Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FEATURE] Enable SMTP auth feature even with no Encryption is set (PORT 25) #733

Open
Hamster-Bob opened this issue Aug 2, 2023 · 4 comments
Assignees
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@Hamster-Bob
Copy link

Is your feature request related to a problem?
A clear and concise description of what the problem is, e.g. I'm always frustrated when [...]
Hello
We have local SMTP server without TLS/SSL verification, but with user/password authentification, which we want to use for alerting and notifications.
But, we are unable to use it, because notification plugins seems to use auth method only when SSL or TLS is enabled in SMTP sender's Encryption method. But in our case, we set it to "None".
Even after adding key/values to keystore according to the Doc:
https://opensearch.org/docs/latest/observing-your-data/notifications/index/#authenticate-sender-account
Test message fails with 575 server response - sender authentification required.

[2023-08-02T07:48:29,698][INFO ][o.o.n.s.SendMessageActionHelper] [opensearch-cluster-master-0] notifications:sendMessage:statusCode=502, statusText=sendEmail Error, status:575 <sender@email> sender should authenticate

[2023-08-02T07:48:29,698][INFO ][o.o.n.s.SendMessageActionHelper] [opensearch-cluster-master-0] notifications:ONCnrIkBk2OPKBToPl2S:statusCode=502, statusText=sendEmail Error, status:575 <sender@email> sender should authenticate

[2023-08-02T07:48:29,698][WARN ][o.o.n.a.PluginBaseAction ] [opensearch-cluster-master-0] notifications:OpenSearchStatusException:
org.opensearch.OpenSearchStatusException: {"event_status_list": [{"config_id":"vms4tYkBd1wIiA9RPaJ_","config_type":"email","config_name":"temp-Main_alerting","email_recipient_status":[{"recipient":"<recipientr@email>","delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 <sender@email> sender should authenticate\n"}}],"delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 <sender@email> sender should authenticate\n"}}]}
        at org.opensearch.notifications.send.SendMessageActionHelper.executeRequest(SendMessageActionHelper.kt:99) ~[?:?]
        at org.opensearch.notifications.send.SendMessageActionHelper$executeRequest$1.invokeSuspend(SendMessageActionHelper.kt) ~[?:?]
        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) [kotlin-stdlib-1.6.10.jar:1.6.10-release-923(1.6.10)]
        at kotlinx.coroutines.internal.ScopeCoroutine.afterResume(Scopes.kt:32) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.AbstractCoroutine.resumeWith(AbstractCoroutine.kt:113) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:46) [kotlin-stdlib-1.6.10.jar:1.6.10-release-923(1.6.10)]
        at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
[2023-08-02T07:48:29,700][ERROR][o.o.n.a.SendTestNotificationAction] [opensearch-cluster-master-0] notifications:SendTestNotificationAction-send Error:OpenSearchStatusException[{"event_status_list": [{"config_id":"vms4tYkBd1wIiA9RPaJ_","config_type":"email","config_name":"temp-Main_alerting","email_recipient_status":[{"recipient":"<recipientr@email>","delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 <sender@email> sender should authenticate\n"}}],"delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 <sender@email> sender should authenticate\n"}}]}]
[2023-08-02T07:48:29,700][WARN ][r.suppressed             ] [opensearch-cluster-master-0] path: /_plugins/_notifications/feature/test/vms4tYkBd1wIiA9RPaJ_, params: {config_id=vms4tYkBd1wIiA9RPaJ_}
org.opensearch.OpenSearchStatusException: {"event_status_list": [{"config_id":"vms4tYkBd1wIiA9RPaJ_","config_type":"email","config_name":"temp-Main_alerting","email_recipient_status":[{"recipient":"<recipientr@email>","delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 <sender@email> sender should authenticate\n"}}],"delivery_status":{"status_code":"502","status_text":"sendEmail Error, status:575 <sender@email> sender should authenticate\n"}}]}
        at org.opensearch.notifications.send.SendMessageActionHelper.executeRequest(SendMessageActionHelper.kt:99) ~[?:?]
        at org.opensearch.notifications.send.SendMessageActionHelper$executeRequest$1.invokeSuspend(SendMessageActionHelper.kt) ~[?:?]
        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) [kotlin-stdlib-1.6.10.jar:1.6.10-release-923(1.6.10)]
        at kotlinx.coroutines.internal.ScopeCoroutine.afterResume(Scopes.kt:32) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.AbstractCoroutine.resumeWith(AbstractCoroutine.kt:113) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:46) [kotlin-stdlib-1.6.10.jar:1.6.10-release-923(1.6.10)]
        at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]

On the test server WITHOUT authentification - messages are successfully received without adding the in a keystore.

In plugin code i found these lines:

when (smtpDestination.method) {
            "ssl" -> prop["mail.smtp.ssl.enable"] = true
            "start_tls" -> prop["mail.smtp.starttls.enable"] = true
            "none" -> {
            }
            else -> throw IllegalArgumentException("Invalid method supplied")
        }

        if (smtpDestination.method != "none") {
            val secureDestinationSetting = getSecureDestinationSetting(smtpDestination)
            if (secureDestinationSetting != null) {
                prop["mail.smtp.auth"] = true
                session = Session.getInstance(
                    prop,
                    object : Authenticator() {
                        override fun getPasswordAuthentication(): PasswordAuthentication {
                            return PasswordAuthentication(
                                secureDestinationSetting.emailUsername.toString(),
                                secureDestinationSetting.emailPassword.toString()
                            )
                        }
                    }
                )
            }
        }

What solution would you like?
Add feature to use auth methods even while SSL/TLS are NOT set. Maybe some checkbox, or user/pass auth in Encryption method.

What alternatives have you considered?
Use webhooks and set up gateway sender to forward emails.

Do you have any additional context?
No.

@Hamster-Bob Hamster-Bob added enhancement New feature or request untriaged labels Aug 2, 2023
@gaobinlong
Copy link
Collaborator

@Hamster-Bob thanks for opening this issue, the requirement looks reasonable, could you help to make some code change and open a PR for it?

@Hamster-Bob
Copy link
Author

Hi @gaobinlong,
Sorry, but I'm really bad at programming.
I've tried to edit/repack Java of notification plugin or rebuild local repo with gradlew, to change method evaluation. But it, seems to be, beyond my skills :(

@gaobinlong gaobinlong added the good first issue Good for newcomers label Aug 23, 2023
@SuZhou-Joe SuZhou-Joe self-assigned this Oct 7, 2023
@NoiceBroice
Copy link

I'll look into allowing user/password authentification without SSL or TLS

@roman-timoshevskii
Copy link

Hi @NoiceBroice,
Did you have a chance to look into it?

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Development

No branches or pull requests

5 participants