Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
natejen
New Contributor II

Error sending email alert

Hi 

 

I have a fg201e run fortiOS 6.4.13 and set to send mail when IPS event happen.
But we didn't received any mail,so we follow the Troubleshooting Tip: Email alert to check what happend
And here is the debug result and config about email-server

 

==================================Config========================================


fg201 (email-server) # show
config system email-server
set server "notification.fortinet.net"
set port 465
set security smtps
end


================================Debug log=======================================


fg201 (root) # diag debug reset
fg201 (root) # diag debug enable
fg201 (root) # diag debug console timestamp enable
fg201 (root) # diag debug application alertmail -1
Debug messages will be on for 30 minutes.
fg201 (root) # diagnose log alertmail test
2023-12-20 15:23:32
fg201 (root) # 2023-12-20 15:23:32 mail_info:
from:notification.fortinet.net user:fg200E@joybomb.office
2023-12-20 15:23:32 mail_info:
reverse path:fg200E@joybomb.office
user name:fg200E
2023-12-20 15:23:32 to[0]:user@company.com
2023-12-20 15:23:32 to[1]:
2023-12-20 15:23:32 to[2]:
2023-12-20 15:23:32 <==_init_mail_info
2023-12-20 15:23:32 create session
2023-12-20 15:23:32 resolve notification.fortinet.net to 1 IP
2023-12-20 15:23:32 ==> send mail
2023-12-20 15:23:32 connecting to 208.91.114.151 port 465
2023-12-20 15:23:32 send mail 0x15d44b50 session 0x15d41110
2023-12-20 15:24:14 failed to connect
2023-12-20 15:24:14 session_io_event: creating ssl structure for session 0x15d4fc10
2023-12-20 15:24:14 create_ssl_ctx
2023-12-20 15:24:14 create_ssl: 0x7f3b30e3f000
2023-12-20 15:24:14 error in SSL_connect DH lib
2023-12-20 15:24:14 _session_on_destroy
2023-12-20 15:24:14 <== send mail failed, m = 0x15d35fd0 s = 0x15d4fc10
2023-12-20 15:24:34 create session
2023-12-20 15:24:34 resolve notification.fortinet.net to 1 IP
2023-12-20 15:24:34 ==> send mail
2023-12-20 15:24:34 connecting to 208.91.114.151 port 465
2023-12-20 15:24:35 failed to connect
2023-12-20 15:24:35 session_io_event: creating ssl structure for session 0x15d41110
2023-12-20 15:24:35 create_ssl: 0x7f3b30e3f000
2023-12-20 15:24:35 error in SSL_connect DH lib
2023-12-20 15:24:35 _session_on_destroy
2023-12-20 15:24:35 <== send mail failed, m = 0x15d44b50 s = 0x15d41110
2023-12-20 15:24:55 create session
2023-12-20 15:24:55 resolve notification.fortinet.net to 1 IP
2023-12-20 15:24:55 ==> send mail
2023-12-20 15:24:55 connecting to 208.91.114.151 port 465
2023-12-20 15:25:37 failed to connect
2023-12-20 15:25:37 session_io_event: creating ssl structure for session 0x15d4fc10
2023-12-20 15:25:37 create_ssl: 0x7f3b30e3f000
2023-12-20 15:25:37 error in SSL_connect DH lib
2023-12-20 15:25:37 _session_on_destroy
2023-12-20 15:25:37 <== send mail failed, m = 0x15d35fd0 s = 0x15d4fc10
2023-12-20 15:25:57 create session
2023-12-20 15:25:57 resolve notification.fortinet.net to 1 IP
2023-12-20 15:25:57 ==> send mail
2023-12-20 15:25:57 connecting to 208.91.114.151 port 465
2023-12-20 15:25:59 failed to connect
2023-12-20 15:25:59 session_io_event: creating ssl structure for session 0x15d41110
2023-12-20 15:25:59 create_ssl: 0x7f3b30e3f000
2023-12-20 15:25:59 error in SSL_connect DH lib
2023-12-20 15:25:59 _session_on_destroy
2023-12-20 15:25:59 <== send mail failed, m = 0x15d44b50 s = 0x15d41110
2023-12-20 15:26:19 create session
2023-12-20 15:26:19 resolve notification.fortinet.net to 1 IP
2023-12-20 15:26:19 ==> send mail
2023-12-20 15:26:19 connecting to 208.91.114.151 port 465
2023-12-20 15:27:01 failed to connect
2023-12-20 15:27:01 session_io_event: creating ssl structure for session 0x15d4fc10
2023-12-20 15:27:01 create_ssl: 0x7f3b30e3f000
2023-12-20 15:27:01 error in SSL_connect DH lib
2023-12-20 15:27:01 _session_on_destroy
2023-12-20 15:27:01 <== send mail failed, m = 0x15d35fd0 s = 0x15d4fc10
2023-12-20 15:27:21 create session
2023-12-20 15:27:21 resolve notification.fortinet.net to 1 IP
2023-12-20 15:27:21 ==> send mail
2023-12-20 15:27:21 connecting to 208.91.114.151 port 465
2023-12-20 15:27:22 failed to connect
2023-12-20 15:27:22 session_io_event: creating ssl structure for session 0x15d41110
2023-12-20 15:27:22 create_ssl: 0x7f3b30e3f000
2023-12-20 15:27:22 error in SSL_connect DH lib
2023-12-20 15:27:22 _session_on_destroy
2023-12-20 15:27:22 <== send mail failed, m = 0x15d44b50 s = 0x15d41110

 

==========================================================================


It looks like SSL connection failed.

Please help us to figure out what happen. Thanks a lot.

11 REPLIES 11
ssteo
Staff
Staff

From the output provided, it seem like Fortigate not able reach 208.91.114.151 with tcp/465.

Is the Fortigate directly connected to ISP router?

If got other device in front Fortigate, please check got block tcp/465 or not.

natejen
New Contributor II

Yes, the fortigate directly connected to ISP devices.
And we telnet tcp/465 shows Connected too.

kcheng
Staff
Staff

Hi @natejen 

 

It appears that you are configuring email notification with the default email server, but you have user configured to fg200E@joybomb.office. Please unset the respective and test again. Do note that the default email server do not send email if the username is not the same domain as fortinet.net. Do use the default setting and see if you receive any notification email first.

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
natejen
New Contributor II

Hi @kcheng 

After unset username, we send test email again. And it fail again.

 

fg201 (root) # diagnose log alertmail test
2023-12-25 11:58:55
fg201 (root) # 2023-12-25 11:58:55 mail_info:
from:notification.fortinet.net user:(null)
2023-12-25 11:58:55 _init_mail_info: no user
2023-12-25 11:58:55 mail_info:
reverse path:(null)
user name:(null)
2023-12-25 11:58:55 to[0]:user@company.com
2023-12-25 11:58:55 to[1]:
2023-12-25 11:58:55 to[2]:
2023-12-25 11:58:55 <==_init_mail_info
2023-12-25 11:58:55 create session
2023-12-25 11:58:55 resolve notification.fortinet.net to 1 IP
2023-12-25 11:58:55 ==> send mail
2023-12-25 11:58:55 connecting to 208.91.114.151 port 465
2023-12-25 11:58:55 send mail 0x15d76110 session 0x15d7eee0
2023-12-25 11:59:58 failed to connect
2023-12-25 11:59:58 session_io_event: creating ssl structure for session 0x15d7eee0
2023-12-25 11:59:58 create_ssl: 0x7f3b30e24000
2023-12-25 11:59:58 error in SSL_connect DH lib
2023-12-25 11:59:58 _session_on_destroy
2023-12-25 11:59:58 <== send mail failed, m = 0x15d76110 s = 0x15d7eee0
2023-12-25 12:00:18 create session
2023-12-25 12:00:18 resolve notification.fortinet.net to 1 IP
2023-12-25 12:00:18 ==> send mail
2023-12-25 12:00:18 connecting to 208.91.114.151 port 465

hbac
Staff
Staff

Hi @natejen,

 

Can you telnet 208.91.114.151 port 465? 

#execute telnet 208.91.114.151 port 465

 

Is there an upstream firewall that can block port 465? You can run packet capture to see if the traffic is leaving. 

# di sniffer packet any 'host 208.91.114.151 and port 465' 4 0 l 

 

Can you also provide the output of "show full system email-server" command? 

 

Regards, 

natejen
New Contributor II

Yes , we could.

show full system email-server below.


config system email-server
set type custom
set server "notification.fortinet.net"
set port 465
set source-ip 220.130.193.79
set source-ip6 ::
set authenticate disable
set validate-server disable
set security smtps
set ssl-min-proto-version default
end

natejen
New Contributor II

Update: after unset source-ip
The test email send out with success!
Thank for your help!

 

But how to reset alertmail queue?
We found many session still use wrong interfaces.

dbhavsar

Hello @natejen ,
you can restart the alertmail process using below commands:
diagnose sys process pidof alertmail    <--- This will give you the process id of alertmail to use in next command;
diagnose sys kill 11 <pid_of_alertmail>


I believe this will also clear the email queue as well.

DNB
natejen
New Contributor II

Thanks a lot.

The queue was clear.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors