How to debug the OMERO mail system

Hi all,

we are struggling with getting our OMERO server to send out emails properly. I believe the configuration settings for our used email server are generally fine, because it has been working few months ago for a short period of time but then stopped to work again. It is somewhat weird but I couldn’t figure out, why it stopped to work again and would love to get some hints on how I can debug the system to get more information on where the process is disturbed.

Installation overview (latest omero-server & omero-web is installed):

================================================================================
OMERO Diagnostics (admin) 5.7.1
================================================================================

Commands:   java -version                  11.0.8    (/bin/java)
Commands:   python -V                      3.6.8     (/mnt/data/OMERO.venv/server_venv3/bin/python -- 2 others)
Commands:   icegridnode --version          3.6.5     (/bin/icegridnode)
Commands:   icegridadmin --version         3.6.5     (/bin/icegridadmin)
Commands:   psql --version                 11.9      (/bin/psql)
Commands:   openssl version                1.0.2     (/bin/openssl)

Omero email configuration:

omero.ldap.user_mapping=omeName=sAMAccountName,firstName=givenName,lastName=sn,email=mail
omero.mail.auth=true
omero.mail.config=true
omero.mail.from=emailaccount@our-domain.de
omero.mail.host=mail.our-domain.de
omero.mail.password=********
omero.mail.port=465
omero.mail.smtp.debug=false
omero.mail.smtp.starttls.enable=false
omero.mail.transport.protocol=smtps
omero.mail.username=emailaccount

If I send out an email via OMERO admin console, it doesn’t report an error and for some reason always prints a double amount of emails to be send out (e.g. if I choose to addressees, it says “2 of 4 send out”:

Maybe this is a trivial configuration error, but I’m thankful for any hints on how to get to the core of the issue.

Cheers, Anna

Hi @ahamacher,

Since the configuration was working, I’d assume it’s not a problem with the configuration itself. (It certainly looks reasonable.) Is there anything in the Blitz-0.log regarding mail? What about if you set the debug property and retry?

I’m also having issues locally via a gmail account and here are a few things I’ve run into:

  • If you have 2-factor activated, you may need to use an apppassword.
  • Accessing via Java can sometimes trigger an “unusual warning” flag on an account which then needs to login naturally to clear the flag.

Ok, that’s just odd. :smile: But let’s deal with that once we have the other issue fixed.

~Josh

Good morning Josh,

I found a hint in the Blitz-0.log. The log output remains the same no matter if omero.mail.smtp.debug is used or not:

2020-09-14 09:26:38,676 ERROR [        omero.cmd.mail.SendEmailRequestI] (1-thread-1) Mail server connection failed; nested exception is javax.mail.MessagingException: Could not connect to SMTP host: mail.ourdomain.de, port: 465;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure. Failed messages: javax.mail.MessagingException: Could not connect to SMTP host: mail.ourdomain.de, port: 465;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

The package omero-certificates is installed in the omero-server virtual environment and I re-executed “omero certificates” but it doesn’t change anything. I found the following topic pointing to mismatching protocol settings between java mail client and server, but can’t figure how to exactly check it for our installation:

https://stackoverflow.com/questions/6353849/received-fatal-alert-handshake-failure-through-sslhandshakeexception
https://dzone.com/articles/troubleshooting-javaxnetsslsslhandshakeexception-r

The same email server and account is used to send out server emails via package “ssmtp” on command line, so I know that the general connection and settings are fine. Unfortunately I’m not a java expert so and further hints are much appreciated.

Thanks, Anna

Makes sense. omero-certificates help with similar problems from OMERO clients to the OMERO.server, but here OMERO.server is the client talking to some other server :wink:

Interesting links. You can certainly try setting the mentioned properties via omero config:

javax.net.debug=ssl:handshake:verbose

and

https.protocols=TLSv1.2

for example. You can get a list of the “cipher suites” from your mail server by putting something like this in a file:

x = new java.net.URL("https://gmail.com")
y = x.openConnection()
y.connect()

and then running:

 jjs -Dhttps.protocols=TLSv1.2 -Djavax.net.debug=ssl:handshake:verbose url.js 2>&1 | grep -i "cipher suites"

~Josh