IBM Support

QRadar: Email error "TLS is required, but was not offered by host"

Troubleshooting


Problem

Emails can fail to send due to the error message "TLS is required, but was not offered by host" found in the /var/log/maillog file.

Cause

A "TLS is required, but was not offered by host" error means that transport route encryption is required, but is not offered by the recipient. The cause of the error is when encryption is not offered by the receiving server due to either an obsolete TLS version being used on the email server or TLS is not used at all.

Diagnosing The Problem

 If email notifications are not working, search the logs for an error containing "TLS is required, but was not offered by host" by entering the following command: 
grep -i "TLS is required" /var/log/maillog | less
Look for the following error to confirm the problem with TLS: 
Sep 20 10:28:26 <Hostname> postfix/smtp[31887]: DFBD0C01486: to=<mail.co.in>, relay=<Relay name> [xx.xx.xx.xx]:25, delay=147481, delays=147481/0.08/0.04/0, dsn=4.7.4, status=deferred (TLS is required, but was not offered by host <Relay name>[xx.xx.xx.xx])
Sep 20 10:28:26 <hostname> postfix/error[31933]: CABBEC0149E: to=<mail.co.in>, relay=none, delay=202544, delays=202544/0.15/0/0, dsn=4.7.4, status=deferred (delivery temporarily suspended: TLS is required, but was not offered by host <Relay name> [xx.xx.xx.xx]):25

Resolving The Problem

  1. Disable TLS for email in the QRadar UI:
    • Go to the Admin tab and select Email Server Management.
    • Click List options (three dots) to edit configuration settings.
    • Select Edit and then Disable TLS.
  2. Restart the postfix service on QRadar Console. 
    systemctl restart postfix
  3. Run the following command to ensure TLS is disabled. 
    cat /etc/si-postfix/qradar.conf | grep -i "tls"

    The output of the command should be: 
    EMAIL_SERVER_ENABLE_TLS=false
Results
Send a test email to confirm the solution. Administrators can also wait for the scheduled email notifications to be delivered.

If you are still having an issue, contact QRadar Support.


 

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]

Document Information

Modified date:
30 November 2022

UID

ibm16841431

Page Feedback