Nagios Support Forum

I'm noticing our maillog is growing rather large as well. I've messed around with rotation/compression optons, but I'm noticing a number of connection refused entries in my maillog.

I'm getting connection refused to 2 different mail servers on our system but emails are being sent just fine. Is there a configuration somewhere that's causing this that I haven't caught yet?

How often are these connection refused entries being generated? Is it once per email, or at random times? Have you noticed any instability on the mailserver end that you can correlate with these messages?

What kind of mail server are you sending to remotely? Are there any other mail servers that could be accepting the messages for these two and allowing contacts to correctly receive alerts?

slansing wrote:How often are these connection refused entries being generated? Is it once per email, or at random times? Have you noticed any instability on the mailserver end that you can correlate with these messages?

They are being generated quite often. With something like 15 contacts being notified of every state change on 1700 hosts with a total of 4300 services, this can generate a ton of messages. It seems as if all of the email is going through fine, just as I would expect it. I'm not sure if it's possible to correlate one of these connection refused messages with a specific email to verify that it did or didn't get sent?

As for the mail server end, I cannot say as that's a different department unfortunately.

sreinhardt wrote:What kind of mail server are you sending to remotely? Are there any other mail servers that could be accepting the messages for these two and allowing contacts to correctly receive alerts?

I will have to verify this as it is a different department within our company.

In the mean time, I should note that the error says sendmail but under the admin section I have selected SMTP. Are these two related?

If you are using exchange this should absolutely be able to be done, via the mailflow tool. You should be able to have the mail guys choose either a message ID, subject, or multiple other details and trace it through the system. I am not positive about other servers ability to do so, however I would think that there is a way.

I believe we use sendmail to deliver smtp mail for the classic core commands, not the xi-host-notify-by-email commands.

sreinhardt wrote:I believe we use sendmail to deliver smtp mail for the classic core commands, not the xi-host-notify-by-email commands.

So you're saying that some mail will be through SMTP while some will be through sendmail? Take notify-service-by-email for instance? Do I understand you correctly in thinking that this would go through sendmail? *entirely confused now*

Yes I believe, could be incorrect, that sendmail is used for the default core notifications. The difference being whether it is sending locally or using smtp and potentially authentication. Where as the XI notification handlers use phpmailer within the scripts, that go directly to smtp. They both use smtp as a communication form to a remote server, it is just a matter of what application\script handles sending the mail.

As it turns out, when the mail servers were updated the settings I had were no longer correct. The team is correcting the issue now. I will verify that mail continues to go through and that I no longer have any messages showing up in my maillog related to this.

Thanks for the clarification about how the system handles mail. Slowly I am getting my head wrapped around all of this.

Great, your notifications should be routing the the correct addresses soon enough!