For the Trivadis Oracle Enterprise Manager Training, we setup and Oracle EM13c in the Oracle Cloud Infrastructure. One student exercise is, to setup notification rules. Therefore a mail server is required. In Oracle Cloud Infrastructure, there is an Email Delivery service available which fits best: Overview of the Email Delivery Service (oracle.com)
I have tried to setup a local postfix mail gateway which used the NAT gateway address as sender’s address. But the NAT gateway addresses are blacklisted in spam services like spamhaus.com. Even Microsoft doesn’t want to allow these mails send by the NAT gateway. You can see my attempts at the bottom of this blog post.
Setup
| Subnet | Component | Purpose |
| Public | Virtual Machine | Bastion Server, SSH Access, Apache Guacamole |
| Private | Virtual Machine | Oracle Enterprise Manager EM13c – OMS |
| Private | Database System | Oracle Enterprise Manager EM13c – Repository |
Email Delivery Service Prerequisites
The configuration for this service has to be done as non-federated user. If you want to use the service as a federated user, you get this message: Email Delivery is not available with your current permissions. Please Contact Support for further assistance.
IAM User
This is why I have created a IAM user called email-delivery-service-user. The user needs these permissions to manage the email delivery service.
| email-delivery-service-user | |
| email-delivery-service-group | |
| email-delivery-service-policy | Allow group Email-Delivery-Service-Group to manage approved-senders in compartment training:o-em Allow group Email-Delivery-Service-Group to use email-family in compartment training:o-em |
SMTP Credentials
Additional a SMTP credential for this user is created. This SMTP credentials are used for Oracle Enterprise Manager EM13c mail server configuration. Identity >> Users >> User Details >> SMTP Credentials. Copy the provided OCID and password temporary for later use.
Email Delivery Service Setup
Login in Oracle Cloud Infrastructure user interface as previous created user to configure the approved sender list. Developer Services >> Email Delivery. Add the mail address what you want to use for OEM communication to the approved sender list. Take care at the policy. Here in this case, the user is only allowed to do it in the O-EM called sub-compartment. Now we are ready to configure the Oracle Enterprise Manager EM13c.
The SMTP server is visible on the Email Configuration page and depends on your region. In my case, the SMTP endpoint in data center Zurich is used:
Oracle Enterprise Manager EM13c – Mail Servers Configuration
In Setup >> Notifications >> Mail Servers, we add a new mail server.
| Host | SMTP host provided by OCI |
| Port | 587 |
| User Name | SMTP Credentials user name |
| Password | SMTP Credentials password |
| Use Secure Connections | TLS, if available |
Set the Sender Identity, the Sender’s Email Address corresponds to the entry in the deliver approved sender list.
Oracle Enterprise Manager EM13c – Mail Servers Test
The configuration is done, we can test it. Test Mail Servers – click on the image for more details. After some seconds, you see a confirmation at the top that the test succeeded. Verify your mailbox for the test message. That’s all folks.
Addendum – Spamhaus and Outlook.com
Before I used the Email Delivery Service, the first try was to configure postfix as local mail agent, there is a good manual available here: Oracle Linux: Install the Postfix Email Server. But this was not successful. When I tried to send mails to my companies’ address or to an outlook.com (hotmail.ch is one of them), I always got a SMTP error: Client host [152.67.94.216] blocked using Spamhaus
May 14 16:17:28 oem1 postfix/pickup[31819]: 7DBC740C1B10: uid=1000 from=<op******@jurasuedfuss.com> May 14 16:17:28 oem1 postfix/cleanup[4193]: 7DBC740C1B10: message-id=<609e8678.uDmiR55B+z2ROrGf%op******@jurasuedfuss.com> May 14 16:17:28 oem1 postfix/qmgr[31820]: 7DBC740C1B10: from=<op********@jurasuedfuss.com>, size=480, nrcpt=1 (queue active) May 14 16:17:28 oem1 postfix/smtp[4197]: 7DBC740C1B10: to=<m*******@hotmail.ch>, relay=eur.olc.protection.outlook.com[104.47.8.33]:25, delay=0.15, delays=0.04/0.01/0.08/0.03, dsn=5.7.1, status=bounced (host eur.olc.protection.outlook.com[104.47.8.33] said: 550 5.7.1 Service unavailable, Client host [152.67.94.216] blocked using Spamhaus. To request removal from this list see https://www.spamhaus.org/query/ip/152.67.94.216 (AS3130). [AM5EUR03FT029.eop-EUR03.prod.protection.outlook.com] (in reply to MAIL FROM command)) May 14 16:17:28 oem1 postfix/smtp[4197]: 7DBC740C1B10: lost connection with eur.olc.protection.outlook.com[104.47.8.33] while sending RCPT TO May 14 16:17:28 oem1 postfix/cleanup[4193]: A0D69401C6BA: message-id=<20210514141728.A0D69401C6BA@op******@jurasuedfuss.com> May 14 16:17:28 oem1 postfix/qmgr[31820]: A0D69401C6BA: from=<>, size=2901, nrcpt=1 (queue active) May 14 16:17:28 oem1 postfix/bounce[4198]: 7DBC740C1B10: sender non-delivery notification: A0D69401C6BA May 14 16:17:28 oem1 postfix/qmgr[31820]: 7DBC740C1B10: removed May 14 16:17:28 oem1 postfix/local[4199]: A0D69401C6BA: to=<op*******@jurasuedfuss.com>, relay=local, delay=0.01, delays=0/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir) May 14 16:17:28 oem1 postfix/qmgr[31820]: A0D69401C6BA: removed
152.67.94.216 is the public IP address from the Oracle Cloud Infrastructure NAT gateway, first I did a removal request online at spamhaus.org – the URL was provided in the error message. And 2hrs later, I got a message and confirmed my request.
Two things:
- my company syncs their spam filter on a regular base, so after a while, I was able to send notifications to my personal company mail address
- but for the Hotmail (Outlook.com) address, it did still not work: Unfortunately, messages from [152.67.94.216] weren’t sent. Please contact your Internet service provider since part of their network is on our block list (S3140)
May 14 18:30:35 oem1 postfix/smtpd[3000]: connect from op****@jurasuedfuss.com[10.0.1.10] May 14 18:30:35 oem1 postfix/smtpd[3000]: 1D39A40C1B10: client=op****@jurasuedfuss.com[10.0.1.10] May 14 18:30:35 oem1 postfix/cleanup[3003]: 1D39A40C1B10: message-id=<823497502.17.1621009835108@op****@jurasuedfuss.com> May 14 18:30:35 oem1 postfix/smtpd[3000]: disconnect from op****@jurasuedfuss.com[10.0.1.10] May 14 18:30:35 oem1 postfix/qmgr[31820]: 1D39A40C1B10: from=<*****>, size=677, nrcpt=1 (queue active) May 14 18:30:35 oem1 postfix/smtp[3918]: 1D39A40C1B10: to=<ma*****@hotmail.ch>, relay=eur.olc.protection.outlook.com[104.47.14.33]:25, delay=0.1, delays=0/0/0.08/0.02, dsn=5.7.1, status=bounced (host eur.olc.protection.outlook.com[104.47.14.33] said: 550 5.7.1 Unfortunately, messages from [152.67.94.216] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [VI1EUR04FT028.eop-eur04.prod.protection.outlook.com] (in reply to MAIL FROM command)) May 14 18:30:35 oem1 postfix/smtp[3918]: 1D39A40C1B10: lost connection with eur.olc.protection.outlook.com[104.47.14.33] while sending RCPT TO May 14 18:30:35 oem1 postfix/cleanup[3003]: 39D73401C6BA: message-id=<20210514163035.39D73401C6BA@op****@jurasuedfuss.com> May 14 18:30:35 oem1 postfix/bounce[5010]: 1D39A40C1B10: sender non-delivery notification: 39D73401C6BA
So I tried to contact Microsoft on the same way with a support request:
And some minutes later I git the answer: Not qualified for mitigation.
Summary
This is quite simple: If you are in the cloud – use the cloud services.