Thursday, November 29, 2018

How To Setup Sending Monitoring Emails via OCI Email Delivery Service

Requirement:

   We often use scripts or program to send monitoring emails from linux to engineers. We plan to use mailx to send emails via smtp services provided by OCI Email Delivery Service

Solution:

   We followed the instructions of  the official doc and setup smtp credential and smtp connections


  • Generate SMTP credentials for a user.
  • Create an approved sender.
  • Configure SPF.
  • Configure the SMTP connection.


  • Once we  have smtp-auth-user and password
    We need to get SSL/TLS CA details from OCI email smtp hosts as we must secure the email connections
    • mkdir /etc/certs
    • # certutil -N -d /etc/certs
    • To get smtp domain CA details ,run this 
    • if it is on ashburon:  openssl s_client -showcerts -connect smtp.us-ashburn-1.oraclecloud.com:587 -starttls smtp  > /etc/certs/mycerts-ashburn
    • if it is on phoenix :  openssl s_client -showcerts -connect smtp.us-phoenix-1.oraclecloud.com:587 -starttls smtp  > /etc/certs/mycerts -phoenix
    • Vi mycerts-ashburn or phoenix and copy each certificate including the --BEGIN CERTIFICATE-- and --END CERTIFICATE-- and paste them into their respective files. ie:  ocismtp-ashburn1.pem ocismtp-ashburn2.pem
    • Import them into the nss-config-dr  /etc/certs  via below commands
    • certutil -A -n "DigiCert SHA2 Secure Server CA" -t "TC,," -d /etc/certs -i /etc/certs/ocismtp-ashburn1.pem
    • certutil -A -n "DigiCert SHA2 Secure Server CA smtp" -t "TC,," -d /etc/certs -i /etc/certs/ocismtp-ashburn2.pem
    • use certutil -L -d  /etc/certs   to verify they are imported well. output would like
    #  certutil -L -d  /etc/certs
    Certificate Nickname                                         Trust Attributes
                                                                 SSL,S/MIME,JAR/XPI

    DigiCert SHA2 Secure Server CA                               CT,,
    DigiCert SHA2 Secure Server CA smtp                          CT,,


    • Add below config at the bottom of /etc/mail.rc

    set nss-config-dir=/etc/certs
    set smtp-use-starttls
    set smtp-auth=plain
    set smtp=smtp.us-ashburn-1.oraclecloud.com
    set from="no-reply@test.com(henryxie)"
    set smtp-auth-user="<ocid from smtp credentials doc >"
    set smtp-auth-password="<password from smtp credentials doc >" 

    •  run test command:
    echo "test test from henry" | mailx  -v -s "test test test"    test@test.com

    2 comments:

    Unknown said...

    Thanks a lot for documenting. Really appreciate it.

    -Varma.

    Laura Bush said...

    Very informative article, Which you have shared here about the Email Delivery Service. Your article is very useful to know more about the setup of sending monitoring Emails via OCI Email delivery service. Thanks for sharing this article here. Bulk Email SMTP Service