Emails issue

Junaid_Subhani · June 19, 2013, 7:35am

Dear all,
I am facing an issue in my data Center environment related to mails being generated by users on my machines.

Let me walk you through the issue one by one.

Each system (100+ servers in my DC) has a user sysmon on it that sends mails to a specific Email ID. The user runs scripts related to system monitoring i.e. scripts monitoring disk space , system health etc.

Example name of 2 systems are mercury0 & mercury1

The scripts work fine and send Emails to the ID given.

The issue arises when the /var/spool/mqueue directory on my MTA Relay host servers starts to increase with Emails being stuck in them.

Those emails are addressed to the system's own users.
Mercury0 is sending an Email to itself using sysmon ID.

Example of two mail outputs found on my MTA Relay host servers are below:

I did did the following on the /var/spool/mqueue directory on one of my MTA Relay host servers:

sudo cat * | grep sysmon | grep mercury0

H??To: sysmon@mercury0.domain.com

H??To: sysmon@mercury1.domain.com

How can I make sure that such mails do not pile up in the /var/spool/mqueue directory of my MTA Relay host servers?
Is there a way to make sure such mails being addressed to a systems own ID be forwarded to another Email ID but hte best option would be to simply discard them.

P.S. I have placed the IP address of MTA Host servers in the submit.cf file on all client machines.

Regards

DGPickett · June 19, 2013, 2:45pm

Are these hosts in /etc/hosts ?

MadeInGermany · June 19, 2013, 4:15pm

You have a problem on the MTA relay hosts.
Put the previous question different:
say host system1 sends mails to your MTA relay,
then on the MTA relay, does getent hosts system1 report its IP address, and without delay.
What does mailq say?

hasan.kamali · June 20, 2013, 5:42am

Hi,

I'm Junaid Subhani's team member. Let me further clarify our email architecture for our system email alerts.

All unix/linux machines sendmail client is set to use two MTA relay sendmail servers internally in our network.

Then those two MTA relay sendmail servers forwards all the email to our company's microsoft exchange server (Microsoft servers are managed and administered by a seperate windows team).

Then mircosoft exchange server delivers the system alerts to valid microsoft exchange email IDs, e.g. xyz@waridtel.com.

So basically submit.cf of all the client machines has the IP address of internal network MTA relay sendmail server and MTA sendmail relay server has the IP of Microsoft exchange server for D{MTAHost} in submit.cf.

All the system email alerts configured by us and different application/database team (in their scripts) is properly being delivered.

Now the problem we are facing is this. Along with all the system alerts emails, all of the sendmail client machines are also sending out native OS users system generated emails (to the native user ) as well. And ...... our internal network MTA relay sendmail server obviously also relay them to our domain's microsoft exchange server, which obviously cannot recognize the destination address (e.g. user@server-hostname.waridtel.com) floods our outbound email gateway (sendmail server) with all those unwanted emails and overwhelms the mail queue.

So far, we concluded to use '.forward' option to at least deliver all the emails to proper email address (xyz@waridtel.com) of the respective owner team of the unix/linux system user. That way our corporate outbound sendmail email gateway will not be brought down due to 100,000+ unwanted system users email everyday.

Another option we have read somewhere is to configure /etc/mail/access file on the internal MTA relay sendmail server, which would discard or reject any email addressed to user@server-hostname.warditel.com. But we are not sure about the syntax to be used. Whether we can use wild card options to reject/discard all emails addressed to user@server-hostname.waridtel.com or we have to add lines for each and every user of all the servers.

MadeInGermany · June 20, 2013, 7:52am

Can you use user@warditel.com sender addresses only?
It might be much work to configure all clients accordingly.
But you could do a sender address rewriting or masquerading on your MTA hosts.

hasan.kamali · June 20, 2013, 9:11am

Can you elaborate further on sender address rewriting/masquerading?

Moreover, even if system does send out local system users system generated emails we don't care if they are rejected or discarded.

MadeInGermany · June 20, 2013, 9:32am

The following is for the postfix MTA, /etc/postfix/main.cf

mydomain = warditel.com
myorigin = $mydomain
masquerade_domains = warditel.com
remote_header_rewrite_domain = warditel.com

Other MTA like sendmail have their own config stuff.

hasan.kamali · June 24, 2013, 9:40am

Another person faced similar issue last year as follows

www-unix-com/unix-dummies-questions-answers/185203-sendmail-weird-local-delivery-problem-html

Does it mean that adding a client's server-hostname.domain.com to it's /etc/mail/local-host-names will fix our similar issue as well ?

MadeInGermany · June 25, 2013, 12:07pm

This 1. refers to the sendmail MTA,
and 2. is about *accepting* mails from the listed hosts (and typically storing in /var/spool/mail/ boxes; eventual forwarding and|or rewriting is to be done elsewhere).