How to enable sendEmail to work with TLS

WAS THIS PAGE HELPFUL? Leave Feedback

Overview

To make the NoMa sendEmail method work, you need to be able to send email from the command line on your GroundWork server as user nagios. By default, GroundWork includes the sendEmail script, which works well and supports secure settings such as Transport Layer Security (TLS).

Steps
  • Edit the following file:
    /usr/local/groundwork/noma/etc/NoMa.yaml
    • Line 135 contains the calling line for the sendemail method as:
      sendmail: /usr/local/groundwork/common/bin/sendEmail
    • If options are added to this line, they will be used when sending email in addition to the message and subject, to and from options added by the intermediate process:
      /usr/local/groundwork/noma/notifier/sendEmail_gwos.pl
    • This allows you to configure TLS authentication. There are several considerations for doing so, but adding the following options to this line will be necessary. Of course, you will need to supply a valid sending email account username and password in the options:
      sendmail: /usr/local/groundwork/common/bin/sendEmail -o username={username} -o password={password} -o tls=yes
  • You will also need a certificate to use TLS. Certificates are expected to be loaded into the directory:
    /usr/local/groundwork/common/openssl/certs/
    Whatever certificate you use will need to be valid for the mail server. If you are using a hosted email service such as Gmail, then you will need to install the root ca certs, for example by installing the update-ca-certificates package on Ubuntu servers, see http://manpages.ubuntu.com/manpages/precise/man8/update-ca-certificates.8.html
    • In addition, you will need to either link the directory above to the certificate location:
      # rm /usr/local/groundwork/common/openssl/certs
      # ln -s /etc/ssl/certs /usr/local/groundwork/common/openssl/certs

      or modify the sendEmail script to user the alternate path (on line 1934).

    • If you are using a cert from another provider such as an in-house mail server, you just need to make sure it is in the /usr/local/groundwork/common/openssl/certs directory, and that it is valid. You can easily check a certificate’s validity with the following command:
      openssl verify /usr/local/groundwork/common/openssl/certs/mycert.crt
  • You can test the sending of email from the command line with the following command (best if done as user nagios, to make sure your permission are correct):
    /usr/local/groundwork/common/bin/sendEmail -t {my-email@myserver.com} -u test -m message1 -s smtp.gmail.com:587 -o username={username} -o password={password} -f {myfromemail@mydomain.com} -o tls=yes
    • Adding -v or -vv to this line will give you more debug information.

Labels

sendemail sendemail Delete
tls tls Delete
noma noma Delete
certificate certificate Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.