Forum ©XSIBackup: ©VMWare ©ESXi Backup Software

Yurii

Member

Registered: 2018-11-27

Posts: 5

Emails didn't send to my mailboxes.

Hello All,

Please explain to me why XSI didn't send email?

Here is a string for executing:
/xsibackup --backup-point=/vmfs/volumes/volume/backups --backup-type=custom --backup-vms="TEST-VM" --mail-from=no-reply@my.email --mail-to=me@my.email --smtp-srv=smtp.gmail.com --smtp-port=587 --smtp-usr=no-reply@my.email --smtp-pwd=P@55w0rd --smtp-auth=yes  --smtp-sec=TLS

The credentials are correct. I can use my email via PowerShell or using Python. Here is XSI output:

2018-11-27T14:16:55|  Opening port 587 for SMTPout-587 service...
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1543328224
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
Firewall rule SMTPout-587 closed.
Backup finished

Please help me to find out where is the issue.

admin

Administrator

Registered: 2017-04-21

Posts: 2,072

Re: Emails didn't send to my mailboxes.

[b]no peer certificate available[/b]
Why are you using TLS if your server does not support it.

Yurii

Member

Registered: 2018-11-27

Posts: 5

Re: Emails didn't send to my mailboxes.

I not too strong in ciphers, but when I am used a Python there was a necessary option for delivering email:
            server = smtplib.SMTP('smtp.gmail.com', 587)
            server.starttls()
That's why I used TLS here.

But even when I ran without TLS option the script returned me the same result:
./xsibackup --backup-point=/vmfs/volumes/DS-3-SATAR5/Backups-xsi --backup-type=custom --backup-vm
s="TEST-VM" --mail-from=no-reply@my.email --mail-to=me@my.email --smtp-srv=smtp.gmail.com --smtp-port=587 --smtp-usr=no-reply@my.email --smtp-pwd=P@55w0rd --smtp-auth=yes

2018-11-30T17:13:18|  Opening port 587 for SMTPout-587 service...
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1543598007
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
Firewall rule SMTPout-587 closed.
Backup finished

Please help me with configuring alerts on email.

admin

Administrator

Registered: 2017-04-21

Posts: 2,072

Re: Emails didn't send to my mailboxes.

We can't help you debug your SMTP session, that's your homework, but you can easily overcome the situation by using a GMail or Yahoo account.

Yurii

Member

Registered: 2018-11-27

Posts: 5

Re: Emails didn't send to my mailboxes.

I'm already using Gmail account and using Gmail server for sending emails.
here is we using Google G-Suite, --mail-from=no-reply@my.emai ; "my.email" is just an example instead of a company name, used in Google space

Last edited by Yurii (2018-12-05 14:58:24)

admin

Administrator

Registered: 2017-04-21

Posts: 2,072

Re: Emails didn't send to my mailboxes.

Set a delay between commands as explained in the conf/smtpsrvs file. You might need to use an account that does have [b]gmail.com[/b] as the domain part, as XSIBackup will detect that string and change the SMTP protocol conversation to meet GMail.com requirements, they have tweaked their SMTP servers to work a special way.

Or, just use a regular SMTP account from any other provider.

Yurii

Member

Registered: 2018-11-27

Posts: 5

Re: Emails didn't send to my mailboxes.

So here is config file: [url]https://screenshots.client-demo-site.net/scn-20181205-185235-cargq.png[/url]

And here is a command: [url]https://screenshots.client-demo-site.net/scn-20181205-185444-fipof.png[/url]

Or what's wrong?

admin

Administrator

Registered: 2017-04-21

Posts: 2,072

Re: Emails didn't send to my mailboxes.

Every mailmaster configures and tweaks their SMTP server according to their own needs. XSIBackup offers a simple SMTP client which is compatible with the vast majority of e-mail servers out there. If you don't know why it's not working for you, or you don't want to delve into the issue, just use another one. We offer compatibillity with GMail, Yahoo, Hotmail, etc...

In your case you are having clear messages that are letting you know where you should tweak things.

Secure Renegotiation IS NOT supported

You are using port 587 with some GMail server, that will never work, as they are letting you know they will not renegotiate on port 587. So use GMail SMTP port, which is [b]465[/b]

Yurii

Member

Registered: 2018-11-27

Posts: 5

Re: Emails didn't send to my mailboxes.

Hello,

So I didn't understand why XSI can't talk to Google using 587 port while I can talk to Google from the console using Python with the same 587 port.

But anyway thanks, I have switched to 465 port and it works.

Timbo

Member

Registered: 2019-01-23

Posts: 12

Re: Emails didn't send to my mailboxes.

Glad I found this thread. Was getting pretty frustrated because I had gmail emails sending just fine on the older free version. Since SSL isn't an option in the GUI, then logically you select port 587 because GMAIL supports TLS on port 587, not 465.

Port 465 (SSL required)
Port 587 (TLS required)

Why it works on port 465 (The SSL port) for the TLS setting instead of port 587 (The TLS port) sounds like a bug in the software. In the older command line, it worked when explicitly including "--smtp-sec=SSL" and using port 465. You don't even have an SSL option in the GUI to select.

You'd probably save some customer hassles by just changing your GUI to say its doing SSL and not TLS.
[url]https://support.google.com/a/answer/176600?hl=en[/url]. Then people will know to select port 465 and not 587 as per the gmail instructions.

For any other servers I manage, I've only used port 587 and this is the first time running into an issue like this.

admin

Administrator

Registered: 2017-04-21

Posts: 2,072

Re: Emails didn't send to my mailboxes.

There is indeed an [b]Smtp sec:[/b] field in the GUI, please, take a closer look.

Timbo

Member

Registered: 2019-01-23

Posts: 12

Re: Emails didn't send to my mailboxes.

[quote=admin]There is indeed an [b]Smtp sec:[/b] field in the GUI, please, take a closer look.[/quote]

The GUI reads "SMTP Security set to TLS (default), change to none if you want unencrypted pwd".

No mention of SSL being an option.  But again, the default option of TLS *IS* what most people would select and works for other setups.

admin

Administrator

Registered: 2017-04-21

Posts: 2,072

Re: Emails didn't send to my mailboxes.

SSL is deprecated, TLS is the new standard for secure communications

Timbo

Member

Registered: 2019-01-23

Posts: 12

Re: Emails didn't send to my mailboxes.

[quote=admin]SSL is deprecated, TLS is the new standard for secure communications[/quote]

So to be clear, in your QA testing of Gmail, you're using TLS and port 587?  Because we're reporting these typical settings works elsewhere but NOT for XSIBackup.

admin

Administrator

Registered: 2017-04-21

Posts: 2,072

Re: Emails didn't send to my mailboxes.

We are walking on thin ice here. To properly discuss this matter, we would need to delve into it by reading the appropiate protocol definitions of some extensions as secure renegotiation. What we can tell you from our own experience is that there are many GMail servers and that not all of them behave the same and they also evolve over time. They do in regards to basic usage, but not all of them will be able to handle a secure connection on port 587.

AFAWK to connect over TLS to gmail.com you will need to use port 465, if you try to connect on port 587, at least at the time to develop that part, the SMTP conversation was being handled over to a TLS context. We cannot guarantee that this will work all the time in all servers, we can't even guarantee that it still does in any server. We in fact just make use of GMail and other providers.