cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Kiwi Syslog SMTP Protocol Error

I have configured Kiwi syslog to send error logs from servers however there is one device that is configured to receive syslog and write to file but there are not alerts set up to send email yet i am seeing this

PI Message to: yyy@xxx.com

PI Message from: xxx@xxx.com

PI Subject: Syslog message from 10.10.0.1
 PI Date: Wed, 02 Dec 2020 18:27:53 -0500
 PI Mail error: SMTP protocol error. 550 5.1.0 Sender is not allowed to send from xxx.com (R2).

10.10.0.1 is not configured to send any email alerts. How do i stop this queue , syslog is getting flooded and preventing other emails from being sent.

 

0 Kudos
4 Replies
Level 12

If that message is from a remote server(not the Kiwi server) then there is something that is trying to send email.  If that is the Kiwi server the email address being used doesn't have the permissions to send email through that SMTP server.

You can set a rule in Kiwi to 'drop' those messages by matching on some unique text in the message and then using the 'stop processing' action.

The best solution is always to fix it at the source but if that can't be done the filter could be a workaround.

0 Kudos

It definitely is something else that is trying to send the email but why is kiwi logging it? The email in the kiwi syslog is configured to use a different email server and email address to send outbound email. 

0 Kudos

Is the server creating the message Windows or Linux?

If Linux check the syslog config in /etc. If Windows is it running a mail client or scripts that might send emails?
0 Kudos
Level 13

Kiwi can be setup in the following sections to send emails to specific addresses:

  • Under Email in setup you can configure and setup the email address to receive alarms and syslog statistics. Alarms are setup in the alarms section for things like min/max message counts, low diskspace etc.
  • Under Schedules any schedule that is setup has the option to email a notification to a specified address.
  • Any Rules that are setup have the option to include an "EMail" action where email addresses can be specified along with custom variables for the email.
  • Any Rule with a Run-Script action can include a script that is cable of sending an email 

If you've checked all of those locations and no email addresses have been configured, I believe it's safe to say that Kiwi is not the culprit sending emails.

0 Kudos