Troubleshooting email responses not working on QRadar Network Security

Network connectivity

It is possible that the XGS is not able to connect to the email server on port 25. To verify this, SSH to the device and log in as admin. Then, go to tools. Here you can run the telnet command to confirm that the connection is successful. A successful example of this can be seen below:

XGS7100:tools> telnet 192.0.2.100 25
220 ESMTP IMSVA
^C
Console escape. Commands are:

l go to line mode
c go to character mode
z suspend telnet
e exit telnet

Notes:

• You can use Ctrl+c and then e to exit telnet.
• SMTP 220 indicates that the service is ready and the connection was successful.
• If it fails to connect over telnet, this is likely the reason for emails not working. Verify network connectivity between the XGS and the mail server, and confirm that there are no devices blocking this connection.

Authenticated SMTP server

The SMTP Response Object does not have an option to specify the user name and password. Hence, if the SMTP server accepts only emails from authenticated hosts, the XGS is not able to send an email through that SMTP server.

Currently, there is no workaround. The SMTP server has to be configured to accept emails from the XGS IP address without authentication with the help of the SMTP server administrator. If you would like to have that option in XGS, see Technote 1682719: How to submit enhancement requests for IBM Security products for details on opening an RFE for this to be considered in a future release.

Note: This is applicable to Identity Mail Settings configuration under Identity Settings, as well.

If you still have issues in receiving emails, collect packet captures by using the instructions in Technote 1883213: Capturing network traffic on Security Network Protection sensors. Be sure to capture the traffic on the management interface for traffic to and from your mail server. Then, download the capture, generate a support file, and contact Support for further assistance.