SecAst: Configuring Email Alerts for Google Apps Account

Question

Requesting assistance with configuring SecAst email alerts to work with Google Apps hosted account (posting here as per request by Generation D)...

We have SecAst installed on a system with a new installation of Ubuntu 12.04.4 Server x86_64 LTS and Asterisk 11.10.2 using the following build:

    secast-1.0.1.0-x86_64-ub12.tar.gz

According to the /var/log/secast file, the interfaces for MySQL, iptables, Asterisk /var/log/asterisk/messages file and AMI appear to be functioning OK. The telnet interface works as expected, and the socket interface seems to get created at /tmp/secast.sock as expected. We are able to launch the secast executable binary from the command line in either foreground or daemon mode, or as a service.

At the moment, we are focusing on launching it in the foreground using '/usr/local/secast/secast -f' and checking /var/log/secast file for changes. Between runs, we change the configuration settings in: /etc/xdg/generationd/secast.conf

Unfortunately, even after scouring through the SecAst Detailed Installation Guide PDF document (docs/detailed_installation_guide.pdf), we are experiencing some difficulty finding a working configuration for the email alerts.

Note that we use the Google hosted email, through Google Apps for our domain.

We have confirmed that POP and SMTP access are enabled and working as expected.

We have manually verified the functioning of the SMTP connection using openssl from the command line, as per the response here:

https://stackoverflow.com/questions/11046135/how-to-send-email-using-simple-smtp-commands-via-gmail

In these manual SMTP tests using openssl, we have used both AUTH PLAIN and AUTH LOGIN through port 465 (SSL encryption), port 587 (TLS encryption) and even port 25 (TLS encryption). All combinations worked as expected through openssl testing from the terminal.

HOWEVER, we have not managed to find a combination of settings in the /etc/xdg/generationd/secast.conf file that causes secast to successfully send email alerts (errors in the log file; see below).

We can provide our e-mail details privately upon request for troubleshooting.

The login 'username' used for authentication 'username' is necessarily the full e-mail address, including the @ sign. After wondering whether the @ sign in the username might be a problem, we even tried escaping it with a \ (backslash).

None of the combinations we have tried seemed work, all resulting with messages like this in the /var/log/secast file:

    2014-06-23T16:35:48, 00000801, E, Alert, Failed to send email: Entering active state

Please help us get email alerts working with our SecAst setup.

Answer 1

We confirmed a bug related to encryption in our smtp library, which only affected some SMTP hosts (including google). We have temporarily switched smtp libraries and confirmed that SecAst can now send through google using TLS and SSL. SecAst version 1.0.4 is now available for download on the www.telium.io website, and should work fine with google.

The 1.0.4 release contains an erroneous message to stdout when sending an email but you can ignore this. As well, if running SecAst as a service the daemon closes stdout so this usually isn't even noticeable. We are also aware of an html tag format issue with this new smtp library - so if you use html formatted alert messages just ignore any formatting issues. The next minor release (1.1.x) will resolve these as well.

If upgrading from a prior version of SecAst, be sure to check the sample secast.conf file for new settings which you must carry over. If upgrading from 1.0.x then only the "enabled" key in the [database] stanza is new. As the default database setting is now disabled, you may notice your database is no longer updated without this new key. No other changes are necessary for this upgrade.