I had a task to configure email sending from our OCI Exadata recently and having done it earlier for on-premise Exadata I was expecting a trivial task. Not so fast!
First of all OCI documentation for the Email Delivery is clear and available here. In short what you need to do is setup user with SMTP credentials, note if you are using federated login this will result in an error! So the user needs to be a native OCI user instead of federated user. See When Setting Up Email Delivery Service In OCI Error: “Email Is Not Available With Your Current Permissions. Contact Support in OCI instance” (Doc ID 2478986.1) for more details.
Once you have the user available and have setup correct policy for the user’s group you need to create SMTP credentials. The policy required is simply:
Allow group <group name> to use approved-senders in compartment <compartment name>
Setting up SMTP Credentials is easy, from the user page you click Generate SMTP Credentials. You can have up to two different credentials per user and if more then you need to setup a new user. You will get the user name (OCID) and password for the user, note that the password will be displayed only once so be sure to save it!
We still have one task left to be done from the Console – setting up approved senders. Note that email delivery is available only from Phoenix and Ashburn regions and the approved sender must be on the correct region. As I’m setting up this for Exadata the users I want to send emails are opc and oracle. I simply add opc@myexadata.mysubdomain.oraclevcn.com as approved sender.
Exadata Sendmail Configuration
So far everything is going smoothly! But now I want to configure Exadata sendmail and looking documentation there doesn’t seem to be specific instructions on how to do it. From MOS you can find note for Oracle Cloud Infrastructure – How To Setup Postfix to Use Email Delivery in Oracle Linux 6 and 7 but nothing on sendmail setup for OCI Exadata.
Luckily AWS documentation has sendmail configuration available on their support pages which gives good guidance on steps required.
First I create file /etc/mail/authinfo as root (or use sudo with opc) and add following line to it using the username and password I got when generating SMTP credentials:
AuthInfo:smtp.us-phoenix-1.oraclecloud.com "I:ocid1.user.oc1..xxxx@ocid1.tenancy.oc1..xxxx.lb.com" "P:My_SMTP_PASSWORD" "M:PLAIN"
After that I run the following command to create the password db file:
sudo sh -c 'makemap hash /etc/mail/authinfo.db < /etc/mail/authinfo'
I add following lines to /etc/mail/sendmail.mc before the line MAILER(smtp)dnl:
define(`SMART_HOST',`smtp.us-phoenix-1.oraclecloud.com')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
FEATURE(`authinfo',`hash -o /etc/mail/authinfo.db')dnl
MAILER(smtp)dnl
In addition I add dnl to following line below so ipv6 is not used, otherwise you will run into error.
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
If you now restart sendmail you will reserve following error:
Aug 21 13:26:16 ocieexa1-host1 sendmail[303926]: x7LDQFJr303918: to=<simo.vilmunen@a.com>, ctladdr=<opc@oociexa1-host1.mysubdomain.oraclevcn.com> (1002/1007), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120587, relay=smtp.us-phoenix-1.oraclecloud.com. [138.1.38.16], dsn=4.0.0, stat=Deferred: Temporary AUTH failure
We still need package cyrus-sasl-plain installed, I’ve enabled public Oracle Linux repo to get it installed:
[root@oociexa1-host1 ~]# sudo yum install cyrus-sasl-plain
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package cyrus-sasl-plain.x86_64 0:2.1.23-15.el6_6.2 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================================================================
Package Arch Version Repository Size
===============================================================================================================================
Installing:
cyrus-sasl-plain x86_64 2.1.23-15.el6_6.2 public_yum_x86_64_latest 31 k
Transaction Summary
===============================================================================================================================
Install 1 Package(s)
Total download size: 31 k
Installed size: 37 k
Is this ok [y/N]: y
Downloading Packages:
cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64.rpm | 31 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64 1/1
Verifying : cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64 1/1
Installed:
cyrus-sasl-plain.x86_64 0:2.1.23-15.el6_6.2
Complete!
Now the only thing left is to restart sendmail.
[root@oociexa1-host1 ~]# service sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
Finally I can test sending an email to myself to see everything works as expected:
echo "Test email from Exadata oci node 2" | mail -s "Test from oci node 2" simo.vilmunen@a.com
And that’s it! After going it through once it’s not so complicated afterall, biggest obstacles was finding the right set of configuration including disabling ipv6 support and also installing the required cyrus-sasl-plain package.
Hope this helps if you ever need to setup sendmail on Oracle Cloud Infrastructure Exadata!
Excellent Post !! Thanks A lot !!
we are in the process of setting up our database system in oci, i am tasked with the send mail part. Our main concern is the email will need to be from our company’s domain. We were told to use postfix. Would your setup do the trick? Or we need postfix?
Thanks.
Hey Charles,
If you would use your company’s domain (also server?), you could use either postfix or sendmail and it should work!
I realize this is an older blog post, Simo, however the doc id referenced in the link no longer exists.
Setting up email is a lot trickier in OCI than it was in on-premise Exadata!