Making sure you can identify what machine sent you a status email
I wrote before about making sure that system email works, so that machines can do important things like tell you that their RAID array has lost redundancy and you should do something about that. In a comment on that entry, -dsr- brought up an important point, which is you want to be able to easily tell which machine sent you email.
In an ideal world, everything on every machine that sends out email
reports would put the machine's hostname in, say, the Subject:
header. This would give you reports like:
Subject: SMART error (FailedOpenDevice) detected on host: urd
In the real world you also get helpful emails like this:
Subject: Health
Device: /dev/sdn [SAT], FAILED SMART self-check. BACK UP DATA NOW!
The only way for us to tell which machine this came from was to
look at either the Received:
headers or the Message-ID
, which
is annoying.
There are at least two ways to achieve this. The first approach is
what -dsr- said in the comment, which is to make every machine
send its email to a unique alias on your system. This unfortunately
has at least two limitations. The first is that it somewhat clashes
with a true 'null client' setup, where your machines dump absolutely
all of their email on the server. A straightforward null client
does no local rewriting of email at all, so to get this you need a
smarter local mailer (and then you may need per-machine setup,
hopefully automated). The second limitation is that there's no
guarantee that all of the machine's email will be sent to root
(and thus be subject to simple rewriting). It's at least likely,
but machines have been known to send status email to all sorts of
addresses.
(I'm going to assume that you can arrange for the unique destination
alias to be visible in the To:
header.)
You can somewhat get around this by doing some of the rewriting on your central mail handler machine (assuming that you can tell the machine email apart from regular user email, which you probably want to do anyways). This needs a relatively sophisticated configuration, but it probably can be done in something like Exim (which has quite powerful rewrite rules).
However, if you're going to do this sort of magic in your central
mail handler machine, you might as well do somewhat different magic
and alter the Subject:
header of such email to include the host
name. For instance, you might just add a general rule to your mailer
so that all email from root
that's going to root
will have its
Subject:
altered to add the sending machine's hostname, eg
'Subject: [$HOSTNAME] ....
'. Your central mail handler already
knows what machine it received the email from (the information went
into the Received
header, for example). You could be more selective,
for instance if you know that certain machines are problem sources
(like the CentOS 7 machine that generated my second example) while
others use software that already puts the hostname in (such as the
Ubuntu machine that generated my first example).
I'm actually more attracted to the second approach than the first one. Sure, it's a big hammer and a bit crude, but it creates the easy to see marker of the source machine that I want (and it's a change we only have to make to one central machine). I'd feel differently if we routinely got status emails from various machines that we just filed away (in which case the alias-based approach would give us easy per-machine filing), but in practice our machines only email us occasionally and it's always going to be something that goes to our inboxes and probably needs to be dealt with.
|
|