Skip to Main Content
Forums

APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Apex 18.2 Mail, ACL - ORA-24247 error

FlammiferJan 24 2019 — edited Jan 27 2019

Hello,

I can't remember when I started getting the error, whether immediately after upgrading from APEX 5.0.1 to 18.2, or randomly, but suddenly I can't send emails anymore, the error is:

ORA-24247: network access denied by access control list (ACL).

Reading MAIL_MESSAGE_CREATED column in APEX_MAIL_QUEUE table it seems first date this issue started appearing is 14/1/2019, which is definitely after upgrading APEX, but this is assuming no emails were sent after upgrade until that date.

I've been looking into Instance Settings, but I don't think APEX Instance URL, Images URL, SMTP Host Address and Port could change in the meantime since it was working before. I do get strange login request after upgrading to APEX 18.2, which appears each time I view the code of any object via Object Browser (I just click Cancel to get around), as per the image:

Screenshot 2019-01-25 at 01.56.47.png

But one thing that tells me this might not be related to Instance Settings, is because I get same ORA-24247 error when using utl_smtp to send email from SQL Commands, instead of APEX_MAIL.SEND, APEX_MAIL.PUSH_QUEUE. Or, is it related?

I tried creating ACLs, to APEX_180200, for example, like:

BEGIN

DBMS_NETWORK_ACL_ADMIN.create_acl (

acl          => 'power\_users\_apex.xml'

, description => 'access to apex email'

, principal => 'APEX_180200'

, is_grant => TRUE, privilege => 'connect'

, start_date => SYSTIMESTAMP

, end_date => NULL);

COMMIT;

END;

/

BEGIN

DBMS_NETWORK_ACL_ADMIN.add_privilege (

acl => 'power_users_apex.xml'

,principal => 'APEX_180200'

,is_grant => TRUE

,privilege => 'resolve');

COMMIT;

END;

/

BEGIN

DBMS_NETWORK_ACL_ADMIN.assign_acl (

acl => 'power_users_apex.xml'

,host => 'localhost' --I tried localhost and 10.0.0.4 IP

,lower_port => 25

,upper_port => NULL);

commit;

END;

/

Then using PUSH_QUEUE, checking APEX_MAIL_QUEUE table and MAIL_SEND_ERROR column is still "ORA-24247: network access denied by access control list (ACL)" for all my emails.

SMTP on my Linux server shouldn't be issue I guess because I tried:
mail -v myaddress@yahoo.com
Subject: Test test

and got the email from server.

I have privileges like:

Screenshot 2019-01-25 at 02.33.43.png

Host * (all?) was from before, 10.0.0.4 and localhost is what I added additionally.

Users are:

Screenshot 2019-01-25 at 02.39.17.png

I guess APEX_050000 remained from APEX 5.0.1, but not sure as its not 050100.

Is there some specific GRANT that should be done with SQL?

What could I be missing or doing wrong? And what could've gone wrong out of the blue? (since e-mail sending was working fine before)
Comments
Post Details
Added on Jan 24 2019
#apex-discussions
2 comments
645 views