Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

SMTP - maillog show

https://support.nagios.com/forum/viewtopic.php?t=47812

Page 1 of 1

SMTP - maillog show

Posted: Wed Mar 07, 2018 10:37 pm
by JDTAY
Hi all

My Nagios XI instance is sending SMTP traffic to two different relays, though I've only got one configured in my e-mail settings (GUI > Admin > E-mail settings).

All of our e-mail instances are in Office 365 and some but not all of the e-mails we're sending traffic to aren't being received. Checking the logs, Nagios is attempting to use both the Office 365 relay and our internal mail relay. Though I only have the internal SMTP relay set within Nagios XI.

I've attached my SMTP logs (maillog.txt), a screenshot of the Nagios settings in the GUI (SMTP-Settings-Nagios.gif) and my firewall logs (smtp.csv).

Any ideas?

= = = =

1) I've attached my firewall logs that show my Nagios instance sending traffic to one of two destinations (smtp.csv). We can see three four destination IP addresses:

2)
147.132.12.52 - Preferred internal SMTP mailer (CITEC-mail)
147.132.12.152 - Preferred internal SMTP mailer (CITEC-mail)

3)
65.55.88.138 - Office 365 SMTP mailer, blocked and not setup for direct access
65.55.88.170 - Office 365 SMTP mailer, blocked and not setup for direct access

4) Screenshots of the SMTP settings can be found in: SMTP-Settings-Nagios.gif

5) I've also attached my SMTP logs from the host (/var/log/mailog)

Re: SMTP - maillog show

Posted: Thu Mar 08, 2018 11:45 am
by scottwilkerson
I'm not familiar with your firewall, but the timed out lines in your log

Code: Select all

status=deferred (connect to dsiti-qld-gov-au.mail.protection.outlook.com[65.55.88.170]:25: Connection timed out)status=deferred (connect to dsiti-qld-gov-au.mail.protection.outlook.com[65.55.88.138]:25: Connection timed out)
correspont to this
Policy Name
STOP-NetCon-Management-Global-Hosts-and-QSSMonitor-CentOS

Source Zone
QSS-MANZONE-SERVER

Destination Zone
FILTERED-INTERNET

Re: SMTP - maillog show

Posted: Thu Mar 08, 2018 6:22 pm
by JDTAY
Hiya Scott

Sorry if I wasn't clear, Nagios should be pointing all traffic to citec-mail, in the firewall logs we can see this SMTP going through successfully. This is the only SMTP relay I have configured in Nagios, so I'm trying to find out why Nagios is still trying to send mail via the DSITI Office 365 internet relay which is intentionally blocked.

Warm regards;
JT

Re: SMTP - maillog show

Posted: Fri Mar 09, 2018 10:35 am
by scottwilkerson
Ok, now I understand more. Looking at your image of the settings, you are choosing to use sendmail vs. SMTP even though you do have a SMTP server specified.

When using sendmail it is going to use the servers sendmail setting to send the messages.

Additionally, I need to mention that these setting affect notifications that are sent using the stock XI notification handlers, however XI is flexible and yo can use other notification handlers for contacts that just use the mail command on the system for example

Re: SMTP - maillog show [SOLVED - PEBUAK]

Posted: Mon Mar 12, 2018 11:19 pm
by JDTAY
If that was all that caused the issue I'm embarrassed to have came here and not noticed that earlier. I could have sworn that I changed that recently so either the SMTP server admins have made a change or that one config I changed from SendMail to SMTP has resolved my issue...

Thanks Scott. This can be closed. :)

Re: SMTP - maillog show

Posted: Tue Mar 13, 2018 8:44 am
by scottwilkerson
I'm just glad it's resolved!
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited