I have filed a bug against the graylog snap but I’m also unsure of what the fix should be:
It seems like the graylog daemon is missing “-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts” so it can try to make sending emails via STARTTLS tcp/25 work. I think the snap won’t have access to that folder, and /etc/ssl might need to be copied to /snap/graylog/current/etc/ssl. Is this correct?
OTOH, /etc/ssl/certs/java/cacerts doesn’t exist, and /snap/graylog/current/etc/ssl/certs/java folder exists but it is empty.
For now, I have disabled TLS on graylog so emails are sent unencrypted. What would be the best approach to fix this bug?