AcalephStorage / consul-alerts

A simple daemon to send notifications based on Consul health checks
GNU General Public License v2.0
825 stars 191 forks source link

Unable to send email notification via SMTP : unencrypted connection #208

Open mainak90 opened 7 years ago

mainak90 commented 7 years ago

Hello!

I am facing currently an issue while using consul-alerts, probably maybe i missed something on my part. It seems that while sending out the notification it fails. I can see that running the watch for checks and its able to identify when the check status changes but fails when it uses my configured relay to send out notification, i use this same SMTP alias to send out alerts in built into my couchbase which works fine, but in here i get this --> time="2017-11-07T23:43:11+01:00" level=info msg="Processing health checks for notification." time="2017-11-07T23:43:11+01:00" level=info msg="messages sent for notification" time="2017-11-07T23:43:11+01:00" level=info msg="Running health check." time="2017-11-07T23:43:11+01:00" level=info msg="Unable to send notification: unencrypted connection" This is my current email notifier config list --> image

Can anyone please tell me if i am doing something wrongly here? Should i use SMTPS(465) here? Just for info i am not using any authentication on the SMTP host as we are using a systemwide enterprise internal alias for our alerts.

Gerrrr commented 7 years ago

Hey @mainak90,

It seems that I found the issue. To send emails we use standard Go smtp.SendMail function that accepts Auth interface as one of the parameters. We use the PlainAuth that does not work with non-local servers that do not support TLS traffic encryption.

mainak90 commented 7 years ago

Hello @Gerrrr ,

Thanks a lot for the info! Is it something that is planned to be adapted in the next releases? Generally enterprise internal systems far down the line from the DMZ do not use TLS encryption on their internal server traffic. Please let me know. Thanks again!

mainak90 commented 7 years ago

Something of the likes of smtp.CRAMMD5Auth should work in this scope? I am pretty sure that you are a way better expert of this matter than me, but do we need the standard library here? Do you think i can recompile locally the source-code after removing this bit if !server.TLS && !isLocalhost(server.Name) { return "", nil, errors.New("unencrypted connection") } from smtp/auth.go?

Gerrrr commented 7 years ago

Hello @mainak90 ,

Sorry for a delayed response. I see your point! In our setup we also use an internal mail server that runs in a trusted environment and does not have any additional authentication. We had to encrypt its traffic just to make Consul-alerts happy :)

From the API perspective an email notifier can have a flag (disabled by default) that allows communication with a remote SMTP server via unencrypted connection. The flag should only work if username and password are not passed. TBH I do not know right away how it should be implemented internally, but maybe one of the Go email libraries (e.g. https://github.com/go-gomail/gomail) supports this behavior.

Unfortunately, I do not have time to work on this one until the end of year or so, but a PR is very welcome!

Best, Aleks