Nagios sending out non-existent email addresses

Hi everyone, I’ve been trying to fix this problem the last 2 days and got nowhere, probably something very silly but I really need someone to tell me what I have done wrong!

Nagios has been sending notifications to email addresses I specified in the contacts but more. I get a lot of bounced messages due to nagios has been sending out all those email addresses that are non-existent, would be something like:

**@
Host@
RECOVERY@
UP@
is@

These are some of the log:

Nov 9 10:28:14 ip-10-28-22-154 postfix/smtp[22230]: 596401682A1: to=**@mydomain.co.uk, relay=mail.mydomain.co.uk[xx.xx.xx.xx]:25, delay=16, delays=0.05/0.01/0.78/15, dsn=5.1.1, status=bounced (host mail.mydomain.co.uk[xx.xx.xx.xx] said: 550 5.1.1 **@mydomain.co.uk… User unknown (in reply to RCPT TO command))

Nov 9 10:28:14 ip-10-28-22-154 postfix/smtp[22238]: 724991682A5: to=[email protected], relay=mail.mydomain.co.uk[xx.xx.xx.xx]:25, delay=15, delays=0.05/0.03/0.65/15, dsn=5.1.1, status=bounced (host mail.mydomain.co.uk[xx.xx.xx.xx] said: 550 5.1.1 [email protected]… User unknown (in reply to RCPT TO command))

Any ideas?

Priss

look in commands.cfg and check if the host-notify-by-email and service-notify-by-email commands have been modified…

it should be something like:

command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$

Thanks Luca for point me at the right direction, look like sendmail doesn’t like the format of the subject line and split them into email addresses instead! Here’s mine at the moment:

    command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/sbin/sendmail -s  "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$

Now have to figure out how to fix this!

Priss

all fixed with help of Luca and infosecprojects.net/en/linux … dmail.html, thanks

I have here pieces of information related to your concern. I don’t know it is a help for you but I hope so. Try to examine it and apply it after.

command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$

I’ve been having a similar issue with Nagios sending out emails, when it sends them out I’ve been getting the email correctly to my email but I’ve also been getting delivery failure notifications with the below in them.

[code]""@b, *****@nagiosserver.domain.name,
[email protected],
*****[email protected],
“Type:RECOVERYnnService:PINGnHost:XxxX”@nagiosserver.domain.name,
[email protected],

“RouternAddress:xxx.xxx.x.xxxnState:OKnnDate/Time:Wed”@devexternal.harp.loca
l,
[email protected], [email protected],
“14:45:07”@nagiosserver.domain.name, [email protected],
[email protected],
“Info:nnPING”@nagiosserver.domain.name, [email protected],
[email protected], [email protected],
[email protected], [email protected], 0@,
[email protected], [email protected],
[email protected], [email protected]
[/code]

Which is a malformed email because if you remove all of the @nagiosserver.domain.name you get

""@b, ***** nagios *****nnNotification Type:RECOVERYnnService: PINGnHost:XXXXXXXX RouternAddress: xx.xxx.x.xxxnState:OKnn Date/Time:Wed Feb, 16, 14:45:07, EST, 2011 nnAdditional Info:nn PING OK- Packetloss=0 RTA=89.33 ms

Which is the information sent in the alert command

In my research I found this thread and tried changing the commands as described at infosecprojects.net/nagios-sendmail.html

# NEW 'notify-service-by-email' command definition define command{ command_name notify-service-by-email command_line /usr/bin/printf "%b" "Subject:** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **\n***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\nnAdditional Info:\n\n$SERVICEOUTPUT$" | /usr/sbin/sendmail $CONTACTEMAIL$
Today we had a server CPU go into the critical state. Nagios shows in the logs that it sent out emails to the correct people to let them know, but no one got any emails.

The issue with the malformed emails only started in the last week and had been running w/o issue for months up until now. I’m the only person who makes changes to the system and the only change I’ve made recently was to change the the email address for the nagios contact to my e-mail address and that was over a moth ago.

Currently on ones getting emails at all which isn’t good, luckily nothing bad happened when the server CPU use reached critical today but I need to get emails working again A.S.A.P. and figure out why with the old command it both worked and didn’t work at the same time.

try this from command line as user nagios. (change email address)

/usr/bin/printf “%b” “test message” | /usr/sbin/sendmail -s “test subject” [email protected]

do you get an email or an error? or no email and no error?

Tried that and get

nagios@XXXXXXXX:/var/log$ /usr/bin/printf "%b" "test message" | /usr/sbin/sendmail -s "test subject" [email protected] sendmail: invalid option -- 's' sendmail: invalid option -- 's' sendmail: fatal: usage: sendmail [options]

what mail agent are you running? postfix? exim? sendmail?

my command line is:

command_line /usr/bin/printf “%b” “***** Nagios ***\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$" | /usr/bin/mail -s " $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **” $CONTACTEMAIL$

which is basically the default using a different path for mail if i remember right.
i’m not sure about the sendmail command… don’t you have a mail or mailx command?

you may wnat to try “locate mailx” or “locate mail” and try substitying that to the send mail executabel in the command i gave you.

I had been using mailx in the command and changing your command to

doesn’t give any errors, but I didn’t get the email either.

CORRECTION: I did get the email, it just took a few minutes.

check /var/log/mail.log or mail.info

just saw the correction

change your command.cfg to reflect the comand line you used

off to bed

Will do thanks for all your help.

I need to get emails working again A.S.A.P. and figure out why with the old command it both worked and didn’t work at the same time.

I have an similar but opposite problem with sending e-mail alerts. They look like they get sent but the ones going out to the internet don’t even get to my firewall. The in-house e-mails get to the right in-box and I can track them in Exchange but the ones supposed to go out through SMTP don’t show up anywhere. Not even a bounce message.

Lucky

you should have some info in the mail log… accepted, rejected, whatever

Luca:

Come on now … you know I’m not a linux gunner. Where do I find this log?

Running SENDMAIL (don’t know where to find the version) on Fedora 14. I don’t remember specify our SMTP server during installation, but it seems to find our MS Exchange mailboxes easily on this DOMAIN. Exchange SMTP has the Nagios server specifically granted permission to relay.

Help.

Thanks.

Lucky

hwo should i know what you know and dont’ know about linux? and all the others on this forum?
you are in charge of a server, that should be enough to say “hey he knows what he’s doing”.
Logs usually are in /var/log. probably mail.info, mail.err or similar.
i don’t know anything about sendmail.