Troubleshooting
Problem
Email notifications can fail to be sent due to the "Relay access denied (in reply to RCPT TO command)" error message in the /var/log/maillog file.
Cause
If the email server's credentials are incorrect, then it can cause the relay access denied error.
Diagnosing The Problem
If email notifications are not working, you can search in the /var/log/maillog for the relay access denied message by using the following command:
# grep -i "Relay access denied" /var/log/maillog | less
Example output confirming the error:
<HOSTNAME> postfix/smtp[28051]: 67735180DAEC: to=<EMAIL_ADDRESS>, relay=<MAIL_SERVER>[<IP>]:25, delay=0.07, delays=0.01/0/0.05/0.01, dsn=4.7.1, status=deferred (host <MAIL_SERVER>[<IP>] said: 454 4.7.1 <EMAIL_ADDRESS>: Relay access denied (in reply to RCPT TO command))
<HOSTNAME> postfix/smtp[28051]: 67735180DAEC: to=<EMAIL_ADDRESS>, relay=<MAIL_SERVER>[<IP>]:25, delay=0.07, delays=0.01/0/0.05/0.02, dsn=4.7.1, status=deferred (host <MAIL_SERVER>[<IP>] said: 454 4.7.1 <EMAIL_ADDRESS>: Relay access denied (in reply to RCPT TO command))
If you get similar output, follow the steps in Resolving The Problem.
Resolving The Problem
Before you start
Verify the email server credentials shared by the server team.
Steps
Correct the email server credentials in the Email Server Management settings.
Verify the email server credentials shared by the server team.
Steps
Correct the email server credentials in the Email Server Management settings.
- Log in to the QRadar console UI.
- On the navigation menu (
), click Admin. - Click Email Server Management.
- Select the email server for which you want to modify the credentials.
- To edit an email server, click the Open and close list of options (
) icon for the server, then click Edit. - Modify the credentials to ensure they are correct.
- Click Save.
Results
After you apply the correct credentials, administrators can wait for the scheduled email notifications to be sent. If you are still having an issue, contact support.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtmAAA","label":"Reports"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
21 November 2022
UID
ibm16839437