opensearch-project
[FEATURE] Enable SMTP auth feature even with no Encryption is set (PORT 25)
Is your feature request related to a problem? A clear and concise description of what the problem is, e.g. I'm always frustrated when [...] Hello We have local SMTP server without TLS/SSL verification, but with user/password authentification, which we want to use for alerting and notifications. But, we are unable to use it, because notification plugins seems to use auth method only when SSL or TLS is enabled in SMTP sender's Encryption method. But in our case, we set it to "None". Even after adding key/values to keystore according to the Doc: https://opensearch.org/docs/latest/observing-your-data/notifications/index/#authenticate-sender-account Test message fails with 575 server response - sender authentification required.
[2023-08-02T07:48:29,698][INFO ][o.o.n.s.SendMessageActionHelper] [opensearch-cluster-master-0] notifications:sendMessage:statusCode=502, statusText=sendEmail Error, status:575 <sender@email> sender should authenticate
[2023-08-02T07:48:29,698][INFO ][o.o.n.s.SendMessageActionHelper] [opensearch-cluster-master-0] notifications:ONCnrIkBk2OPKBToPl2S:statusCode=502, statusText=sendEmail Error, status:575 <sender@email> sender should authenticate
[2023-08-02T07:48:29,698][WARN ][o.o.n.a.PluginBaseAction ] [opensearch-cluster-master-0] notifications:OpenSearchStatusException:
org.opensearch.OpenSearchStatusException: {"event_status_list": [{"config_id":"vms4tYkBd1wIiA9RPaJ_","config_type":"email","config_name":"temp-Main_alerting","email_recipient_status":[{"recipient":"<recipientr@email>","delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 <sender@email> sender should authenticate\n"}}],"delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 <sender@email> sender should authenticate\n"}}]}
at org.opensearch.notifications.send.SendMessageActionHelper.executeRequest(SendMessageActionHelper.kt:99) ~[?:?]
at org.opensearch.notifications.send.SendMessageActionHelper$executeRequest$1.invokeSuspend(SendMessageActionHelper.kt) ~[?:?]
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) [kotlin-stdlib-1.6.10.jar:1.6.10-release-923(1.6.10)]
at kotlinx.coroutines.internal.ScopeCoroutine.afterResume(Scopes.kt:32) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
at kotlinx.coroutines.AbstractCoroutine.resumeWith(AbstractCoroutine.kt:113) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:46) [kotlin-stdlib-1.6.10.jar:1.6.10-release-923(1.6.10)]
at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
[2023-08-02T07:48:29,700][ERROR][o.o.n.a.SendTestNotificationAction] [opensearch-cluster-master-0] notifications:SendTestNotificationAction-send Error:OpenSearchStatusException[{"event_status_list": [{"config_id":"vms4tYkBd1wIiA9RPaJ_","config_type":"email","config_name":"temp-Main_alerting","email_recipient_status":[{"recipient":"<recipientr@email>","delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 <sender@email> sender should authenticate\n"}}],"delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 <sender@email> sender should authenticate\n"}}]}]
[2023-08-02T07:48:29,700][WARN ][r.suppressed ] [opensearch-cluster-master-0] path: /_plugins/_notifications/feature/test/vms4tYkBd1wIiA9RPaJ_, params: {config_id=vms4tYkBd1wIiA9RPaJ_}
org.opensearch.OpenSearchStatusException: {"event_status_list": [{"config_id":"vms4tYkBd1wIiA9RPaJ_","config_type":"email","config_name":"temp-Main_alerting","email_recipient_status":[{"recipient":"<recipientr@email>","delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 <sender@email> sender should authenticate\n"}}],"delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 <sender@email> sender should authenticate\n"}}]}
at org.opensearch.notifications.send.SendMessageActionHelper.executeRequest(SendMessageActionHelper.kt:99) ~[?:?]
at org.opensearch.notifications.send.SendMessageActionHelper$executeRequest$1.invokeSuspend(SendMessageActionHelper.kt) ~[?:?]
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) [kotlin-stdlib-1.6.10.jar:1.6.10-release-923(1.6.10)]
at kotlinx.coroutines.internal.ScopeCoroutine.afterResume(Scopes.kt:32) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
at kotlinx.coroutines.AbstractCoroutine.resumeWith(AbstractCoroutine.kt:113) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:46) [kotlin-stdlib-1.6.10.jar:1.6.10-release-923(1.6.10)]
at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
On the test server WITHOUT authentification - messages are successfully received without adding the in a keystore.
In plugin code i found these lines:
when (smtpDestination.method) {
"ssl" -> prop["mail.smtp.ssl.enable"] = true
"start_tls" -> prop["mail.smtp.starttls.enable"] = true
"none" -> {
}
else -> throw IllegalArgumentException("Invalid method supplied")
}
if (smtpDestination.method != "none") {
val secureDestinationSetting = getSecureDestinationSetting(smtpDestination)
if (secureDestinationSetting != null) {
prop["mail.smtp.auth"] = true
session = Session.getInstance(
prop,
object : Authenticator() {
override fun getPasswordAuthentication(): PasswordAuthentication {
return PasswordAuthentication(
secureDestinationSetting.emailUsername.toString(),
secureDestinationSetting.emailPassword.toString()
)
}
}
)
}
}
What solution would you like? Add feature to use auth methods even while SSL/TLS are NOT set. Maybe some checkbox, or user/pass auth in Encryption method.
What alternatives have you considered? Use webhooks and set up gateway sender to forward emails.
Do you have any additional context? No.
@Hamster-Bob thanks for opening this issue, the requirement looks reasonable, could you help to make some code change and open a PR for it?
Hi @gaobinlong, Sorry, but I'm really bad at programming. I've tried to edit/repack Java of notification plugin or rebuild local repo with gradlew, to change method evaluation. But it, seems to be, beyond my skills :(
I'll look into allowing user/password authentification without SSL or TLS
