10-16 12:40:35 SMTP -> get_lines(): $data is ""
2020-10-16 12:40:35 SMTP -> get_lines(): $str is "220 wylbproductmail.pa-dev.knxa ESMTP Postfix"
2020-10-16 12:40:35 SERVER -> CLIENT: 220 wylbproductmail.pa-dev.knxa ESMTP Postfix
2020-10-16 12:40:35 CLIENT -> SERVER: EHLO dwylbopngios02
2020-10-16 12:40:35 SMTP -> get_lines(): $data is ""
2020-10-16 12:40:35 SMTP -> get_lines(): $str is "250-wylbproductmail.pa-dev.knxa"
2020-10-16 12:40:35 SMTP -> get_lines(): $data is "250-wylbproductmail.pa-dev.knxa"


Second
Can you tell me what I need to do to get emails to be sent successfully when I select the Security Option TLS in the EMail Settings Windows now that we have upgraded PHPMailer to version 7.4.11

Thanks

[ssax]

This should fix the profile build failed issue:

https://support.nagios.com/kb/article.p ... ategory=44

You can disable the PHP mailer debug output by following this guide (I would wait to do it until after you've enabled TLS):

https://support.nagios.com/kb/article/p ... g-820.html

The only other thing you'd need to do would be to set the proper port/security, like port 587 TLS in Admin > Email Settings.

[mccrakem]

Hi Sean

Thanks for the information but still having issues if you can help that would be great

When I goto Admin -> Email Settings
just changing the Port to 587

020-10-20 16:19:13 Connection: opening to wylbproductmail.pa-dev.knxa:587, timeout=300, options=array ()
2020-10-20 16:19:13 Connection: opened
2020-10-20 16:19:17 SMTP -> get_lines(): $data is ""
2020-10-20 16:19:17 SMTP -> get_lines(): $str is ""
2020-10-20 16:19:17 SERVER -> CLIENT:
2020-10-20 16:19:17 SMTP NOTICE: EOF caught while checking if connected
2020-10-20 16:19:17 Connection: closed
The following From address failed: [email protected] : Called MAIL FROM without being connected,,,SMTP server error: Called MAIL FROM without being connected




Having the Port at 587 and Selecting the TLS option

2020-10-20 16:21:18 Connection: opening to wylbproductmail.pa-dev.knxa:587, timeout=300, options=array ()
2020-10-20 16:21:18 Connection: opened
2020-10-20 16:21:22 SMTP -> get_lines(): $data is ""
2020-10-20 16:21:22 SMTP -> get_lines(): $str is ""
2020-10-20 16:21:22 SERVER -> CLIENT:
2020-10-20 16:21:22 SMTP NOTICE: EOF caught while checking if connected
2020-10-20 16:21:22 Connection: closed
SMTP Error: Could not connect to SMTP host.
SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/ ... leshooting





To the Individual Servers I get the following message which is something I would except as the Certificate is created with the VIP name

2020-10-20 16:36:05 Connection: opening to dwylbopemail03.ops-dev.pa-dev.knxa:587, timeout=300, options=array ()
2020-10-20 16:36:05 Connection: opened
2020-10-20 16:36:05 SMTP -> get_lines(): $data is ""
2020-10-20 16:36:05 SMTP -> get_lines(): $str is "220 wylbproductmail.pa-dev.knxa ESMTP Postfix"
2020-10-20 16:36:05 SERVER -> CLIENT: 220 wylbproductmail.pa-dev.knxa ESMTP Postfix
2020-10-20 16:36:05 CLIENT -> SERVER: EHLO dwylbopngios02
2020-10-20 16:36:05 SMTP -> get_lines(): $data is ""
2020-10-20 16:36:05 SMTP -> get_lines(): $str is "250-wylbproductmail.pa-dev.knxa"
2020-10-20 16:36:05 SMTP -> get_lines(): $data is "250-wylbproductmail.pa-dev.knxa"
2020-10-20 16:36:05 SMTP -> get_lines(): $str is "250-PIPELINING"
2020-10-20 16:36:05 SMTP -> get_lines(): $data is "250-wylbproductmail.pa-dev.knxa250-PIPELINING"
2020-10-20 16:36:05 SMTP -> get_lines(): $str is "250-SIZE 20480000"
2020-10-20 16:36:05 SMTP -> get_lines(): $data is "250-wylbproductmail.pa-dev.knxa250-PIPELINING250-SIZE 20480000"
2020-10-20 16:36:05 SMTP -> get_lines(): $str is "250-VRFY"
2020-10-20 16:36:05 SMTP -> get_lines(): $data is "250-wylbproductmail.pa-dev.knxa250-PIPELINING250-SIZE 20480000250-VRFY"
2020-10-20 16:36:05 SMTP -> get_lines(): $str is "250-ETRN"
2020-10-20 16:36:05 SMTP -> get_lines(): $data is "250-wylbproductmail.pa-dev.knxa250-PIPELINING250-SIZE 20480000250-VRFY250-ETRN"
2020-10-20 16:36:05 SMTP -> get_lines(): $str is "250-STARTTLS"
2020-10-20 16:36:05 SMTP -> get_lines(): $data is "250-wylbproductmail.pa-dev.knxa250-PIPELINING250-SIZE 20480000250-VRFY250-ETRN250-STARTTLS"
2020-10-20 16:36:05 SMTP -> get_lines(): $str is "250-ENHANCEDSTATUSCODES"
2020-10-20 16:36:05 SMTP -> get_lines(): $data is "250-wylbproductmail.pa-dev.knxa250-PIPELINING250-SIZE 20480000250-VRFY250-ETRN250-STARTTLS250-ENHANCEDSTATUSCODES"
2020-10-20 16:36:05 SMTP -> get_lines(): $str is "250-8BITMIME"
2020-10-20 16:36:05 SMTP -> get_lines(): $data is "250-wylbproductmail.pa-dev.knxa250-PIPELINING250-SIZE 20480000250-VRFY250-ETRN250-STARTTLS250-ENHANCEDSTATUSCODES250-8BITMIME"
2020-10-20 16:36:05 SMTP -> get_lines(): $str is "250 DSN"
2020-10-20 16:36:05 SERVER -> CLIENT: 250-wylbproductmail.pa-dev.knxa250-PIPELINING250-SIZE 20480000250-VRFY250-ETRN250-STARTTLS250-ENHANCEDSTATUSCODES250-8BITMIME250 DSN
2020-10-20 16:36:05 CLIENT -> SERVER: STARTTLS
2020-10-20 16:36:05 SMTP -> get_lines(): $data is ""
2020-10-20 16:36:05 SMTP -> get_lines(): $str is "220 2.0.0 Ready to start TLS"
2020-10-20 16:36:05 SERVER -> CLIENT: 220 2.0.0 Ready to start TLS
2020-10-20 16:36:05 Connection failed. Error #2: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed [/usr/local/nagiosxi/html/includes/phpmailer/class.smtp.php line 374]
SMTP Error: Could not connect to SMTP host.
2020-10-20 16:36:05 CLIENT -> SERVER: QUIT
2020-10-20 16:36:05 SMTP -> get_lines(): $data is ""
2020-10-20 16:36:05
2020-10-20 16:36:05
2020-10-20 16:36:05
2020-10-20 16:36:05
2020-10-20 16:36:05
2020-10-20 16:36:05
2020-10-20 16:36:05
2020-10-20 16:36:05
2020-10-20 16:36:05
2020-10-20 16:36:05 Connection: closed
SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/ ... leshooting

[mccrakem]

Hi Sean not sure if this helps but should have added it

/bin/mailx -S smtps=wylbproductmail.pa-dev.knxa -s "sending email from internal Servers " EMAIL ADDRESS < /dev/null

This works and if I am not mistaken smtps works over port 587

Thanks

[cdienger]

I assume that under Admin > System Config > Email Settings > Outbound > SMTP Settings > Security, TLS is selected, but can you confirm? Try testing with the option set to SSL. With SSL selected it should still negotiate TLS first and fail over to SSL if TLS fails.

[mccrakem]

Hi

When SSL is Selected and Port 587 configured

2020-10-22 13:26:58 Connection: opening to ssl://wylbproductmail.pa-dev.knxa:587, timeout=300, options=array ()
2020-10-22 13:27:02 Connection failed. Error #2: stream_socket_client(): SSL: Connection reset by peer [/usr/local/nagiosxi/html/includes/phpmailer/class.smtp.php line 298]
2020-10-22 13:27:02 Connection failed. Error #2: stream_socket_client(): Failed to enable crypto [/usr/local/nagiosxi/html/includes/phpmailer/class.smtp.php line 298]
2020-10-22 13:27:02 Connection failed. Error #2: stream_socket_client(): unable to connect to ssl://wylbproductmail.pa-dev.knxa:587 (Unknown error) [/usr/local/nagiosxi/html/includes/phpmailer/class.smtp.php line 298]
2020-10-22 13:27:02 SMTP ERROR: Failed to connect to server: (0)
SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/ ... leshooting


When SSL is selected and Port 25 is configured

2020-10-22 13:28:10 Connection: opening to ssl://wylbproductmail.pa-dev.knxa:25, timeout=300, options=array ()
2020-10-22 13:28:10 Connection failed. Error #2: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol [/usr/local/nagiosxi/html/includes/phpmailer/class.smtp.php line 298]
2020-10-22 13:28:10 Connection failed. Error #2: stream_socket_client(): Failed to enable crypto [/usr/local/nagiosxi/html/includes/phpmailer/class.smtp.php line 298]
2020-10-22 13:28:10 Connection failed. Error #2: stream_socket_client(): unable to connect to ssl://wylbproductmail.pa-dev.knxa:25 (Unknown error) [/usr/local/nagiosxi/html/includes/phpmailer/class.smtp.php line 298]
2020-10-22 13:28:10 SMTP ERROR: Failed to connect to server: (0)
SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/ ... leshooting

[ssax]

Please create a ticket for this and include a link back to this forum thread so we can get a remote session setup to debug further:

https://support.nagios.com/tickets/

Thank you!