Email notification not working

altayaltan · February 25, 2021, 6:44am

Hi,
I’m trying to set up email alerts for some events on my CRS device. OS version is 6.48. I followed mikrotik docs and some other docs as reference. Output of tool e-mail print:

address: mail@domain
          port: port
     start-tls: yes
          from: me@domain
          user: me@domain
      password: myemailpw
   last-status: failed
  last-address: mail@domain

As you can see here last-status is failed. I tried with both name and ip of the mail server, but i receive nothing. Tried testing with this code:

/tool e-mail> send to=me@domain subject="test" body="test" start-tls=yes

What might be the issue here?
Thanks in advance.

sindy · February 25, 2021, 8:50am

/system logging add topics=e-mail
/log print follow-only file=e-mail-start where topics~“mail”

From another window, send the test e-mail, wait until it fails, and then break the /log print … and read the e-mail-start.txt file (you’ll probably have to download it to a PC as it will be too large for RouterOS editor)

altayaltan · February 25, 2021, 10:37am

12:29:50 e-mail,error Error sending e-mail <test>: error connecting to server 
12:30:31 e-mail,warning recv invalid line: * OK domain.com Zimbra IMAP4rev1 server ready 
12:30:31 e-mail,error Error sending e-mail <test>: SMTP server not ready 
12:30:31 e-mail,debug send RSET 
12:30:31 e-mail,warning recv invalid line: RSET BAD parse error: unexpected end of line; expected ' ' 
12:30:31 e-mail,debug send QUIT 
12:30:31 e-mail,warnin

got this output from email log

sindy · February 25, 2021, 10:53am

It seems you connect to an IMAP server (normally used to receive/view received messages) instead of an SMTP server (used to send messages). Check the domain name and port, one or both are apparently wrong.

anav · February 27, 2021, 7:36pm

Okay got my email to work from port 25 to email server of my ISP.
Getting TLS working was a bit harder, using the right port and setting tls only, was the key to success.
I did not need to enable www-ssl at all.
I am using email addresses and passwords not domain names!

sindy · February 27, 2021, 7:58pm

There’s unfortunately a terrible mess in terms.

First, TLS is an evolution of SSL, and the actual (old) SSL should be deprecated everyhere, but people tend to stick with the old name.

Second, SMTP can be used in plaintext with no encryption all the time, or the TLS session may be established before the first SMTP packet is sent, or it may be requested after an initial conversation in plaintext which ends with a STARTTLS request and continues by TLS-encrypted connection re-using the already established TCP session.

If you configure start-tls=tls-only, it should work with your ISP as it skips the plaintext conversation. The description in the manual says it sends the starttls command but sniffer shows otherwise, the first payload packet the client sends is a TLS client-hello, so no starttls request in plaintext. Maybe if the server responds with HELO or EHLO, the starttls is there, no idea.

anav · February 27, 2021, 8:13pm

yup thanks amended my initial post after playing around.

sindy · February 27, 2021, 8:35pm

The manual says that if tls-only is used, the port setting is overridden. So strictly speaking it works on port 465 as expected, not on port 25.