How to debug the OMERO mail system

ahamacher · September 11, 2020, 7:58am

Hi all,

we are struggling with getting our OMERO server to send out emails properly. I believe the configuration settings for our used email server are generally fine, because it has been working few months ago for a short period of time but then stopped to work again. It is somewhat weird but I couldn’t figure out, why it stopped to work again and would love to get some hints on how I can debug the system to get more information on where the process is disturbed.

Installation overview (latest omero-server & omero-web is installed):

================================================================================
OMERO Diagnostics (admin) 5.7.1
================================================================================

Commands:   java -version                  11.0.8    (/bin/java)
Commands:   python -V                      3.6.8     (/mnt/data/OMERO.venv/server_venv3/bin/python -- 2 others)
Commands:   icegridnode --version          3.6.5     (/bin/icegridnode)
Commands:   icegridadmin --version         3.6.5     (/bin/icegridadmin)
Commands:   psql --version                 11.9      (/bin/psql)
Commands:   openssl version                1.0.2     (/bin/openssl)

Omero email configuration:

omero.ldap.user_mapping=omeName=sAMAccountName,firstName=givenName,lastName=sn,email=mail
omero.mail.auth=true
omero.mail.config=true
omero.mail.from=emailaccount@our-domain.de
omero.mail.host=mail.our-domain.de
omero.mail.password=********
omero.mail.port=465
omero.mail.smtp.debug=false
omero.mail.smtp.starttls.enable=false
omero.mail.transport.protocol=smtps
omero.mail.username=emailaccount

If I send out an email via OMERO admin console, it doesn’t report an error and for some reason always prints a double amount of emails to be send out (e.g. if I choose to addressees, it says “2 of 4 send out”:

Maybe this is a trivial configuration error, but I’m thankful for any hints on how to get to the core of the issue.

Cheers, Anna

joshmoore · September 11, 2020, 1:12pm

Hi @ahamacher,

Since the configuration was working, I’d assume it’s not a problem with the configuration itself. (It certainly looks reasonable.) Is there anything in the Blitz-0.log regarding mail? What about if you set the debug property and retry?

I’m also having issues locally via a gmail account and here are a few things I’ve run into:

If you have 2-factor activated, you may need to use an apppassword.
Accessing via Java can sometimes trigger an “unusual warning” flag on an account which then needs to login naturally to clear the flag.

Ok, that’s just odd. But let’s deal with that once we have the other issue fixed.

~Josh

ahamacher · September 14, 2020, 8:02am

Good morning Josh,

I found a hint in the Blitz-0.log. The log output remains the same no matter if omero.mail.smtp.debug is used or not:

2020-09-14 09:26:38,676 ERROR [        omero.cmd.mail.SendEmailRequestI] (1-thread-1) Mail server connection failed; nested exception is javax.mail.MessagingException: Could not connect to SMTP host: mail.ourdomain.de, port: 465;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure. Failed messages: javax.mail.MessagingException: Could not connect to SMTP host: mail.ourdomain.de, port: 465;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

The package omero-certificates is installed in the omero-server virtual environment and I re-executed “omero certificates” but it doesn’t change anything. I found the following topic pointing to mismatching protocol settings between java mail client and server, but can’t figure how to exactly check it for our installation:

https://stackoverflow.com/questions/6353849/received-fatal-alert-handshake-failure-through-sslhandshakeexception
https://dzone.com/articles/troubleshooting-javaxnetsslsslhandshakeexception-r

The same email server and account is used to send out server emails via package “ssmtp” on command line, so I know that the general connection and settings are fine. Unfortunately I’m not a java expert so and further hints are much appreciated.

Thanks, Anna

joshmoore · September 14, 2020, 2:58pm

Makes sense. omero-certificates help with similar problems from OMERO clients to the OMERO.server, but here OMERO.server is the client talking to some other server

Interesting links. You can certainly try setting the mentioned properties via omero config:

javax.net.debug=ssl:handshake:verbose

and

https.protocols=TLSv1.2

for example. You can get a list of the “cipher suites” from your mail server by putting something like this in a file:

x = new java.net.URL("https://gmail.com")
y = x.openConnection()
y.connect()

and then running:

 jjs -Dhttps.protocols=TLSv1.2 -Djavax.net.debug=ssl:handshake:verbose url.js 2>&1 | grep -i "cipher suites"

~Josh