Issue | When ESA alerts are triggered in Security Analytics, email notifications are not being sent. The /opt/rsa/esa/logs/esa.log file reports errors similar to the example below when alerts are triggered.
2014-12-22 16:59:27,085 [alert-SMTP-dispatch] WARN com.rsa.netwitness.core.alert.dispatch.AbstractDispatcher - An alert of type SMTP could not be sent. java.lang.RuntimeException: javax.mail.MessagingException: Could not connect to SMTP host: mail.example.com, port: 25;; nested exception is:; java.net.ConnectException: Connection timed out; at com.rsa.netwitness.core.alert.dispatch.SmtpDispatcher.dispatch(SmtpDispatcher.java:50);
Issuing the command tcpdump -vv -nn host mail.example.com and port 25 -w esatraffic.pcap (where mail.example.com is the FQDN of the mail server) and examining the file in Wireshark, traffic similar to the following is observed:
 |