Configure external SMTP

Hello

I want to send mails when the rules are triggered, but I ran into the problem of sending mails as such.

I installed and configured SMTP Postfix on Centos7 (no problems here - mails are sent)

the problem is connecting external SMTP: via /opt/arcsight/manager/bin I run arcsight managersetup and there I choose external SMTP, where I enter smtp.gmail.com, after which I enter the address that will send the problem letters and the addresses that letters will be accepted.

This is where the automatic testing starts where I get a "Testing Outgoing e-mail

Error testing e-mail settings: Failed to test Email settings"

In the ArcSight Console for notofications, I write the following data in the destination group: From Address - o.quun.rf@gmail.com
Outgoing Mail Server - smtp.gmail.com

Account - o.quun.rf@gmail.com

Password: from App password

For destination:

Name, start/end time, type - email, email - o.quun.rf@gmail.com, user - admin

When I press test destination notification, then I get an error - send to 'Test' failed

Help please. Maybe I'm doing something wrong.

Thanks in advance

Bohdan
  • 0  

    add the following line to your /opt/arcsight/manager/config/server.properties file

    email.debug=true

    Then restart the manager service.  Try managersetup again and then check server.log and managerwizard.log This should provide you with more information.

    You could also try with another destination address (your corporate email) and see if that works.

    When done with your testing, remove that line from server.properties and restart manager to revert the extra logging.

  • 0 in reply to   

    Hi Dale

    I followed your advice, but I don't think I saw what I should have seen.

    There is no desired result either.

    Perhaps you have some advice on connecting an external SMTP server and setting up notifications and assignments that should theoretically work.

    I'm not sure I'm going in the right direction with solve my question.

    With best regards

    Bohdan

  • 0 in reply to   

    If you believe the log files, the problem is that there is no authentication on the smtp server.

    Here is the error:

    [2024-06-11 11:14:06,931][ERROR][default.com.arcsight.smtp.SMTPMailSender] error sending email via external server
    [2024-06-11 11:14:06,931][ERROR][default.com.arcsight.smtp.SMTPMailSender]
    [2024-06-11 11:14:06,931][ERROR][default.com.arcsight.smtp.SMTPMailSender]
    com.sun.mail.smtp.SMTPSendFailedException: 530-5.7.0 Authentication Required. For more information, go to
    530 5.7.0 support.google.com/.../ 4fb4d7f45d1cf-57c6c95bb33sm5719415a12.8 - gsmtp

    at com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:2249)
    at com.sun.mail.smtp.SMTPTransport.mailFrom(SMTPTransport.java:1740)
    at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:1239)
    at com.arcsight.smtp.e.a(e.java:52)
    at com.arcsight.smtp.SMTPMailSender.send(SMTPMailSender.java:58)
    at com.arcsight.notification.Email.sendMimeMessage(Email.java:633)
    at com.arcsight.notification.Email.sendEmail(Email.java:594)
    at com.arcsight.notification.NotificationServer.testDestination(NotificationServer.java:449)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.arcsight.server.ASXmlRpcHandler.execute(ASXmlRpcHandler.java:308)
    at helma.xmlrpc.StreamingXmlRpcServer$Worker.execute(Unknown Source)
    at helma.xmlrpc.StreamingXmlRpcServer.execute(Unknown Source)
    at helma.xmlrpc.StreamingXmlRpcServer.execute(Unknown Source)
    at com.arcsight.server.XmlRpcServlet.doPost2(XmlRpcServlet.java:482)
    at com.arcsight.server.XmlRpcServlet.doPost(XmlRpcServlet.java:370)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
    at com.arcsight.server.ah.service(ah.java:247)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:550)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1434)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1349)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:234)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
    at org.eclipse.jetty.server.Server.handle(Server.java:516)
    at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388)
    at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633)

    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
    at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
    at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555)
    at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410)
    at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
    at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
    at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:386)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
    at java.lang.Thread.run(Thread.java:750)


    But then the question arises - where should I perform this authentication, if when external smtp is connected via arcsight managersetup, it only asks for the SMTP Server[] and the addresses of the sender and recipient?

    I also tried making some changes to the server.properties file:

    mail.smtp.host=smtp.gmail.com
    mail.smtp.port=587
    mail.smtp.auth=true
    mail.smtp.starttls.enable=true
    mail.smtp.user=your-email@test.email
    mail.smtp.password=your-password-or-app-password

    But this also did not give a certain result.

  • Verified Answer

    +1   in reply to 

    If you have not done so yet please open a ticket with Support so someone can work with you on this.  You could also try testing from the command line by running:

    /opt/arcsight/manager/bin/arcsight -quiet emailsetuptest -servertype 2 -to <TO_EMAIL_ADDRESS> -a checksending -host <SMTP_HOST>  -preferIPv6 false  -- null

    You can see the different options for this command by running:

    [arcsight@changeme root]$ /opt/arcsight/manager/bin/arcsight emailsetuptest -h

     

    Assuming ARCSIGHT_HOME: /opt/arcsight/manager

    Assuming JAVA_HOME: /opt/arcsight/java/esm/current/jre

     

    Testing email Notifcation settings ...

     

    Email setup test - A tool to test email notification setup

    Version : 1.0

    Copyright (c) 2001-2023 Micro Focus or one of its affiliates.

    All rights reserved.

    Usage:  Email setup test <parameters>

     

    Required Parameters:

        -a <action>         The action to perform (checksending/checkreceiving)

        -preferIPv6 <preferIPv6> preferIPv6 true or false

     

    Optional Parameters:

        -host <host>        POP3/IMAP (localhost)

        -p <password>       The POP3/IMAP Server password

        -protocol <protocol> POP3/IMAP

        -server <server>    The POP3/IMAP server

        -servertype <servertype> servertype 1 for internal , 2 for external , 3 for external and internal as backup

        -to <to>            The email address to send email to.

        -u <user>           The POP3/IMAP Server user name

     

    Thanks,

    Dale