If your mail relay (re: Exchange) requires you whitelist the IP AND SENDER email of your nodes, you may have a big problem.
You may not be getting all the emails your Netapp Cluster Mode system is trying to send to you in case of issues.
Huh? What? Yeah. Let me explain.
Netapp has what they call the EMS (Event Management System). Think of it sort of like syslog on a *NIX system. When something happens, it does something, and logs it.
The problem is, it has its own mailhost and FROM: address.
|
1 2 3 |
ha-cdot::> event config show Mail From: admin@localhost Mail Server: localhost |
You will see the Mail Server as localhost, but this will passthrough to the MX record of the destination. The Mail From: is the real kick in the butt on some environments were both IP AND FROM are whitelisted.
A customer recently had an issue doe to this on a new install last night.
Here we can see a sample message (truncated a little), that their exchange server sent rejecting the EMS email because the FROM: address wasn’t whitelisted.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
--9B095B5ADSN=_01D0D4C7D031D33700000089RelayServer1.mod Content-Type: message/delivery-status Reporting-MTA: dns;RelayServer1.mycustomer.com Received-From-MTA: dns;192.168.48.90 Arrival-Date: Thu, 13 Aug 2015 19:28:54 -0400 Final-Recipient: rfc822;itserversupport@mycustomer.com Action: failed Status: 5.7.60 Diagnostic-Code: smtp;550 5.7.60 SMTP; Client does not have permissions to send as this sender # ^^^^^^^^^^^^^^^^^^ This is the important part to notice!! --9B095B5ADSN=_01D0D4C7D031D33700000089RelayServer1.mod Content-Type: message/rfc822 Received: from 192.168.48.90 ([172.30.10.25]) by RelayServer1.mycustomer.com with Microsoft SMTPSVC(8.5.9600.16384); Thu, 13 Aug 2015 19:28:54 -0400 Date: Thu, Aug 13 23:28:15 2015 +0000 From: <admin@localhost> To: <itserversupport@mycustomer.com> Subject: netapp-01: ses.inconsistent.config [LOG_CRIT] Return-Path: admin@localhost Filer: netapp-01 Time: Thu, Aug 13 23:28:15 2015 +0000 Severity: LOG_CRIT Message: ses.inconsistent.config: Inconsistent configuration detected for shelf connected to host adapter 0b. Description: This message occurs when the system detects that there is inconsistency in configuration for shelf connected to this host adapter. Action: Check for any disconnected SAS cables on the attached storage connected to the host adapter. Source: dsa_disc Index: 20355 --9B095B5ADSN=_01D0D4C7D031D33700000089RelayServer1.mod-- |
So, What can you do to fix it? Force a valid whitelisted entry.
|
1 2 3 4 5 |
ha-cdot::> event config modify -mailserver 10.192.1.12 -mailfrom bacon@pig.com ha-cdot::> event config show Mail From: bacon@pig.com Mail Server: 10.192.1.12 |
Also, you can set multiple TO email addresses based on the critical level of the issue.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
ha-cdot::> event destination create -name test_dest -mail jkulm@hastorage.com ha-cdot::> event route add-destinations {-severity <=CRITICAL} -destinations test_dest 720 entries were acted on. ha-cdot::> event dest show Hide Name Mail Dest. SNMP Dest. Syslog Dest. Params ---------------- ----------------- ------------------ ------------------ ------ allevents - - - false asup - - - false criticals - - - false pager - - - false test_dest jkulm@isawesome.com - - false traphost - - - false 6 entries were displayed. |
I hope this helps someone out. Tweet at me if you have any questions.
p.s. If you have a totally open relay, you don’t really ever have to worry about this, but you have other security issues to worry about.
