All Apps and Add-ons

Unable to get mail client to access a mailbox

axewater
New Member
  • Installed the app
  • Entered the mailbox details in the configuration.
  • Verified connectivity to port 110 using telnet
  • Verified pop3 mailbox with seperate pop3 client
  • Mails are not found in the index (index stays empty)
  • Password is not removed from configuration and replaced with 'encrypted'
  • Checked logs in _internal index, seemed to loop between 3 statements :
    2017-07-25 11:37:09.442 message from "python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py" Passwords updated. Updating storage
    2017-07-25 11:37:09.442 message from "python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py" Got credentials from endpoint - Username(pop-splunk@xxxxxxxxx.com)
    2017-07-25 11:37:09.546 message from "python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py" Encrypting input password

  • Now enabled debug logging, getting a lot more messages, but not clear to me what the issue is exactly. It seems to be trying all sorts of accounts that exist locally on the system ? Why is it doing that .. I assume when the app wants to store the password somewhere encrypted, it's using built in OS functions for this and thats why the account is now 'in between the other local accounts'.

What are the next steps I should follow to trouble shoot this ? Any help would be much appreciated.

current errors (sanitized usernames and domain name) :

2017-07-26T09:38:42.796+0200,"cmd='python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py' Not added to run queue"
2017-07-26T09:38:42.796+0200,"PipelineSet 0: Destroying ExecedCommandPipe for ""python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py"" id=157416"
2017-07-26T09:38:42.796+0200,"PipelineSet 0: Ran script: python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py, took 3.743286 seconds to run, 0 bytes read"
2017-07-26T09:38:42.785+0200,"message from ""python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py"" None"
2017-07-26T09:38:42.785+0200,"message from ""python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py"" *** traceback_lineno: 241"
2017-07-26T09:38:42.785+0200,"message from ""python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py"" ['  File ""/appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py"", line 241, in stream_events\n    sp = self.save_password(username=email_address, input_list=input_list, ew=ew)\n', '  File ""/appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py"", line 180, in save_password\n    self.encrypt_input_password(input_without_scheme)\n', '  File ""/appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py"", line 128, in encrypt_input_password\n    tmp_input.update(**kwargs).refresh()\n', '  File ""/appl/logman/splunk/etc/apps/TA-mailclient/bin/splunklib/client.py"", line 2137, in update\n    return super(Input, self).update(**kwargs)\n', '  File ""/appl/logman/splunk/etc/apps/TA-mailclient/bin/splunklib/client.py"", line 1134, in update\n    self.post(**kwargs)\n', '  File ""/appl/logman/splunk/etc/apps/TA-mailclient/bin/splunklib/client.py"", line 993, in post\n    return super(Entity, self).post(path_segment, owner=owner, app=app, sharing=sharing, **query)\n', '  File ""/appl/logman/splunk/etc/apps/TA-mailclient/bin/splunklib/client.py"", line 801, in post\n    return self.service.post(path, owner=owner, app=app, sharing=sharing, **query)\n', '  File ""/appl/logman/splunk/etc/apps/TA-mailclient/bin/splunklib/binding.py"", line 287, in wrapper\n    return request_fun(self, *args, **kwargs)\n', '  File ""/appl/logman/splunk/etc/apps/TA-mailclient/bin/splunklib/binding.py"", line 69, in new_f\n    val = f(*args, **kwargs)\n', '  File ""/appl/logman/splunk/etc/apps/TA-mailclient/bin/splunklib/binding.py"", line 738, in post\n    response = self.http.post(path, all_headers, **query)\n', '  File ""/appl/logman/splunk/etc/apps/TA-mailclient/bin/splunklib/binding.py"", line 1201, in post\n    return self.request(url, message)\n', '  File ""/appl/logman/splunk/etc/apps/TA-mailclient/bin/splunklib/binding.py"", line 1221, in request\n    raise HTTPError(response)\n']"
2017-07-26T09:38:42.785+0200,"PipelineSet 0: Got EOF from ""python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py"", uniqueId=157416"
2017-07-26T09:38:39.264+0200,"message from ""python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py"" Encrypting input password"
2017-07-26T09:38:39.219+0200,"message from ""python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py"" Passwords updated. Updating storage"
2017-07-26T09:38:39.219+0200,"message from ""python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py"" User: RANDOMSTRINGSHERE, found in storage, did not match the email for this endpoint, pop-splunk@xxxxxxxx.com. Trying next credential"
2017-07-26T09:38:39.219+0200,"message from ""python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py"" Got credentials from endpoint - Username(pop-splunk@xxxxxxxxxxx.com)"
2017-07-26T09:38:39.219+0200,"message from ""python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py"" User: dummy1, found in storage, did not match the email for this endpoint, pop-splunk@xxxxxxxxx.com. Trying next credential"
2017-07-26T09:38:39.219+0200,"message from ""python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py"" User: RANDOMSTRINGSHERE, found in storage, did not match the email for this endpoint, pop-splunk@xxxxxxxxxx.com. Trying next credential"
2017-07-26T09:38:39.219+0200,"message from ""python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py"" User: default, found in storage, did not match the email for this endpoint, pop-splunk@xxxxxxxxxx.com. Trying next credential"
2017-07-26T09:38:39.219+0200,"message from ""python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py"" User: account1, found in storage, did not match the email for this endpoint, pop-splunk@xxxxxxxxx.com. Trying next credential"
2017-07-26T09:38:39.198+0200,"message from ""python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py"" 6 number of passwords found at endpoint"
2017-07-26T09:38:39.052+0200,"PipelineSet 0: Created new ExecedCommandPipe for ""python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py"", uniqueId=157416"
2017-07-26T09:38:39.052+0200,"Running: python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py on PipelineSet 0"
2017-07-26T09:38:39.052+0200,"cmd='python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py' Added to run queue"
2017-07-26T09:38:39.052+0200,"adding ""python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py"" to runqueue"
2017-07-26T09:38:39.052+0200,"ExecProcessorSharedState::addToRunQueue() path='python /appl/logman/splunk/etc/apps/TA-mailclient/bin/mail.py' restartTimerIfNeeded=1"
0 Karma

seunomosowon
Communicator

Hey,

I've just fixed it. It now works on port 110. It ignored is_secure previously, as that always yielded True.

It should be fixed from v1.1.1 upwards.

I also added tests for both secure and insecure versions of pop/imap.

I've also added tests for the 4 cases, POP/IMAP with and without SSL:

https://travis-ci.org/seunomosowon/TA-mailclient/builds/258944836

As the test mailbox I'm using doesn't support it, it comes back with login failed which you see in the search running against the _internal index.

Thanks again.

0 Karma

seunomosowon
Communicator

I rewrote some parts of the app, so it'll capture such exceptions, and should not pull the mails if it can't encrypt the password. It also disables the input if it is unable to proceed.

You should now see some logs about the specific problem when you enable debug You might have to check what capabilities your account has if it 's a permissions /capability issue.
The user needs to be able to update the inputs.conf, and also access and update storage/passwords.

0 Karma

seunomosowon
Communicator

Also, it doesn't actually use all the passwords. It checks the encrypted credentials on the system for one where the username matches the email, and realm="mail". If it finds a match, it uses it.

I'll try testing with POP3 without SSL if I can find a mail server that offers it

0 Karma

seunomosowon
Communicator

Hi,

Can you confirm what version of the app you're running, and version of Splunk Enterprise?
Did you just configure the inputs with the stanza along with the password? If you configure the inputs directly, restart and you should see password=encrypted.
- Also make sure you set is_secure = 0 in the inputs, since you're trying to connect to port 110, and not 995.
- List item

Error looks like it throws an exception when trying to update password. I'll check to see why it doesn't index the mail before the exception. I've added a couple of fixes, and updated to v1.6.2 of the SDK.

Please try the last version of the app available on splunkbase.

You can see it the last test on this here. It shows it configuring a sample input and it actually retrieves the email which contains the last commit to git.

Cheers,

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...