SMTP protocol can be used.

Setting up AutoSupport 

Hi, thanks for your response, sorry for the confusion, it's not  the SMTP protocol the issue here, we are using it and working fine previously,  now email team has introduced a policy, that every email or system alerts are to be authenticated on the email servers, to all the alerts out (security), so now we have been forced to the same for our autosupport to be authenticated and to my knowledge there is no option in autosupport modify  ,  so we our question was does NetApp supports  SMTP authentication.

It's SMTP authentication not the protocol  the concern here.

Thanks

Krish

SMTP auth for autosupport is supported.

Please refer to this document for more information:

system node autosupport modify 

Hi

hmm......ok let me ask like this,  can you get SMTP auth for autosupport using a USER ? 

So instead of whitelisting the mgt ip, they want to use USER account to verify.

Hope I am clear now... it's not about SMTP  Mail Hosts , it's about the authentication against a user.

Thanks

Hi,

On NetApp Filers, I believe SMTP authentication is not possible. As you mentioned, SMTP as 'protocol' can be used but then there are lots of limitation and SMTP authentication is one such limitation.  Agree to your point, Whitelisting is simply asking Mail-host to ignore 'security' and trust the IPs, which is not you want isn't it.

If you provide mail host that requires authentication: Likelihood, Auto-support delivery might hang indefinitely, and I believe you should be able to trace the authentication error in the cluster node logs in notifyd.log:
Location: /mroot/etc/log/mlog/notifyd.log

Workaround as it seems: Change the Auto-support SMTP mail host to a mail host that does not require authentication or use https.

Thanks!

The man page link has more info. Did you see it?

==

Also, you can optionally prepend a user name and password combination for authentication to each mail server. The format of the username and password pair is user1@mymailhost.example.com. User will be prompted for the password. The username and password can be specified on none, all, or some of the mail hosts.

==

When you execute the modify command, if you specify a user as above, you will be interactively prompted for a password.

Note1: AutoSupport only supports simple authentication. STARTTLS is not supported. There is an RFE in the system for that with no target date.

Note2: With ONTAP 9.5 and later, AutoSupport configuration is enforced cluster-wide. So, the user:password configuration for the mailhost is shared by all nodes in the cluster.

Thanks a lot for all the responses. one of the mandatory requirement is STARTTLS.

OK. In case you want to bring this up with your NetApp representative:

1. HTTPS (TCP/443) to support.netapp.com
2. HTTPS via a configured proxy (simple authentication supported, if needed) to support.netapp.com
3. Arrange for a "SMTP whitelist sender" exception for the ONTAP clusters - the allowed destinations can be locked down to autosupport@netapp.com, any external support partner e-mail destinations or internal e-mail destinations.

Thanks a lot Sir,

Does http or https needs to be authentication against the proxy server ? as our network security team are adding the mgt ip's to send out the auto upport instead of any technical user authenticating again proxy server, but we are seeing this error: Received HTTP Code 407 from proxy after CONNECT.

Thanks

Krish

Here's an example of setting up a proxy with a password, which I'm assuming your company requires:

system node autosupport modify –node nodename –proxy-url user1:mypass@proxyurl:8080

Thanks for your response, but in our case, there are no users, our mgt IP's are white listed at the proxy server, so we can send out auto support.

They are forwarding to support.netapp.com from a certain port, I assume? (Note: They must set the proxy to send to NetApp Support specifically.) Let's assume that port is 1234 and the proxy is called proxy1.company1.com then if no password is needed, this is what you need:

system node autosupport modify -node node1 -proxy-url proxy1.company1.com:1234

Note: No http or https is needed in the URL.

man page:

[-proxy-url <text>] - Support Proxy URL

Use this parameter to specify an HTTP or HTTPS proxy if the -transport parameter is set to HTTP or HTTPS and your organization uses a proxy. Enter the URL without an http:// or https:// prefix. If authentication is required, use the format "[username]@[host][:[port]]". You will be prompted for the password. The default is an empty string. To specify a proxy that contains a question mark, press ESC followed by the "?". This field can be cleared by setting the value to an empty string using two double quotes ("").