Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6170
Views
0
Helpful
3
Replies

SCH smtp server configuration with gmail

gtlalpac
Level 1
Level 1

‎05-21-2013 04:10 PM

Hello,

I´m assisting a customer with Smart Call Home configuration for their UCS devices.

We have captured all the information in the General Tab of the Call Home configuration menu option. We have also updated the profile to include customer´s e-mail addresses and sent an inventory, but the customer has not received the inventory and I´ve reviewed the SCH page (I have a Cisco Red badge so I can look at all customer´s information) but I can´t find any non-registered or registered device for this customer.

My concern is that the gmail SMTP server is rejecting the messages instead of sending them to the recepient. Customer is using google apps as their e-mail platform so there is little they can change/review in the SMTP server.

My questions are:

1. Where, in UCSM, can we take a look of any diagnostic messages about the call home e-mails being sent or not to the destination?

2. Is it possible to configure the SMTP server as smtp.gmail.com with default port 25? I´ve seen from other call home documents that a POP account may be needed, is that correct?

Thanks in advance for any feedback.

Regards,

Gabriel Tlalpachicatl

VCE Customer Advocate

Labels:
0 Helpful
3 Replies 3

Lawrence Searcy
Cisco Employee
Cisco Employee

‎05-21-2013 05:46 PM

Normal email servers can be locked down via credentials or by restricting source ip addresses. Most email servers are locked down so they are not open to just anyone using them as a relay. I doubt Google is an open relay.

Smart Call Home devices only contain a simple email client. These clients do not do authentication - think SMTP client using basic port 25.  Customers need to use source ip address restrictions instead of credentials for authentication in their enterprise.

The email relay has to be an open relay for Call Home to work. Essentially, it cannot ask for authentication. The way to verify if it is an open relay is by using telnet

. Verifying that email server will relay email from device

telnet mail.myserver.com 25

Trying 10.10.10.10...

Connected to mail.mycompany.com.

Escape character is '^]'.

220 mail.mycompany.com ESMTP Postfix

helo client.mycompany.com

250 mail.mycompany.com

mail from: name@mycompany.com

250 Ok

rcpt to: callhome@cisco.com

554 : Relay access denied

If you don't even get this far, that's a no-go as well.

Usually when customers want to do email, they own the email server and then use a transport gateway to send it securely across the internet to Cisco Smart Call Home backend.

The transport gateway receives its information by being an email client and pulling email down from the server and then pushing it across the internet to Cisco Smart Call Home via HTTPS. The transport Gateway is also a web server so that Call Home devices can send the information to it via http or https and it will securely forward it across the internet to the Cisco Smart Call Home backend.

We do not recommend sending information from the Smart Call Home devices directly to Cisco Smart Call Home via email because email is sent in the clear across the internet.

Finally, I understand it might be posible to use the linux version of transport gateway on a server and also load a basic SMTP server as well so that the Call Home devices send email to the SMTP server and the transport gateway retrieves the email from the local email server and then uploads it to Cisco Smart Call Home even though the SMTP server co-exists on the same server. This could also be possible for Windows since the Transport gateway email client uses a random port to connect to the email server and uses a web server on ports you set.

NOTE: I have not successfuly tried putting both an SMTP server and a Transport Gateway on the same server. Many virus protection programs prevent applications from connecting from the same server.

Ok let's see if I can get to questions now!

#1. You log into the CLI and send it from there. SEE the quick start guide for UCS

https://supportforums.cisco.com/community/netpro/solutions/smart_services/smartcallhome

#2 No. Gmail does not accept inbound SMTP on port 25.

0 Helpful

Bryan Williams
Level 1
Level 1

‎05-21-2013 05:48 PM

Hi Gabriel,

You should have callhome@cisco.com as a recipient in the CiscoTAC-1 profile. Which instructs callhome in UCS to send messages back to Cisco for further processing.

(That's step 8 in the quick start guide: http://www.cisco.com/en/US/docs/switches/lan/smart_call_home/QuickStart_UCS.pdf)

When troubleshooting the email transport, I frequently add another external email address to the CiscoTAC-1 profile as a test. If the customer's mail server is capable of forwarding the message to Yahoo.com or mailinator, then the message is probably making it to Cisco.com as well.

If you want to debug call home message processing on the device, you can connect to NXOS through the CLI and run:

debug callhome event

or

debug callhome detail

As you would on a Nexus device. (It is safe to ignore any messages related to the full-txt or short-txt profiles which are not typically used with Smart Call Home.)

I haven't tried sending messages through Google's SMTP server.

0 Helpful

Bryan Williams
Level 1
Level 1
In response to Bryan Williams

‎05-21-2013 07:24 PM

A combination of this article and a transport gateway might solve the problem:

http://support.google.com/a/bin/answer.py?hl=en&answer=176600

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents