Configuring OCI Email Delivery with OCI Exadata to send emails

I had a task to configure email sending from our OCI Exadata recently and having done it earlier for on-premise Exadata I was expecting a trivial task. Not so fast!

First of all OCI documentation for the Email Delivery is clear and available here. In short what you need to do is setup user with SMTP credentials, note if you are using federated login this will result in an error! So the user needs to be a native OCI user instead of federated user. See When Setting Up Email Delivery Service In OCI Error: “Email Is Not Available With Your Current Permissions. Contact Support in OCI instance” (Doc ID 2478986.1) for more details.

Once you have the user available and have setup correct policy for the user’s group you need to create SMTP credentials. The policy required is simply:

Allow group <group name> to use approved-senders in compartment <compartment name>

Setting up SMTP Credentials is easy, from the user page you click Generate SMTP Credentials. You can have up to two different credentials per user and if more then you need to setup a new user. You will get the user name (OCID) and password for the user, note that the password will be displayed only once so be sure to save it!

From the user page in Console you generate the SMTP Credentials

We still have one task left to be done from the Console – setting up approved senders. Note that email delivery is available only from Phoenix and Ashburn regions and the approved sender must be on the correct region. As I’m setting up this for Exadata the users I want to send emails are opc and oracle. I simply add opc@myexadata.mysubdomain.oraclevcn.com as approved sender.

Exadata Sendmail Configuration

So far everything is going smoothly! But now I want to configure Exadata sendmail and looking documentation there doesn’t seem to be specific instructions on how to do it. From MOS you can find note for Oracle Cloud Infrastructure  – How To Setup Postfix to Use Email Delivery in Oracle Linux 6 and 7 but nothing on sendmail setup for OCI Exadata.

Luckily AWS documentation has sendmail configuration available on their support pages which gives good guidance on steps required.

First I create file /etc/mail/authinfo as root (or use sudo with opc) and add following line to it using the username and password I got when generating SMTP credentials:

AuthInfo:smtp.us-phoenix-1.oraclecloud.com "I:ocid1.user.oc1..xxxx@ocid1.tenancy.oc1..xxxx.lb.com" "P:My_SMTP_PASSWORD" "M:PLAIN"

After that I run the following command to create the password db file:

sudo sh -c 'makemap hash /etc/mail/authinfo.db < /etc/mail/authinfo'

I add following lines to /etc/mail/sendmail.mc before the line MAILER(smtp)dnl:

define(`SMART_HOST',`smtp.us-phoenix-1.oraclecloud.com')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
FEATURE(`authinfo',`hash -o /etc/mail/authinfo.db')dnl
MAILER(smtp)dnl

In addition I add dnl to following line below so ipv6 is not used, otherwise you will run into error.

dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl

If you now restart sendmail you will reserve following error:

Aug 21 13:26:16 ocieexa1-host1 sendmail[303926]: x7LDQFJr303918: to=<simo.vilmunen@a.com>, ctladdr=<opc@oociexa1-host1.mysubdomain.oraclevcn.com> (1002/1007), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120587, relay=smtp.us-phoenix-1.oraclecloud.com. [138.1.38.16], dsn=4.0.0, stat=Deferred: Temporary AUTH failure

We still need package cyrus-sasl-plain installed, I’ve enabled public Oracle Linux repo to get it installed:

[root@oociexa1-host1 ~]# sudo yum install cyrus-sasl-plain
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package cyrus-sasl-plain.x86_64 0:2.1.23-15.el6_6.2 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===============================================================================================================================
 Package                       Arch                Version                         Repository                             Size
===============================================================================================================================
Installing:
 cyrus-sasl-plain              x86_64              2.1.23-15.el6_6.2               public_yum_x86_64_latest               31 k

Transaction Summary
===============================================================================================================================
Install       1 Package(s)

Total download size: 31 k
Installed size: 37 k
Is this ok [y/N]: y
Downloading Packages:
cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64.rpm                                                           |  31 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction

  Installing : cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64                                                                   1/1
  Verifying  : cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64                                                                   1/1

Installed:
  cyrus-sasl-plain.x86_64 0:2.1.23-15.el6_6.2

Complete!

Now the only thing left is to restart sendmail.

[root@oociexa1-host1 ~]# service sendmail restart
Shutting down sm-client:                                   [  OK  ]
Shutting down sendmail:                                    [  OK  ]
Starting sendmail:                                         [  OK  ]
Starting sm-client:                                        [  OK  ]

Finally I can test sending an email to myself to see everything works as expected:

echo "Test email from Exadata oci node 2" | mail -s "Test from oci node 2" simo.vilmunen@a.com

And that’s it! After going it through once it’s not so complicated afterall, biggest obstacles was finding the right set of configuration including disabling ipv6 support and also installing the required cyrus-sasl-plain package.

Hope this helps if you ever need to setup sendmail on Oracle Cloud Infrastructure Exadata!

Simo

View Comments

  • we are in the process of setting up our database system in oci, i am tasked with the send mail part. Our main concern is the email will need to be from our company's domain. We were told to use postfix. Would your setup do the trick? Or we need postfix?

    Thanks.

    • Hey Charles,

      If you would use your company's domain (also server?), you could use either postfix or sendmail and it should work!

  • I realize this is an older blog post, Simo, however the doc id referenced in the link no longer exists.

    Setting up email is a lot trickier in OCI than it was in on-premise Exadata!

Recent Posts

Autonomous Database Audit Logs to Logging Service Part 1

I recently came across requirement to get OCI Oracle Autonomous Database audit logs to OCI…

3 weeks ago

Connecting to Autonomous Database Running on Google Cloud

Last time I showed how to provision Autonomous Database Serverless (ADB-S) on Google Cloud. This…

2 months ago

Can you believe it? Provisioning Autonomous Database in GCP!

I bet few years back folks didn't expect that by 2024 we would be able…

3 months ago

IP Address Insights with CLI

My previous post on IP Address Insights I mentioned it wasn't yet available with CLI…

7 months ago

Thoughts on Oracle Database@Azure

This will NOT be a technical walkthrough on Oracle Database@Azure but rather my opinions and…

7 months ago

OCI Vulnerability Scanning Setup

Many times when you work for someone, they already have their own vulnerability scanning throughout…

7 months ago