• State Not Answered
  • Replies 4 replies
  • Subscribers 21 subscribers
  • Views 1218 views
  • Users 0 members are here
Options
Related

Kiwi Syslog SMTP Protocol Error

immortalsolitude
over 2 years ago

I have configured Kiwi syslog to send error logs from servers however there is one device that is configured to receive syslog and write to file but there are not alerts set up to send email yet i am seeing this

PI Message to: yyy@xxx.com

PI Message from: xxx@xxx.com

PI Subject: Syslog message from 10.10.0.1
 PI Date: Wed, 02 Dec 2020 18:27:53 -0500
 PI Mail error: SMTP protocol error. 550 5.1.0 Sender is not allowed to send from xxx.com (R2).

10.10.0.1 is not configured to send any email alerts. How do i stop this queue , syslog is getting flooded and preventing other emails from being sent.

  • 0 over 2 years ago

    Kiwi can be setup in the following sections to send emails to specific addresses:

    • Under Email in setup you can configure and setup the email address to receive alarms and syslog statistics. Alarms are setup in the alarms section for things like min/max message counts, low diskspace etc.
    • Under Schedules any schedule that is setup has the option to email a notification to a specified address.
    • Any Rules that are setup have the option to include an "EMail" action where email addresses can be specified along with custom variables for the email.
    • Any Rule with a Run-Script action can include a script that is cable of sending an email 

    If you've checked all of those locations and no email addresses have been configured, I believe it's safe to say that Kiwi is not the culprit sending emails.

  • 0 over 2 years ago

    If that message is from a remote server(not the Kiwi server) then there is something that is trying to send email.  If that is the Kiwi server the email address being used doesn't have the permissions to send email through that SMTP server.

    You can set a rule in Kiwi to 'drop' those messages by matching on some unique text in the message and then using the 'stop processing' action.

    The best solution is always to fix it at the source but if that can't be done the filter could be a workaround.

  • 0 over 2 years ago in reply to kstone

    It definitely is something else that is trying to send the email but why is kiwi logging it? The email in the kiwi syslog is configured to use a different email server and email address to send outbound email. 

  • 0 over 2 years ago in reply to immortalsolitude
    Is the server creating the message Windows or Linux?

    If Linux check the syslog config in /etc. If Windows is it running a mail client or scripts that might send emails?

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 190,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab Link Accounts
About THWACK Blogs Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2021 SolarWinds Worldwide, LLC. All Rights Reserved.