Description of problem: I do not want to discuss if it is wise or not, but the fact is, it is not possible. FYI SSL here means dedicated port, not STARTTLS. Please ignore that I have 587 as port there, OK? (notifier is broken anyway to accept any other port, BZ1020900). Yes docs says when MAIL_ENABLE_SSL is true, you have to have MAIL_USER and MAIL_PASSWORD defined. But really? Why? What about internal smtp which do not need AUTH? Description of problem: #>> scenario 1 (ssl no auth, MAIL_USER undefined, service dead) -%- # cat /etc/ovirt-engine/notifier/notifier.conf MAIL_SERVER=$out_internal_smtp MAIL_PORT=25 MAIL_PORT_SSL=587 MAIL_USER= MAIL_PASSWORD= MAIL_ENABLE_SSL=true HTML_MESSAGE_FORMAT=false MAIL_FROM=ovirt.lab.eng.brq.redhat.com MAIL_REPLY_TO= DAYS_TO_KEEP_HISTORY=0 DAYS_TO_SEND_ON_STARTUP=0 # /etc/init.d/ovirt-engine-notifier status ovirt-engine-notifier dead but pid file exists -%- Service is dead. MAIL_USER must be set when SSL is enabled or when password is set. -%- 2013-10-18 14:53:31,874 ERROR [org.ovirt.engine.core.notifier.Notifier] Failed to run the event notification service. java.lang.IllegalArgumentException: MAIL_USER must be set when SSL is enabled or when password is set at org.ovirt.engine.core.notifier.utils.sender.mail.JavaMailSender.setCommonProperties(JavaMailSender.java:86) at org.ovirt.engine.core.notifier.utils.sender.mail.JavaMailSender.<init>(JavaMailSender.java:41) at org.ovirt.engine.core.notifier.utils.sender.mail.EventSenderMailImpl.<init>(EventSenderMailImpl.java:37) at org.ovirt.engine.core.notifier.methods.NotificationMethodFactoryEmailImpl.<init>(NotificationMethodFactoryEmailImpl.java:17) at org.ovirt.engine.core.notifier.methods.NotificationMethodMapBuilder.createMethodsMapper(NotificationMethodMapBuilder.java:69) at org.ovirt.engine.core.notifier.NotificationService.initMethodMapper(NotificationService.java:209) at org.ovirt.engine.core.notifier.NotificationService.initConfigurationProperties(NotificationService.java:83) at org.ovirt.engine.core.notifier.NotificationService.<init>(NotificationService.java:59) at org.ovirt.engine.core.notifier.Notifier.main(Notifier.java:108) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.jboss.modules.Module.run(Module.java:292) at org.jboss.modules.Main.main(Main.java:455) 2013-10-18 14:53:31,924 INFO [org.ovirt.engine.core.notifier.Notifier] Preparing for shutdown after receiving signal 2013-10-18 14:53:31,924 INFO [org.ovirt.engine.core.notifier.Notifier] Event Notification service was shutdown -%- ##> scenario 2 (ssl no auth, MAIL_USER defined, service runs) -%- # cat /etc/ovirt-engine/notifier/notifier.conf MAIL_SERVER=smtp.corp.redhat.com MAIL_PORT=25 MAIL_PORT_SSL=587 MAIL_USER=ovirt.lab.eng.brq.redhat.com MAIL_PASSWORD= MAIL_ENABLE_SSL=true HTML_MESSAGE_FORMAT=false MAIL_FROM= MAIL_REPLY_TO= DAYS_TO_KEEP_HISTORY=0 DAYS_TO_SEND_ON_STARTUP=0 # /etc/init.d/ovirt-engine-notifier status ovirt-engine-notifier (pid 22935) is running... -%- Service runs. So I defined just MAIL_USER, but again sending does not work... -%- 2013-10-18 15:03:07,354 ERROR [org.ovirt.engine.core.notifier.utils.sender.mail.JavaMailSender] Failed to send message from ovirt.lab.eng.brq.redhat.com to jbelka with subject Issue Solved Notification. (jb-rh33.rhev.lab.eng.brq.redhat.com), [Migration completed (VM: jb-w8-x86, Source: dell-r210ii-03, Destination: dell-r210ii-13, Duration: 44 sec).] due to to error: failed to connect, no password specified? javax.mail.AuthenticationFailedException: failed to connect, no password specified? at javax.mail.Service.connect(Service.java:329) at javax.mail.Service.connect(Service.java:176) at javax.mail.Service.connect(Service.java:125) at org.ovirt.engine.core.notifier.utils.sender.mail.JavaMailSender.send(JavaMailSender.java:160) at org.ovirt.engine.core.notifier.utils.sender.mail.EventSenderMailImpl.send(EventSenderMailImpl.java:79) at org.ovirt.engine.core.notifier.NotificationService.processEvents(NotificationService.java:263) at org.ovirt.engine.core.notifier.NotificationService.run(NotificationService.java:120) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:724) -%- SSL with AUTH (MAIL_USER and MAIL_PASSWORD defined) works but I don't want to put my password into config, especially if it would _NOT_ be needed for my smtp server. Version-Release number of selected component (if applicable): is19 How reproducible: 100% Steps to Reproduce: 1. have no MAIL_USER defined, restart notifier 2. have MAIL_USER defined but not MAIL_PASSWORD, restart notifier Actual results: 1. service dead, MAIL_USER *must* be defined 2. service runs, but does not send Expected results: do not force me to use SSL with AUTH. Give me gun to shoot my foot, ok? Additional info: why is it dead for missing MAIL_USER but running for missing MAIL_PASSWORD? this is odd.
Arthur ?
95% of users who secure their mail servers do with with SSL+auth,there's no real point in doing one without the other. Besides that, our role as virtualization management software is to build mechanisms that protect users from possible vulnerabilities so I don't think we should let users to shoot in their foot.
Per comment #2 moving status to CLOSED NOTABUG
And that's reason why there is knob to EncryptHostCommunication=false in engine-config. But... your decision.