11-07-2017 10:35 AM - edited 03-01-2019 06:14 PM
Hello, all. I've written a very simple EEM applet with a syslog trigger, looking for a memory leak in IOS-XE code on several 3850 switches. The syslog message successfully triggers the applet, which attempts to send an email as specified. But the mail is never reaching the destination.
event manager environment _email_from EEM_memLeak@domain.com
event manager environment _email_to first.last@domain.com
event manager environment _email_server mailrelay.domain.com
event manager applet memLeak
description "Send an email if memory leak is detected"
event syslog pattern ".*PLATFORM-3-ELEMENT_CRITICAL.*"
action 1.0 info type routername
action 2.0 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "Memory leak detected on $_info_routername" body "Memory leak issue detected on switch $_info_routername; please take corrective action"
action 4.0 exit
I had to submit a list of switch hostnames to our email group so that they would permit the switches to send mail. None of these switches are on the same campus network as our mail relay server, so the mail is being sent from a remote office, across one of our carrier MPLS clouds, to our campus network. When I look at output of "debug event manager action mail", I see that the mail is sourced from the egress WAN interface on the 3850 switch, instead of the switch's hostname and loopback IP address as defined in our DNS.
<snippet from show ip int bri>
GigabitEthernet1/0/1 65.x.y.34 YES NVRAM up up <== WAN interface
Loopback0 10.x.y.1 YES NVRAM up up <== Lo0 (defined in internal DNS)
Nov 7 18:03:14: %HA_EM-6-LOG: memLeak : DEBUG(smtp_lib) : smtp_write HELO <switchHostname>
Nov 7 18:03:14: %HA_EM-6-LOG: memLeak : DEBUG(smtp_lib) : fh_smtp_chk_reply looking for {250}
Nov 7 18:03:14: %HA_EM-6-LOG: memLeak : DEBUG(smtp_lib) : fh_smtp_read {250 mailrelay.domain.com Hello peRouter.city.gmpexpress.net [65.x.y.34] (may be forged), pleased to meet you} <== mail relay sees the incoming mail as sourced from this hostname, and denies it
Nov 7 18:03:14: %HA_EM-6-LOG: memLeak : DEBUG(smtp_lib) : smtp_write MAIL FROM:<EEM_memLeak@domain.com>
Nov 7 18:03:14: %HA_EM-6-LOG: memLeak : DEBUG(smtp_lib) : fh_smtp_chk_reply looking for {250}
Nov 7 18:03:14: %HA_EM-6-LOG: memLeak : DEBUG(smtp_lib) : fh_smtp_read {550 5.0.0 Access denied
}
Nov 7 18:03:14: %HA_EM-6-LOG: memLeak : DEBUG(smtp_lib) : buffer no reply code matched: 550 5.0.0 Access denied
Nov 7 18:03:14: %HA_EM-3-FMPD_SMTP: Error occurred when sending mail to SMTP server: mailrelay.domain.com : error in reply from SMTP server
My question is: is there a way for me to specify a source interface for the mail action so that the email looks like it's sourced from the loopback interface instead of the egress interface?
Thanks! -Rich
Solved! Go to Solution.
11-07-2017 05:16 PM
There are "source-interface" and "source-address" options to the mail action if your code supports it. If you're not running new enough code, there is no way to specify a source.
11-07-2017 05:16 PM
There are "source-interface" and "source-address" options to the mail action if your code supports it. If you're not running new enough code, there is no way to specify a source.
11-08-2017 03:58 AM
Hi Joe,
Thanks for the quick response, I appreciate it! I'm running IOS-XE 16.3(2) (soon to be upgraded due to mem leak bug), and EEM 4.0
After receiving your reply I searched for and found detailed docs for the mail action, and see the options for source-interface and source-address. I added the source-interface option to my applet, and the email was sent. Again, thanks! -Rich
02-25-2020 07:39 AM - edited 02-25-2020 07:48 AM
I know this is a couple years old but I'm just starting to play with EEM with mail. I suspect I need to add the "source-interface" command but whenever I try to add it, I get the "% Incomplete command" error.
I can add the statement without the "source-interface" but then SMTP gives the following error: " %HA_EM-3-FMPD_SMTP: Error occurred when sending mail to SMTP server: xx.xx.xx.xx : error in reply from SMTP server"
Any suggestions would be appreciated.
02-25-2020 10:05 AM
This is the syntax:
action 1.0 mail server "10.1.1.1" to "user@example.com" from "user@example.com" subject "Test" body "This is a test" source-interface GigabitEthernet1
It does work, but without knowing exactly what code you're running and what command you're typing, I cannot offer any more advice.
09-23-2021 09:15 AM
IT WORKED FOR ME
THANK YOU
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide