If you’ve ever tried sending emails from an Oracle database using UTL_SMTP, you’ve probably seen some cryptic errors pop up when something's not quite right.
We had encountered a classic:
ORA-29278: SMTP transient error: 421 Service not available
ORA-06512: at "SYS.UTL_SMTP", line 57
ORA-06512: at "SYS.UTL_SMTP", line 140
ORA-06512: at "SYS.UTL_SMTP", line 633
ORA-06512: at line 1
ORA-24247: network access denied by access control list (ACL)
Error: ORA-29278: SMTP transient error: 421 Service not available ORA-06512: at "SYS.UTL_SMTP", line 57 ORA-06512: at "SYS.UTL_SMTP", line 140 ORA-06512: at "SYS.UTL_SMTP", line 633 ORA-06512: at line 1 ORA-24247: network access denied by access control list (ACL).Possible cause: Please check your Alert settings. If the problem persists, contact Integra Support
Step by step — until the alert email finally came through
Issue:
The root cause was a network ACL (Access Control List) restriction. Since Oracle 11g, network operations from the database require explicit permissions via ACLs.
In this case:
Creating and Assigning ACLs for the Particular Database user
Here’s the complete setup we executed to resolve the issue:
Step 1 Create ACL
BEGIN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL
(acl => 'ccgmail.xml',
description => 'CCGMAIL',
principal => 'AMHOME',
is_grant => true,
privilege => 'connect'); -- for connect
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE
(acl => 'ccgmail.xml',
Principal => 'AMHOME',
is_grant => true,
privilege => 'resolve'); -- for resolve
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL
(acl => 'ccgmail.xml',
host => '<Ip address>',
lower_port => 25);
END;
Step 2 Add Privileges
We granted both connect and resolve privileges to allow outbound connections and DNS resolution:
BEGIN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE
( acl => 'ccgmail.xml',
principal => 'AMHOME',
is_grant => TRUE,
privilege => 'connect');
END;
commit;
BEGIN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE
(acl => 'ccgmail.xml',
Principal => 'AMHOME',
is_grant => true,
privilege => 'resolve');
END;
commit;
Step 3 Assign ACL to the SMTP Host and Port
BEGIN
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL
(acl => 'ccgmail.xml',
Host => '192.168.80.16',
lower_port => '25');
END;
commit;
Note: Be sure to commit after each block to save changes.
Verify ACLs
To confirm everything was in place: SELECT * FROM dba_network_acls;
select * from dba_network_acls;
|
| SMTP server domain: | 192.168.80.16 | Port: | 25 |
This showed our ccgmail.xml properly linked to the host and port.
Once all ACLs were in place, we tested sending an email using Oracle’s alert system:
| From: | palaneandavar@domainname.ae | To: | palaneandavar@domainname.ae | | |
| Subject: | Integra: Alerts Test | | |
| Status | Your test email has been sent successfully to palaneandavar@domainname.ae |
Result:
Status: Your test email has been sent successfully to palaneandavar@domainname.ae
Pro Tips
-
ACL entries are case-sensitive for the principal (user/schema) name.
-
Don’t forget to grant both connect and resolve privileges — missing one can cause silent failures.
-
Always commit after changes to ACLs.
-
If your SMTP server is external or behind a firewall, ensure it's reachable from the DB host.
Still Getting ORA-29278?
If the error persists even after ACL configuration:
-
Double-check SMTP availability from the server itself using telnet <host> 25
-
Confirm no firewall rules are blocking the port
-
Make sure Oracle Listener or Network Services are not imposing restrictions
Wrapping Up
What looked like an intimidating ORA error turned out to be a straightforward ACL misconfiguration. With a few precise PL/SQL blocks and a bit of patience, we were back to sending alert emails like clockwork.
Lesson learned: Oracle doesn’t just trust anyone to send emails — you have to earn it with the right ACLs!
Have a similar use case with different ports or external domains? Drop a comment or reach out — happy to help fine-tune your setup.
Till next time, keep those emails flowing and the errors at bay.
