|
backtrace for easier searching :
|
|
Does it crash reliably? Could you please provide the DebugLevel=4 (or 5) log for the alerter process? What exact SMTP authentication settings do you use? What are the cURL and related crypto library versions?
|
|
Hi alek,
DebugLevel 5 log and smtp settings attached
libcurl version: libcurl-7.29.0-25.el7.centos.x86_64
|
|
Thank you! It can be seen in the log that NTLM authentication is attempted, after which it crashes.
What is the version of libnss3.so library? Does it work if cURL is linked with a different crypto library?
|
|
thanks, alek.
nss version is: nss-3.19.1-19.el7_2.x86_64
actually, i haven't used any NTLM authentication at all. even after i have disabled all media type and remove any media in Users configuration, zabbix server still crash and auto restart repeatedly.
BTW, i install all packages with yum, what have to do to make cURL link with other crypto lib.
|
|
Hi alek,
after i change from 'normal password' to 'none' in default email media type setting, zabbix-server start normally.
so why i failed even if media type is disabled. _
thanks very much for your patience and help me out.
|
|
Could you please try sending an email using cURL from the command line?
It should be something like this. First, prepare an email message:
Second, use that file with a command-line similar to the following, but using your Zabbix SMTP parameters:
When Zabbix attempts to send an email, it uses NTLM authentication as seen in the log (because the SMTP server offers NTLM and LOGIN methods):
You should try to make cURL use NTLM authentication, too, and see whether it crashes or not. This may give us a hint on whether the problem is on Zabbix side.
|
|
Note also that according to the following Zabbix code libcurl either chooses some unspecified login method or PLAIN, depending on libcurl version:
if (SMTP_AUTHENTICATION_NORMAL_PASSWORD == smtp_authentication)
{
#if 0x071e00 >= LIBCURL_VERSION_NUM
if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_USERNAME, username)) ||
CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PASSWORD, password)))
{
goto error;
}
#elif 0x072100 >= LIBCURL_VERSION_NUM
char userpwd[523];
zbx_snprintf(userpwd, sizeof(userpwd), "%s:%s;AUTH=PLAIN", username, password);
if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_USERPWD, userpwd)))
goto error;
#else
if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_USERNAME, username)) ||
CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PASSWORD, password)) ||
CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_LOGIN_OPTIONS, "AUTH=PLAIN")))
{
goto error;
}
#endif
}
If specifying NTLM or LOGIN method is desired, that would probably be a feature request. What authentication method is expected to be used in your case?
|
BTW, i install all packages with yum, what have to do to make cURL link with other crypto lib.
One way would probably be to compile cURL and Zabbix server from sources.
|
|
Hi alex,
here is my command:
OUTPUT:
seems got segmentation fault when sending mail with curl command line.
|
|
Great! Seems there is nothing to fix on Zabbix side. 
You might wish to try the latest cURL and NSS versions, and report a bug there if it still crashes.
|
|
Closing as "Won't fix" as per the comment above. Also, if specifying NTLM or LOGIN authentication method is desired, please create a ZBXNEXT.
|
|
Let's include this issue along ZBX-10486 to "Known issues" section in documentation.
|
|
Well, we cannot include ZBX numbers per se in "Known issues". We need to formulate, in the simplest possible terms, the problem that some users have, the cause and the solution(s) we propose and then we can include the links to the ZBXs. And here I'd appreciate if the developers who did the investigation would formulate the first version of this information.
|
|
Well, this may be a bit non-trivial. The apparent problem is that when cURL 7.29.0 is used with NSS 3.19.1 as the crypto library, then it may crash when sending email alerts using NTLM authentication. The crash could probably be fixed(?) by either upgrading NSS or using cURL with a different crypto backend, but would fixing it make a lot of sense if Zabbix does not currently support neither NTLM, nor LOGIN authentication methods (we specify PLAIN if cURL is sufficiently recent, i.e. at least 7.31.0)?
|
|
Is there a bug report regarding this somewhere in upstream?
|
|
I have looked for one, but have not found any.
|
|
Just meet the same. cURL - 7.29.0, NSS 3.19.1 as the crypto. Looking for a workaround.
|
|
CentOS Linux release 7.2.1511 (Core)
zabbix-server-mysql-3.0.1-1.el7.x86_64
libcurl-7.29.0-25.el7.centos.x86_64
nss-3.19.1-19.el7_2.x86_64
Got the same situation, and cost lots of time on investigation got frustrated. Once change media types (Email) from “normal password" to "none" then restarted zabbix-server successfully but got lots of " 23344:20160420:165344.674 wrong answer on MAIL FROM "530 5.7.1 Client was not authenticated" errors in zabbix-server.log.
|
|
Has anybody tried using a different crypto library as cURL's backend as a workaround?
|
|
Ale,
Guess I find a way to avoid that crashing...while having completely the same versions of libcurl and nss above. Today I found 3.0.2 released, so based on this , again I chose media types Email uses Security None and Normal password, Windows exchange E-mail account ,the same problem exists(/curl command)(Ok, the problem not mentioned in the release notes). However if set STARTTLS as the security connection then everything comes back normal, server running ok and emails sent out. With a closely attention paid on zabbix-server.log will see those warnings or something like that and I tried a lot of times.
If this is the thing, then crash has nothing to do with the versions of libcurl or nss. It's the mail server settings forcing use STARTTLS to send/submit emails.
|
|
Zabbix 3.2 has same issue too.
environment:
CentOS Linux release 7.3.1611 (Core)
Hyper-V 2012 R2
|
|
Backtrace is identical. Try suggested workarounds (upgrading libcurl, switching to a different libcurl flavour...).
It's not a Zabbix bug. Seems like I've found a bug report upstream (marked as duplicate of a more general issue). Seems it hasn't been fixed on libnss side yet, but maybe newer versions of libcurl work this issue around.
|
|
I also have this error.
To get the error, I do the following:
set the smtp settings as shown in the screenshot in the header ZBX-10461. Then make the server reboot. After the reboot when triger is true, the server crash.
However, if you set other settings(before rebooting after crash), for example, set the ssl \ tls encryption after this, restart. When trigger is true, I had an error "Timeout was reached: Operation timed out after 40001 milliseconds with 0 out of 0 bytes received", but server is not in crash.
And if now back to return the original settings, without reboot - the EMAIL NOTIFICATION START TO WORK, but before the first server reboot.
I use:
CentOS Linux release 7.3.1611 Minimal
Installation from the package
Zabbix 3.2.7 (revision 70298)
Mariadb
|
|
So what is the solution here? this happens with the latest versions of libcurl and NSS.
|
|
Try a different flavour of libcurl (OpenSSL or GnuTLS).
|
|
Closing as Won't Fix based on comment above.
|
|
Clarification:
Please see comment
Where it shows that it crashes even if Zabbix is not involved. So not an issue in Zabbix.
|
|
Hi dear, vso
It is curl version: "curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.36 zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets"
Also I compile with openssl / Guntls and both of them failed with same error in log.
Are there any solution for upping zabbix server with current database? or should I run new database with new zabbix server?
|
|
Hi h.gholami It is possible to move zabbix mysql database between servers if that’s what you need, however this tracker is for bug reports only, for help with upgrade you can contact our support or community, for example forums, irc channel or telegram, thanks !
|
|
Listed in known issues from Zabbix 3.0 onward.
|
|
Hi,
Please try with the latest CURL and NSS versions will fix the issue.
Thanks and Regards,
Sivanesan Venkatesan
|
Generated at Fri Jun 06 20:20:42 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.
smtp_settings.png
zabbix-server.3.2.crashing
zabbix_crash.txt