Hi
I have a fg201e run fortiOS 6.4.13 and set to send mail when IPS event happen.
But we didn't received any mail,so we follow the Troubleshooting Tip: Email alert to check what happend
And here is the debug result and config about email-server
==================================Config========================================
fg201 (email-server) # show
config system email-server
set server "notification.fortinet.net"
set port 465
set security smtps
end
================================Debug log=======================================
fg201 (root) # diag debug reset
fg201 (root) # diag debug enable
fg201 (root) # diag debug console timestamp enable
fg201 (root) # diag debug application alertmail -1
Debug messages will be on for 30 minutes.
fg201 (root) # diagnose log alertmail test
2023-12-20 15:23:32
fg201 (root) # 2023-12-20 15:23:32 mail_info:
from:notification.fortinet.net user:fg200E@joybomb.office
2023-12-20 15:23:32 mail_info:
reverse path:fg200E@joybomb.office
user name:fg200E
2023-12-20 15:23:32 to[0]:user@company.com
2023-12-20 15:23:32 to[1]:
2023-12-20 15:23:32 to[2]:
2023-12-20 15:23:32 <==_init_mail_info
2023-12-20 15:23:32 create session
2023-12-20 15:23:32 resolve notification.fortinet.net to 1 IP
2023-12-20 15:23:32 ==> send mail
2023-12-20 15:23:32 connecting to 208.91.114.151 port 465
2023-12-20 15:23:32 send mail 0x15d44b50 session 0x15d41110
2023-12-20 15:24:14 failed to connect
2023-12-20 15:24:14 session_io_event: creating ssl structure for session 0x15d4fc10
2023-12-20 15:24:14 create_ssl_ctx
2023-12-20 15:24:14 create_ssl: 0x7f3b30e3f000
2023-12-20 15:24:14 error in SSL_connect DH lib
2023-12-20 15:24:14 _session_on_destroy
2023-12-20 15:24:14 <== send mail failed, m = 0x15d35fd0 s = 0x15d4fc10
2023-12-20 15:24:34 create session
2023-12-20 15:24:34 resolve notification.fortinet.net to 1 IP
2023-12-20 15:24:34 ==> send mail
2023-12-20 15:24:34 connecting to 208.91.114.151 port 465
2023-12-20 15:24:35 failed to connect
2023-12-20 15:24:35 session_io_event: creating ssl structure for session 0x15d41110
2023-12-20 15:24:35 create_ssl: 0x7f3b30e3f000
2023-12-20 15:24:35 error in SSL_connect DH lib
2023-12-20 15:24:35 _session_on_destroy
2023-12-20 15:24:35 <== send mail failed, m = 0x15d44b50 s = 0x15d41110
2023-12-20 15:24:55 create session
2023-12-20 15:24:55 resolve notification.fortinet.net to 1 IP
2023-12-20 15:24:55 ==> send mail
2023-12-20 15:24:55 connecting to 208.91.114.151 port 465
2023-12-20 15:25:37 failed to connect
2023-12-20 15:25:37 session_io_event: creating ssl structure for session 0x15d4fc10
2023-12-20 15:25:37 create_ssl: 0x7f3b30e3f000
2023-12-20 15:25:37 error in SSL_connect DH lib
2023-12-20 15:25:37 _session_on_destroy
2023-12-20 15:25:37 <== send mail failed, m = 0x15d35fd0 s = 0x15d4fc10
2023-12-20 15:25:57 create session
2023-12-20 15:25:57 resolve notification.fortinet.net to 1 IP
2023-12-20 15:25:57 ==> send mail
2023-12-20 15:25:57 connecting to 208.91.114.151 port 465
2023-12-20 15:25:59 failed to connect
2023-12-20 15:25:59 session_io_event: creating ssl structure for session 0x15d41110
2023-12-20 15:25:59 create_ssl: 0x7f3b30e3f000
2023-12-20 15:25:59 error in SSL_connect DH lib
2023-12-20 15:25:59 _session_on_destroy
2023-12-20 15:25:59 <== send mail failed, m = 0x15d44b50 s = 0x15d41110
2023-12-20 15:26:19 create session
2023-12-20 15:26:19 resolve notification.fortinet.net to 1 IP
2023-12-20 15:26:19 ==> send mail
2023-12-20 15:26:19 connecting to 208.91.114.151 port 465
2023-12-20 15:27:01 failed to connect
2023-12-20 15:27:01 session_io_event: creating ssl structure for session 0x15d4fc10
2023-12-20 15:27:01 create_ssl: 0x7f3b30e3f000
2023-12-20 15:27:01 error in SSL_connect DH lib
2023-12-20 15:27:01 _session_on_destroy
2023-12-20 15:27:01 <== send mail failed, m = 0x15d35fd0 s = 0x15d4fc10
2023-12-20 15:27:21 create session
2023-12-20 15:27:21 resolve notification.fortinet.net to 1 IP
2023-12-20 15:27:21 ==> send mail
2023-12-20 15:27:21 connecting to 208.91.114.151 port 465
2023-12-20 15:27:22 failed to connect
2023-12-20 15:27:22 session_io_event: creating ssl structure for session 0x15d41110
2023-12-20 15:27:22 create_ssl: 0x7f3b30e3f000
2023-12-20 15:27:22 error in SSL_connect DH lib
2023-12-20 15:27:22 _session_on_destroy
2023-12-20 15:27:22 <== send mail failed, m = 0x15d44b50 s = 0x15d41110
==========================================================================
It looks like SSL connection failed.
Please help us to figure out what happen. Thanks a lot.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
From the output provided, it seem like Fortigate not able reach 208.91.114.151 with tcp/465.
Is the Fortigate directly connected to ISP router?
If got other device in front Fortigate, please check got block tcp/465 or not.
Yes, the fortigate directly connected to ISP devices.
And we telnet tcp/465 shows Connected too.
Hi @natejen
It appears that you are configuring email notification with the default email server, but you have user configured to fg200E@joybomb.office. Please unset the respective and test again. Do note that the default email server do not send email if the username is not the same domain as fortinet.net. Do use the default setting and see if you receive any notification email first.
Created on 12-24-2023 08:04 PM Edited on 12-24-2023 08:05 PM
Hi @kcheng
After unset username, we send test email again. And it fail again.
fg201 (root) # diagnose log alertmail test
2023-12-25 11:58:55
fg201 (root) # 2023-12-25 11:58:55 mail_info:
from:notification.fortinet.net user:(null)
2023-12-25 11:58:55 _init_mail_info: no user
2023-12-25 11:58:55 mail_info:
reverse path:(null)
user name:(null)
2023-12-25 11:58:55 to[0]:user@company.com
2023-12-25 11:58:55 to[1]:
2023-12-25 11:58:55 to[2]:
2023-12-25 11:58:55 <==_init_mail_info
2023-12-25 11:58:55 create session
2023-12-25 11:58:55 resolve notification.fortinet.net to 1 IP
2023-12-25 11:58:55 ==> send mail
2023-12-25 11:58:55 connecting to 208.91.114.151 port 465
2023-12-25 11:58:55 send mail 0x15d76110 session 0x15d7eee0
2023-12-25 11:59:58 failed to connect
2023-12-25 11:59:58 session_io_event: creating ssl structure for session 0x15d7eee0
2023-12-25 11:59:58 create_ssl: 0x7f3b30e24000
2023-12-25 11:59:58 error in SSL_connect DH lib
2023-12-25 11:59:58 _session_on_destroy
2023-12-25 11:59:58 <== send mail failed, m = 0x15d76110 s = 0x15d7eee0
2023-12-25 12:00:18 create session
2023-12-25 12:00:18 resolve notification.fortinet.net to 1 IP
2023-12-25 12:00:18 ==> send mail
2023-12-25 12:00:18 connecting to 208.91.114.151 port 465
Hi @natejen,
Can you telnet 208.91.114.151 port 465?
#execute telnet 208.91.114.151 port 465
Is there an upstream firewall that can block port 465? You can run packet capture to see if the traffic is leaving.
# di sniffer packet any 'host 208.91.114.151 and port 465' 4 0 l
Can you also provide the output of "show full system email-server" command?
Regards,
Created on 12-24-2023 07:53 PM Edited on 12-24-2023 08:07 PM
Yes , we could.
show full system email-server below.
config system email-server
set type custom
set server "notification.fortinet.net"
set port 465
set source-ip 220.130.193.79
set source-ip6 ::
set authenticate disable
set validate-server disable
set security smtps
set ssl-min-proto-version default
end
Update: after unset source-ip
The test email send out with success!
Thank for your help!
But how to reset alertmail queue?
We found many session still use wrong interfaces.
Created on 12-25-2023 05:32 AM Edited on 12-25-2023 05:33 AM
Hello @natejen ,
you can restart the alertmail process using below commands:
diagnose sys process pidof alertmail <--- This will give you the process id of alertmail to use in next command;
diagnose sys kill 11 <pid_of_alertmail>
I believe this will also clear the email queue as well.
Thanks a lot.
The queue was clear.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1535 | |
1028 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.