Security

Hi experts,

I want to test a SMTP Server configuration for email messaging in CPPM, when I click on Send Test Email I get an error. I can see the details in Monitoring > Event Viewer , which are:

I have configured no security connection in the SMTP setting. This is the full configuration:

Does this mean CPPM doesn't support SMTP messaging without security or is this imposed by the SMTP server? Is there any workaround or must I use StartTLS security? My CPPM version is 6.6.0.81015.

Regards,

Julián

Hi,

After enabling StartTLS security and importing the SMTP Server certificate to Trust List the error changed to:

Did anyone have this kind of errors?

Regards,

Julián

Are you using port 587? 

Also, be sure to look in event viewer.

Yes, when I selected StartTLS security the port was automatically changed to 587. And the errors I have attached are seen in the Event Viewer.

Regards,

Julián

Try setting it to SSL for gmail (not StartTLS):

https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-use-Gmail-as-SMTP-server-on-CPPM/ta-p/185226

Also notice the message if you switch to SSL: SMTP Server certificate must be imported to Trust List as SSL setting is enabled.

Hi Herman,

Tried with SSL and now there is a connectivity problem:

But I have tried to telnet to that port from my PC and it is open. I don't know where the problem is, but it seems to be impossible :(

Regards,

Julián

Just tried with gmail and these settings:

And that worked fine after I logged in to my Gmail account and enabled 'insecure application access'. I got an email that access was blocked and a similar message in access tracker (Please log in via your web browser and then try again. Learn more at https://support.google.com/mail/answer/78754). BTW I did not need to do anything with the trust list, it just connected.

If you find the mail server settings for your local Internet Service Provider, that will probably work without authentication (at least it does here).

Does it feel as a 'test email' times out? Could it be that you enabled both data and management interface and the outgoing request is taking the wrong interface (it will take data by default)? I tend to avoid dual interface whenever possible.

Hi Herman,

Problem solved! I don't know the reason but testing with the Send Test Email button in the ClearPass Policy Manager > Administration » External Servers » Messaging Setup section didn't work. Then I have tried with Send Test Message button in the ClearPass Guest > Home » Configuration » Receipts » Email Receipt section and worked, I received the test email in my Gmail inbox:

BTW, I have tested this successfully with the three security options (none, SSL, StartTLS) and I didn't mind about the trust list as you did.

I don't know why I get that error with the Send Test Email button in the ClearPass Policy Manager > Administration » External Servers » Messaging Setup section.

For your last question, I only have configured the management interface.

Now I will see if it works with a real message...

Regards,

Julián

Been pulling my hair out trying to figure out why the "send test email" keeps failing in the policy manager.  After reading this thread I tested it from guest configuration it works fine. That must be a bug.  Thanks for posting about this my guess TAC would have not known either.

Hi fjulianom,

We have the same issue, and works fine as you said with SSL(port 465):

1)  I don't import any CA or certificate

2) Config gmail with allow low security App

2) Fail send mail through ccpm->external->messaging setup

3) Probe to send trhough  guest->config -> receipt -> customize email recepit . It works FINE!

Our version of ClearPass is 6.7

Thanks!

Hi Herman,

Just to let you know that real messaging worked. BTW, thanks for taking your time and testing this issue.

Regards,

Julián