Undelivered mail that is being delivered


#1

I’m not a total Linux noob, but still have a lot to learn.

I was looking through the /var/mail directory and noticed that the nagios user was getting rather large, so I looked into somehow forwarding all the email the system produced to an outside address. I got this set up without issue, however I am now receving NDRs along with actual email. I’m using postfix BTW.

Here is a sample NDR I’m receiving:

[code]This is the mail system at host webserver.somedomain.com.

I’m sorry to have to inform you that your message could not be delivered to one or more recipients. It’s attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can delete your own text from the attached returned message.

               The mail system

**@webserver.somedomain.com (expanded from <>): unknown user: ""

PROBLEM@webserver.somedomain.com (expanded from ): unknown user:
“problem”

Host@webserver.somedomain.com (expanded from ): unknown user: “host”

is@webserver.somedomain.com (expanded from ): unknown user: “is”

<“Alert:marla”@webserver.somedomain.com> (expanded from <“Alert:fake_hostname”>):
unknown user: “alert:fake_hostname”

DOWN@webserver.somedomain.com (expanded from ): unknown user: “down”
[/code]

This NDR comes in at the same time as the actual email it’s trying to send.

[code]***** Nagios *****

Notification Type: PROBLEM
Host: fake_hostname
State: DOWN
Address: 172.20.1.135
Info: CRITICAL - Host Unreachable (172.20.1.135)

Date/Time: Tue Sept 22 09:37:25 EDT 2009
[/code]

This is my postfix configuration:

[code]# See /usr/share/postfix/main.cf.dist for a commented, more complete version

Debian specific: Specifying a file name will cause the first

line of that file to be used as the name. The Debian default

is /etc/mailname.

#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

appending .domain is the MUA’s job.

append_dot_mydomain = no

Uncomment the next line to generate “delayed mail” warnings

#delay_warning_time = 4h

readme_directory = no

TLS parameters

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for

information on enabling SSL in the smtp client.

myhostname = webserver.somedomain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = webserver.somedomain.com, localhost.somedomain.com, localhost
relayhost = exchange_server.somedomain.com
mynetworks = 127.0.0.0/8 ::ffff:127.0.0.0]/104 ::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only

[/code]

The relayhost above is a Windows 2003 Exchange server, that is on the local lan, and has been configured to allow mail from the linux box.

Here is the service config for sending email:

[code]# ‘notify-host-by-email’ command definition
define command{
command_name notify-host-by-email
command_line /usr/bin/printf “%b” “***** Nagios ***\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/sbin/sendmail " $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **” $CONTACTEMAIL$
}

‘notify-service-by-email’ command definition

define command{
command_name notify-service-by-email
command_line /usr/bin/printf “%b” “***** Nagios ***\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$" | /usr/sbin/sendmail " $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **” $CONTACTEMAIL$
}[/code]

Any ideas?

Sam


#2

what contacts have been defined in the nagios admin group? maybe you have two email addresses, one valid and one invalid?