Nagios XI Email Notification Setup: Gmail, Microsoft 365, Yahoo, and Zoho Guide (2026)
Email notifications are the first line of defense in Nagios XI. When they fail, small issues become outages. This guide walks you through configuring reliable alerts with Gmail/Google Workspace, Microsoft 365/Outlook.com, Yahoo Mail, Zoho Mail, and custom SMTP relays. You’ll set up secure SMTP and OAuth 2.0, keep SPF/DKIM/DMARC aligned, run end-to-end tests, and use logs and CLI checks to fix issues fast. Follow these steps to keep alerts deliverable, secure, and consistent.
Prerequisites
- Admin access to Nagios XI.
- Provider account ready (mailbox or SMTP relay access). For Microsoft 365 OAuth, you’ll need an App registration with Client ID/Secret and Tenant ID.
- Time sync: The XI host is NTP‑synchronized (avoids TLS handshake and token issues).
- Firewall/NAT: Allow outbound TCP on 587 (preferred) and/or 465 to the provider host. Port 25 should be used only when your relay policy explicitly allows it.
- Deliverability: Your sending domain publishes SPF, signs with DKIM, and enforces DMARC. If you run your own relay, ensure valid PTR (reverse DNS) and matching HELO name.
- From address policy: Use a dedicated sender like
alerts@your-domain. Keep From and Envelope-From (Return‑Path) aligned to a domain you control.
Where to configure in XI
Nagios XI makes email setup straightforward. Navigate to these paths:
- Admin → System Config → Email Settings → SMTP with Basic Auth
- Admin → System Config → Email Settings → Gmail with OAuth2 (optional Gmail OAuth)
- Admin → System Config → Email Settings → Microsoft with OAuth2 (for Microsoft 365)
Quick Start for Any Provider
For a fast setup:
1. Navigate to Admin → System Config → Email Settings → SMTP with Basic Auth.
2. Fill in these key fields:
- SMTP Host: Your provider’s server, like
smtp.gmail.com. - Port: 587 for TLS/STARTTLS or 465 for SSL/TLS, depending on what’s required.
- Security: Choose TLS (STARTTLS) or SSL/TLS to match.
- Username: Typically your full email address (skip this for IP-allowlisted relays).
- Password: Your account password or an App Password—switch to OAuth tabs if supported.
- Send Mail From: Something clear like
Nagios Alerts <[email protected]>.
3. Hit Test Settings to send a quick email and check if it lands.
Quick tip: If you’re sending on behalf of a shared mailbox or different address, verify “Send As” permissions with your provider to avoid bounces.
Provider-Specific Setups
Email providers keep updating their rules, especially in 2025 with a big shift toward OAuth over basic auth for better security. We’ve pulled these configs from official sources and tested them to ensure they’re solid.
Gmail (Personal @gmail.com Accounts)
For personal Gmail, the easiest secure option is an App Password, paired with two-step verification.
1. Enable two-step verification in your Google account settings.
2. Generate an App Password called “Nagios XI” and copy that 16-character code.
3. In Nagios XI’s SMTP section:
- Host:
smtp.gmail.com - Port/Security: 587 with TLS (STARTTLS) or 465 with SSL/TLS.
- Username: Your full Gmail address.
- Password: The App Password (Generated 16-character code).
- From: Your Gmail address or a verified alias.
Run Test Settings to confirm.
If your organization insists on OAuth, use the Gmail with OAuth2 tab and follow the prompts with your Google Cloud Client ID and Secret.
Common hiccups: “535 5.7.8 Username and Password not accepted” usually means double-check two-step verification is on and you’re using the App Password. “Must issue a STARTTLS command first”? Switch to 587/TLS.
This video walks through setting up email notifications with Gmail.
Google Workspace (Business Accounts)
Business users get the best results with Google Workspace’s SMTP relay, especially if you can set up IP allow listing for no-fuss auth.
- Server:
smtp-relay.gmail.com - Port: 587 (recommended with STARTTLS), 465 (SSL/TLS), or 25 (opportunistic TLS).
- Security: Matches the port—opportunistic on 25, STARTTLS on 587, SSL/TLS on 465.
- Authentication: Skip username/password if IP allowlisting is in play; just align your “From” with the policy.
Microsoft 365
Microsoft 365 is all about OAuth these days for top-notch security via the Microsoft Graph API.
1. In Microsoft Entra ID (formerly Azure AD):
- Set up an app registration and grab the Tenant ID and Client ID.
- Create a Client Secret and keep it safe.
- Add the “Mail.Send” permission under Microsoft Graph (Application type) and grant admin consent.
2. Back in Nagios XI’s Microsoft with OAuth2 tab:
- Plug in the Tenant ID, Client ID, and Secret.
- Set a valid “Send From” mailbox or alias.
- Click Test Credentials, then Test Settings.
Stick to modern TLS (1.2 or higher) and keep the “From” address in line with what’s authorized.
As a temporary bridge, you can fall back to SMTP AUTH on smtp.office365.com with port 587 and STARTTLS (no 465 here). Use a licensed mailbox’s UPN and password, but enable SMTP AUTH at both the org and mailbox levels, and grant “Send As” if needed. Heads up: Basic Auth for SMTP is getting the axe permanently in September 2025, so shift to OAuth ASAP.
Typical errors: “5.7.139 Authentication unsuccessful” or “5.7.0 Authentication required” points to enabling SMTP AUTH (if using it), checking UPN/password, and sticking to 587/STARTTLS. “5.7.60 Client does not have permissions to send as this sender”? Grant “Send As” or tweak the “From”.
Outlook.com
For personal Microsoft accounts like Outlook.com, Hotmail, or Live, keep it simple:
- Server:
smtp-mail.outlook.com - Port/Security: 587 with STARTTLS.
- Authentication: Your full address and password; switch to an App Password if two-step verification is on.
Read this article to learn more:
Yahoo Mail
Yahoo keeps third-party access secure with App Passwords.
1. Head to Yahoo Account Security and generate one named “Nagios XI”.
2. In Nagios XI SMTP:
- Host:
smtp.mail.yahoo.com - Port/Security: 465 with SSL/TLS or 587 with TLS.
- Username: Your full Yahoo address.
- Password: The App Password.
- From: Your Yahoo address.
Read this article to learn more:
Zoho Mail
Zoho’s setup varies by region and account type.
For standard accounts:
- Server:
smtp.zoho.comfor (US),smtp.zoho.eufor (EU),smtp.zoho.infor (IN). - Port/Security: 465 with SSL/TLS or 587 with TLS.
- Authentication: Email and password; use a Zoho App Password if MFA is enabled.
- From: Your Zoho address or allowed alias.
Organizations on paid plans might use smtppro.zoho.com with the same ports and security.
Read this article to learn more:
Custom SMTP / Internal Relay
For custom setups, loop in your mail team to get:
- The hostname (FQDN), port, TLS mode, and auth method.
- Policies for allowed From/Return-Path.
- IP allowlisting or certificate rules.
- Limits on rates and message sizes.
To nail deliverability, publish SPF, sign with DKIM, enforce DMARC, and ensure PTR and HELO match up.
Testing and Validation
Once configured, don’t skip testing; it’s the best way to catch issues early.
- In the SMTP settings, click Test Settings and send to an email you can access.
- Check both the Inbox and Spam/Junk folders.
- If it flops, dive into the logs:
/usr/local/nagiosxi/tmp/phpmailer.logfor XI, or OS-specific ones. - For OAuth, head to the provider portal to validate tokens and credentials.
Handy CLI tools for extra checks:
# Probe STARTTLS for Microsoft 365
openssl s_client -starttls smtp -connect smtp.office365.com:587 -brief
# Test Gmail SMTP auth with App Password
swaks --to you@domain --server smtp.gmail.com --port 587 --auth LOGIN \
--auth-user [email protected] --auth-password 'your-app-password' --tls
# Generic STARTTLS check
openssl s_client -starttls smtp -connect host.example.com:587 -showcertsTroubleshooting
Most Common Issues and Fixes
- Authentication Failures: Stick to the right App Password (for Gmail, Yahoo, Zoho) or OAuth (Microsoft 365, Gmail). For Microsoft 365’s SMTP AUTH fallback, enable it at org and mailbox levels, use 587/STARTTLS, and verify UPN/password. Sending as another address? Grant “Send As” permissions.
- TLS or Connection Errors: Ensure ports 587 and/or 465 are open outbound. Your XI host needs TLS 1.2+ and fresh CA certs. Remember, no port 465 for Microsoft 365 client submission.
- Relaying Denied: Auth properly with username/password or OAuth, or lean on an IP-allowlisted relay. Align the “From” with policy rules.
- Google Workspace Relay: Prompted for a password? Your policy likely wants IP allowlisting; drop credentials and fix the “From” domain.
- Gmail: “535 5.7.8 Username and Password not accepted” → Confirm two-step is enabled and use the App Password.
Quick Reference Table
| Provider | Server | Ports | Security | Auth Notes |
|---|---|---|---|---|
| Gmail (personal) | smtp.gmail.com | 587 / 465 | TLS / SSL | OAuth preferred; App Password with 2SV supported. (Google for Developers, Google Help) |
| Google Workspace (SMTP Relay) | smtp relay.gmail.com | 25 / 465 / 587 | Opportunistic / SSL / STARTTLS | Prefer 587/STARTTLS; IP allowlisting; align From domain. (Google Help) |
| Microsoft 365 | smtp.office365.com | 587 | STARTTLS | OAuth recommended; SMTP AUTH w/Basic retires Sep 2025; no 465. (Microsoft Learn) |
| Outlook.com | smtp.mail.outlook.com | 587 | STARTTLS | Modern Auth/OAuth2 supported; avoid Basic. (Microsoft Support) |
| Yahoo Mail | smtp.mail.yahoo.com | 465 / 587 | SSL / TLS | App Password required for third party SMTP. (Yahoo Help) |
| Zoho Mail | smtp.zoho.com (region variants) | 465 / 587 | SSL / TLS | Password or App Password (MFA); some orgs use smtppro.zoho.com. (Zoho) |
| Custom/Internal Relay | your relay | 25 / 587 / 465 | As configured | Auth and/or IP allowlisting per policy; align From, SPF/DKIM/DMARC. (Google Help) |
Conclusion
Reliable email notifications prevent minor issues from becoming outages in Nagios XI. Configure SMTP and OAuth using the provider-validated settings in this guide, prioritize OAuth 2.0 as Microsoft retires legacy methods in 2025, and maintain SPF/DKIM/DMARC alignment to safeguard deliverability. If tests fail, use the logging, CLI checks, and quick-fix steps here to diagnose and resolve issues quickly.
