"Watchdog Report" emails

New releases and patches informations

Moderators: mentor, oanasutoiu, rtrofin, Pascal, jorge, bourgeois, JohnMertz, ack, stephane

Post Reply
JohnMertz
Posts: 25
Joined: Thu Aug 23, 2018 8:07 pm
How did you hear about Mailcleaner: I am an Employee of MailCleaner, Inc.
Location: Ottawa, On

"Watchdog Report" emails

Post by JohnMertz » Wed Jan 19, 2022 3:23 am

Hello all,

You will probably notice that you have begun receiving emails with the subject "Watchdog Report" on a daily basis, alongside your daily quarantine reports. If you don't notice these it is likely because your machine either has not yet updated, or you don't have a valid address in Configuration->General settings->Defaults->Support address.

This is because we have just introduced a feature to take the existing "System Warning" messages from the home screen of the Admin interface and provide them as an email to the administrator. This will allow for more responsiveness to possible system issues.

Since we also just introduced a security feature to allow the blocking of authenticated relaying on port 25, which is disabled by default, almost all systems should have at least one system warning. This leads to a necessary discussion of resolving the listed issues, ignoring them when necessary, or disabling these emails completely if you prefer.

Documentation

Each watchdog and a general discussion of the feature is discussed here:

https://support.mailcleaner.net/boards/ ... -watchdogs

Resolving a Watchdog

Using our port_25_relay watchdog as an example, you can resolve it by addressing the root cause by enabling the setting:

Configuration->SMTP->SMTP Checks->Block authenticated relaying on port 25

Make sure that no one is relying on this feature (ie. ensure that all users are using port 587). The note for this watchdog should indicate whether the port has actually been used that day, but you should double-check.

Note that the watchdogs will only clear when they are next checked. Some of these are checked every 10 minutes, while others are only checked daily.

See the above documentation for details on resolving all other watchdogs.

Ignoring a Watchdog

You may need to ignore a specific watchdog if it is alerting you to an issue that you are unable to resolve, or which you don't see as a real issue.

Using the port_25_relay watchdog again, you may have clients using this port for authenticated relaying and would rather ignore the warnings. Any specific watchdog can be ignored by creating a '.disabled' file in the watchdog configuration directory with the same name as the module (note the module name prefix). In the case of this watchdog, you would create this file with:

Code: Select all

touch /usr/mailcleaner/etc/watchdog/MC_mod_port_25_relay.disabled
Note that this needs to be run on every host if you have a cluster. For other watchdogs, it may only be necessary to block them on specific hosts.

Disable the emails

It would not be recommended to ignore these warnings completely, so we would not recommend this, however it is possible. You can create a flat file on the master node with the following name/path:

Code: Select all

touch /var/mailcleaner/spool/mailcleaner/disable-watchdog-emails
The master is the one that sends the reports, so it is not necessary on any other host.

--

Regards,
John Mertz
MailCleaner Team
Post Reply