Error using sendmail in elastalert docker container

[gerbdla]

Getting this error with sendmail.

sendmail: can't connect to remote host (127.0.0.1): Connection refused

Any ideas of how to resolve this error?

[jeff-cook]

Do you have a mail server running on the same system as ElastAlert?

If you do, then something is blocking the connection locally. If you don't, then you need to configure a different mail server. https://github.com/Yelp/elastalert/blob/master/docs/source/elastalert.rst

[gerbdla]

Since I am not allowed to connect directly to SMTP server I am using the "command" alert and calling /usr/sbin/sendmail directly. As far as anything blocking the connection. On the host machine I am able to telnet to port 25 and also send emails with that command. It is only when the sendmail command is being called by elastalert. Any ideas what might be blocking the connection?

[gerbdla]

Sorry I also forgot to mention that this is a docker container.

[jeff-cook]

Is sendmail in the same container as ElastAlert? In Docker the typical setup would be to use the container name for other containers. Typically, localhost would access on the container itself and not the host system running the container.

[jeff-cook]

When you say you can telnet to 25 is that from the host or the ElastAlert container?

[gerbdla]

That is telnet from the host machine. This is what I am doing in the container echo "Subject: sendmail test" | sendmail -v test@gmail.com sendmail: can't connect to remote host (127.0.0.1): Connection refusedecho "Subject: sendmail test" | sendmail -v test@gmail.com sendmail: can't connect to remote host (127.0.0.1): Connection refused from the host success 250 2.0.0 x6V1e8D4012502 Message accepted for delivery test@gmail.com... Sent (x6V1e8D4012502 Message accepted for delivery) Closing connection to [127.0.0.1]

On Tue, Jul 30, 2019 at 5:17 PM Jeff Cook notifications@github.com wrote:

When you say you can telnet to 25 is that from the host or the ElastAlert container?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Yelp/elastalert/issues/2375?email_source=notifications&email_token=AAA74FKB2G6IWVNPF33ZBV3QCDK2DA5CNFSM4IIA6W5KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD3FVXCI#issuecomment-516643721, or mute the thread https://github.com/notifications/unsubscribe-auth/AAA74FMOQD2EY4Q2X57BO6LQCDK2DANCNFSM4IIA6W5A .

[jeff-cook]

Seems like you are running sendmail on the host system. You will need to use the IP or host name of the host system in ElastAlert. As far as the container is concerned, localhost is the container itself.

[gerbdla]

Thanks for the info. Do you know where that setting is?

On Wednesday, July 31, 2019, Jeff Cook notifications@github.com wrote:

Seems like you are running sendmail on the host system. You will need to use the IP or host name of the host system in ElastAlert. As far as the container is concerned, localhost is the container itself.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Yelp/elastalert/issues/2375?email_source=notifications&email_token=AAA74FIWGIH77RYQ67UUFRDQCGVUZA5CNFSM4IIA6W5KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD3HUFTQ#issuecomment-516899534, or mute the thread https://github.com/notifications/unsubscribe-auth/AAA74FKHAR37XVDWFIVJHVLQCGVUZANCNFSM4IIA6W5A .

-- null

[jeff-cook]

I would guess somewhere in your sendmail configuration.