/build/static/layout/Breadcrumb_cap_w.png
11/26/2018 114 views

Hi all, 

I'm using a K1000 at version 9.0.270. It's a recent purchase so i'm still implementing things, and familiarizing myself. I've got a few reports scheduled, and none are being delivered. I'm not convinced they're actually being properly sent as emails.

If i look at the Exim logs i see a couple things that are repetitive and which stand out:

2018-11-26 18:34:29 1gRLiv-0000wF-IT User 0 set for local_delivery transport is on the never_users list
2018-11-26 18:34:29 1gRLiv-0000wF-IT == root@<my kace appliance domain> u R=localuser T=local_delivery defer (-29): User 0 set for local_delivery transport is on the never_users list


and this - (I don't know this IP - it's not part of any range my organization uses or manages.)
2018-11-26 16:08:26 no host name found for IP address 60.213.44.4
2018-11-26 16:14:33 no host name found for IP address 60.213.44.4
2018-11-26 16:21:10 no host name found for IP address 60.213.44.4
2018-11-26 16:27:32 no host name found for IP address 60.213.44.4
2018-11-26 16:33:50 no host name found for IP address 60.213.44.4

i tried contacting quest support, and they were convinced that i need an MX record in place for my appliance despite the fact that i'm sending messages through an external smtp relay (authenticated) and don't receive emails on the appliance. Quest support also suggests i need to talk to the team that manages my exchange server, that "some other things need to be set up" but i was never given an adequate explanation of what those things were.

regarding the finding above about the never_users list, i found a random post using google-fu which suggested that uncommenting a line in the /etc/exim.conf file might resolve it, but i can't get access to that file because apparently even KACE support doesn't have root on the appliances. Because other emails are getting sent, i suspect that the method used to invoke the sending of scheduled reports is somehow failing because of the never_users list issue...perhaps a chmod somewhere would fix it.

I can confidently state the following:
1) The SMTP configuration is in place, and works - i can send test messages, and i can receive Notifications. Some information isn't available to be in those notifications though, hence the report schedules.
2) The reports i'm attempting to schedule/send are not empty - i ran them prior to attempting the schedule to ensure there was data there.
3) the appliance is as up to date as i can make it, including XMR_STAK vulnerability patching.

has anyone run into this? if so, did you fix it? how?

I'd appreciate any insight. 
Thanks kindly, 
Chris.

::Update::
I discovered the source of the issue. Specifically, my appliance was configured for SMTP relay because we have a campus service which does that (i work at a university).
After combing through the documentation with a more fine-toothed-comb i discovered that checking the box for enabling SMTP is ONLY for when you NEED to use an external SMTP service. KACE K1 has a built-in SMTP server.
I unchecked the box, rebooted the appliance, et voila, reports are generated.

2 Comments   [ + ] Show comments

Comments

  • I'll start out by saying, sorry, I don't have a really good answer for you, but I do have some thoughts.

    First off, here's your IP: https://whois.arin.net/rest/net/NET-60-0-0-0-1/pft?s=60.213.44.4
    And a further search on https://www.apnic.net/about-apnic/whois_search/ reveals that it belongs to Data Communication Bureau Shandong. Does that ring a bell?

    Second, I would suggest you put the MX record in place anyway. Email is not my field, but I don't think it should require much effort.

    Also, user 0 is root, and that error about local_delivery defer (-29) seems to indicate that email can't be sent from root. I get emails from root, and we use Office 365 for email.

    Do you get the Charlie Root daily run and daily security run emails?

    Another note, scheduled reports come from reporter, not root, but I don't know if reporter is an alias for root.

    Hopefully something in there provides a little bit of help.
  • Hi ondrar,
    No, that IP and hostname do not ring a bell...i have no idea why it's there.

    The MX record is intended for mail being routed when it's getting sent TO a server, not FROM. I spoke with the team which manages the SMTP relay i'm using, and they agree it shouldn't be necessary.

    I notice the user 0 thing too - i researched and found that uncommenting a line in the /etc/exim.conf file will fix this, but i can't access it because i can't get into the linux side of things. I enabled Munin and am getting the dailies now, yes.

    I would have thought the same thing regarding where reports are sent from, but who knows :)

    Thanks,
    Chris.

There are no answers at this time