Friday, January 4, 2019

ORA-29278 SMTP Error – When Oracle Says Service Not Available

If you’ve ever tried sending emails from an Oracle database using UTL_SMTP, you’ve probably seen some cryptic errors pop up when something's not quite right.

We had encountered a classic:

ORA-29278: SMTP transient error: 421 Service not available
ORA-06512: at "SYS.UTL_SMTP", line 57
ORA-06512: at "SYS.UTL_SMTP", line 140
ORA-06512: at "SYS.UTL_SMTP", line 633
ORA-06512: at line 1
ORA-24247: network access denied by access control list (ACL)

Error: ORA-29278: SMTP transient error: 421 Service not available ORA-06512: at "SYS.UTL_SMTP", line 57 ORA-06512: at "SYS.UTL_SMTP", line 140 ORA-06512: at "SYS.UTL_SMTP", line 633 ORA-06512: at line 1 ORA-24247: network access denied by access control list (ACL).Possible cause: Please check your Alert settings. If the problem persists, contact Integra Support

 Step by step — until the alert email finally came through 

Issue:

The root cause was a network ACL (Access Control List) restriction. Since Oracle 11g, network operations from the database require explicit permissions via ACLs.

In this case:

  • Oracle couldn't reach the SMTP server at <Ip address>:25

  • The database user AMHOME lacked proper ACL permissions

Creating and Assigning ACLs for the Particular Database user 

Here’s the complete setup we executed to resolve the issue:

Step 1 Create ACL

BEGIN
  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL
         (acl                =>  'ccgmail.xml',
          description    =>  'CCGMAIL',
          principal        =>  'AMHOME',
          is_grant          =>  true,
          privilege        =>  'connect');  -- for connect 

  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE
           (acl              =>  'ccgmail.xml',
            Principal    =>  'AMHOME',
            is_grant      =>  true,
            privilege     =>  'resolve'); -- for resolve 

  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL
            (acl                =>  'ccgmail.xml',
             host              =>  '<Ip address>',  
      lower_port   =>   25);
END;

Step 2 Add Privileges

We granted both connect and resolve privileges to allow outbound connections and DNS resolution:

BEGIN
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE
   ( acl             =>  'ccgmail.xml',
     principal       =>  'AMHOME',
     is_grant        =>   TRUE,
     privilege       =>  'connect');
END;

commit;

BEGIN
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE
           (acl               =>  'ccgmail.xml',
            Principal   =>  'AMHOME',
            is_grant      =>   true,
            privilege     =>  'resolve');
END;
commit;

Step 3  Assign ACL to the SMTP Host and Port

BEGIN
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL
        (acl                 =>  'ccgmail.xml',
         Host             =>  '192.168.80.16',
         lower_port  =>   '25');
END;
commit;

 Note: Be sure to commit after each block to save changes.

Verify ACLs

To confirm everything was in place: SELECT * FROM dba_network_acls;

 select * from dba_network_acls;

SMTP server domain:  192.168.80.16Port:  25

This showed our ccgmail.xml properly linked to the host and port.

Once all ACLs were in place, we tested sending an email using Oracle’s alert system:

From:  palaneandavar@domainname.aeTo:  palaneandavar@domainname.ae             
Subject:  Integra: Alerts Test                
Status  Your test email has been sent successfully to palaneandavar@domainname.ae

  • SMTP server: 192.168.80.16

  • Port: 25

  • From/To: palaneandavar@domainname.ae

Result:

Status: Your test email has been sent successfully to palaneandavar@domainname.ae

 Pro Tips

  • ACL entries are case-sensitive for the principal (user/schema) name.

  • Don’t forget to grant both connect and resolve privileges — missing one can cause silent failures.

  • Always commit after changes to ACLs.

  • If your SMTP server is external or behind a firewall, ensure it's reachable from the DB host.

  •  Still Getting ORA-29278?

If the error persists even after ACL configuration:

  • Double-check SMTP availability from the server itself using telnet <host> 25

  • Confirm no firewall rules are blocking the port

  • Make sure Oracle Listener or Network Services are not imposing restrictions

Wrapping Up

What looked like an intimidating ORA error turned out to be a straightforward ACL misconfiguration. With a few precise PL/SQL blocks and a bit of patience, we were back to sending alert emails like clockwork.

Lesson learned: Oracle doesn’t just trust anyone to send emails — you have to earn it with the right ACLs!

Have a similar use case with different ports or external domains? Drop a comment or reach out — happy to help fine-tune your setup.

Till next time, keep those emails flowing and the errors at bay.
























Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)