Mirth Community

Mirth Community (http://www.mirthcorp.com/community/forums/index.php)
-   Support (http://www.mirthcorp.com/community/forums/forumdisplay.php?f=6)
-   -   Alert email errors starting a few weeks ago (http://www.mirthcorp.com/community/forums/showthread.php?t=217035)

agradinc 03-23-2017 06:55 AM

Alert email errors starting a few weeks ago
 
My email alerts had been working, and abruptly stopped a few weeks ago. I'm guessing it has to do with the SMTP server, but I'm not sure how to trouble shoot. I'm a G Suite customer, so I'm trying to send through Google's smtp relay as described here.

The stack trace in the server log looks like:
Code:

[2017-03-22 18:42:50,899]  ERROR (com.mirth.connect.server.alert.DefaultAlertWorker:183): Error sending alert email.
org.apache.commons.mail.EmailException: Sending the email to the following server failed : smtp-relay.gmail.com:587
        at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1401)
        at org.apache.commons.mail.Email.send(Email.java:1428)
        at com.mirth.connect.server.util.ServerSMTPConnection.send(ServerSMTPConnection.java:152)
        at com.mirth.connect.server.util.ServerSMTPConnection.send(ServerSMTPConnection.java:156)
        at com.mirth.connect.server.util.ServerSMTPConnection.send(ServerSMTPConnection.java:160)
        at com.mirth.connect.server.alert.AlertWorker$ActionTask.call(AlertWorker.java:181)
        at com.mirth.connect.server.alert.AlertWorker$ActionTask.call(AlertWorker.java:97)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)Caused by: javax.mail.MessagingException: Could not convert socket to TLS;  nested exception is:
        javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
        at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1907)
        at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:666)
        at javax.mail.Service.connect(Service.java:345)
        at javax.mail.Service.connect(Service.java:226)
        at javax.mail.Service.connect(Service.java:175)
        at javax.mail.Transport.send0(Transport.java:253)
        at javax.mail.Transport.send(Transport.java:124)
        at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1391)
        ... 10 moreCaused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
        at sun.security.ssl.Handshaker.activate(Handshaker.java:503)
        at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1482)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1351)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
        at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:528)
        at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:465)
        at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1902)
        ... 17 more

The last successful email I received had this in the email header:
Code:

Received: from yyy.xxx.com ([ip address])
        by smtp-relay.gmail.com with ESMTPS id y130sm2929788itc.3.2017.03.02.07.16.53
        for <yyy@xxx.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 02 Mar 2017 07:16:53 -0800 (PST)

It had been working using port 587/STARTTLS/no authentication. I tried sending test emails today with STARTTLS and SSL on ports 587 and 465. All 4 tests failed.

A test email from my phone system just worked using port 587 and STARTTLS. The difference in protocol in the email header is (version=TLS1 cipher=AES128-SHA bits=128/128)

I'm not sure where to go from here.

narupley 03-23-2017 07:03 AM

What are your protocols / cipher suites set to in mirth.properties?

agradinc 03-23-2017 07:21 AM

I have not changed the defaults.
Code:

https.client.protocols = TLSv1.2
https.client.protocols = TLSv1.1
https.server.protocols = TLSv1.2
https.server.protocols = TLSv1.1
https.server.protocols = SSLv2Hello
https.ciphersuites = TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
https.ciphersuites = TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
https.ciphersuites = TLS_RSA_WITH_AES_256_GCM_SHA384
https.ciphersuites = TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
https.ciphersuites = TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
https.ciphersuites = TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
https.ciphersuites = TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
https.ciphersuites = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
https.ciphersuites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
https.ciphersuites = TLS_RSA_WITH_AES_128_GCM_SHA256
https.ciphersuites = TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
https.ciphersuites = TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
https.ciphersuites = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
https.ciphersuites = TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
https.ciphersuites = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
https.ciphersuites = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
https.ciphersuites = TLS_RSA_WITH_AES_256_CBC_SHA256
https.ciphersuites = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
https.ciphersuites = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
https.ciphersuites = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
https.ciphersuites = TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
https.ciphersuites = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
https.ciphersuites = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
https.ciphersuites = TLS_RSA_WITH_AES_256_CBC_SHA
https.ciphersuites = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
https.ciphersuites = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
https.ciphersuites = TLS_DHE_RSA_WITH_AES_256_CBC_SHA
https.ciphersuites = TLS_DHE_DSS_WITH_AES_256_CBC_SHA
https.ciphersuites = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
https.ciphersuites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
https.ciphersuites = TLS_RSA_WITH_AES_128_CBC_SHA256
https.ciphersuites = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
https.ciphersuites = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
https.ciphersuites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
https.ciphersuites = TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
https.ciphersuites = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
https.ciphersuites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
https.ciphersuites = TLS_RSA_WITH_AES_128_CBC_SHA
https.ciphersuites = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
https.ciphersuites = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
https.ciphersuites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA
https.ciphersuites = TLS_DHE_DSS_WITH_AES_128_CBC_SHA
https.ciphersuites = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
https.ciphersuites = TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
https.ciphersuites = SSL_RSA_WITH_3DES_EDE_CBC_SHA
https.ciphersuites = TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
https.ciphersuites = TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
https.ciphersuites = SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
https.ciphersuites = SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
https.ciphersuites = TLS_EMPTY_RENEGOTIATION_INFO_SCSV


narupley 03-23-2017 07:43 AM

That looks incorrect, those should be on one line each. What version are you using? It looks like you may have run into MIRTH-3991, which was fixed in 3.4.2.

agradinc 03-23-2017 08:36 AM

Interesting. I thought it looked strange with multiple assignments for the same setting, but since I had never even opened the mirth.properties file before I assumed it was correct. I'm on version 3.4.1. We did have a "backend storage event" on the server around the time it stopped working, so maybe that triggered the bug.

I restored mirth.properties from a February backup, and the emails are working now. Thanks!


All times are GMT -8. The time now is 02:20 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Mirth Corporation