Automic Workload Automation

 View Only
  • 1.  STARTTLS issue with notification objects and sendmail

    Posted Jul 14, 2020 02:43 PM
    We are moving our SMTP server to Amazon SES and I am unable to send emails from our automation platform using our Amazon SES credentials and relay server information. 

    Ports are open as I am able to send emails from powershell script using same credentials from same servers. This indicates that ports are open and credentials function correctly from source servers.

    In client zero UC_CLIENT_SETTINGS variable I have defined the SMTP_FROM_ADDRESS as the address configured within Amazon SES. I have configured SMTP_SERVER to point to the Amazon SMTP end point. I've configured SMTP_LOGIN to use the login object name of the object I created.

    I've created a login object in both client zero and my test client using * for all agents, MAIL for the type, and the credentials for the account in username/password.

    The error provided from the automation engine is:

    U00050027 Authentication error '530 Must issue a STARTTLS command first' (SMTP server: 'email-smtp.us-east-1.amazonaws.com')

    We are on version 12.2 of the ONE Automation Engine.


  • 2.  RE: STARTTLS issue with notification objects and sendmail
    Best Answer

    Posted Jul 15, 2020 04:29 AM
    Edited by Christopher Hackett Jul 17, 2020 01:36 PM
    Hi.

    > Must issue a STARTTLS

    It appears your Amazon mail server requires encrypted SMTP (a wise decision in 2020). On the contrary, I don't think Automic speaks encrypted SMTP, at least as far as I know it only speaks ye olde plain text SMTP (and fwiw, an Automic employee, Claus Jambrich, confirmed this in 2017, albeit in a German post, and I don't think it changed since).

    So unless you can disable the need for encryption at Amazon - and thereby severely weaken transport security and potentially send plain text business data unencrypted over the internet, which likely is a bad idea(tm) - this probably won't work.

    Best regards,
    Carsten

    edit: you could probably set up an smtp proxy on the Automic server for this: have a local MTA that acts as a proxy, accepts mail from Automic on a plain text SMTP connection and then connects to the Amazon site with encryption and relays all the mail. You'd need something like a sendmail or qmail on the Automic machine or in the local network of it for this.

    edit (2): Oh, look, someone did this something like this already!

    https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=783937

    edit (3): Please feel free to vote on this feature request I created:

    https://community.broadcom.com/participate/ideation-home/viewidea?IdeationKey=12b5cd65-32b2-4251-b66c-5ec7771041ff

    ------------------------------
    # signature.sh --verbose=[true|false]
    # no configurables beyond this point, only signature

    Calendar Quote of the Month:
    "The point of a DR test with a remote site is usually to be operational when your main site gets flooded / set on fire / invaded by Ninjas at an inconvenient moment."

    Did you know?
    Using the slide show widget for posting individual images is wrong! Please use the "insert image" button in the editor.

    Pro Tip: I will NOT respond to PM asking for help unless there's an actual reason to keep the discussion off of the public forums!

    'Efficient Solutions Monthly Magazine' says:
    "Asking questions the right way never hurts!"

    Here, have some tips:
    http://www.catb.org/~esr/faqs/smart-questions.html
    https://www.chiark.greenend.org.uk/~sgtatham/bugs.html
    ------------------------------



  • 3.  RE: STARTTLS issue with notification objects and sendmail

    Posted Jul 15, 2020 09:39 AM
    The link you provided is exactly what I figured would need to be set up on my end to resolve this communications issue because yes we do not want clear text email content getting shot across the net. It worked better when all our systems where on prem but the cloud is the way of the future I guess!

    Thanks again and I fully support the feature request!​