For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Phu's avatar
Phu
Icon for Nimbostratus rankNimbostratus
Nov 28, 2020

BIG-IP can't send emails Alert when match SNMP trap condition defined in user_alert.conf file

My BigIP device is running on version v16.0.1.

I setup /etc/ssmtp/ssmtp.conf file with below option:

  • TLS_CA_FILE=/etc/pki/tls/certs/ca-bundle.crt
  • root=XXXX@gmail.com
  • mailhub=smtp.gmail.com:587
  • AuthUser=XXXX
  • AuthPass=XYXYX
  • UseSTARTTLS=Yes
  • UseTLS=Yes
  • hostname=bigipA.gmail.com

Testing ssmtp running well: printf "Subject: Test email for K13180\n\nssmtp test mail" | ssmtp -v YYYYYY@gmail.com

 

I defined user_alert.conf as below - https://support.f5.com/csp/article/K15288

  • alert CERTIFICATE_EXPIRED "Certificate (.*) expired" {
  • snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.300";
  • email toaddress="user@mydomain.com"
  • body="Certificate Expired on <BIG-IP>"
  • }
  •  
  • alert CERTIFICATE_WILL_EXPIRE "Certificate (.*) will expire" {
  • snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.301";
  • email toaddress="user@mydomain.com"
  • body="Certificate will Expire on <BIG-IP>"
  • }

Testing the email notification:

#tmsh create sys crypto key SOL15288testcert gen-certificate lifetime 10 common-name SOL15288testcert.com

#tmsh run sys crypto check-cert

 

I don't receive any email for this testing. I don't know why it's not run.

 

Can anyone help me?!!!

 

Thanks so much.

application delivery
LTM
TMSH

2 Replies

  • crodriguez's avatar
    crodriguez
    Ret. Employee
    Nov 28, 2020

    In reading K15288, the steps for configuring the BIG-IP system to use an SMTP server when using BIG-IP v11.5.0 or later (which v16 is) do not call for modifying /etc/ssmtp/ssmtp.conf but rather ask you to use TMSH command instead, specifically:

    (tmos)# modify /sys outbound-smtp mailhub <mail_server>:<port>

    For example, to configure the system to send email messages to host mail.mydomain.com using port 587, you would type the following command:

    (tmos)# modify sys outbound-smtp mailhub mail.mydomain.com:587

    The instructions for modifying the /etc/ssmtp/ssmtp.conf file apply only to BIG-IP versions 11.0.0 through 11.4.1.

    Can you try the TMSH solution and see if that works, please?

  • Phu's avatar
    Phu
    Icon for Nimbostratus rankNimbostratus
    Nov 29, 2020

    Hi Crodriguez,

     

    I try to setup both ssmtp.config and TMSH modify sys outbound-smtp mailhub methods.

    sys outbound-smtp {

      from-line-override enabled

      mailhub smtp.mydomain.com:587

      rewrite-domain bigipA.mydomain.com

    }

     

    The testing also failure.

    But I realize that when I modify mailhub by TMSH, the mailhub option in ssmtp.config also change accordingly.