Yesterday we started using an Alteon VIP to load balance SMTP traffic to our two mail servers,
and everything was fine and dandy,
but when I took a look in /var/log/syslog
I found loads of entries like this:
Dec 11 18:17:14 prod-git1 sendmail[20899]: [ID 801593 mail.info] j93FHDNX020899: alteon1.sun.com [192.168.10.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
The Alteon health check connects and then just issue a QUIT which sendmail finds suspicious,
and hence feels obliged to let me know about it.
This becomes very annoying when you have two Alteons doing the check every other second!
After scratching my head for a while and searching for a solution, I came across this patch to sendmail, which lets you select systems which shouldn't generate the above log entry. The only caveat was that I'd have to build my own sendmail, and I really don't want to roll my own stuff as it require more job to support, so I continued to look for a another solution.
I finally figured out (after reading the sendmail
sourcode)
that if I in /etc/mail/sendmail.cf set
O PrivacyOption=authwarnings,needexpnhelo,needvrfyhelo
sendmail would be quiet if the Alteon changed the health check to doing the equivalent of this:
mconnect localhost connecting to host localhost (127.0.0.1), port 25 connection open 220 prod-git1.sun.com ESMTP Sendmail 8.13.8+Sun/8.13.8; Thu, 11 Dec 2008 13:58:48 +0100 (CET) VRFY root 503 5.0.0 I demand that you introduce yourself first QUIT 221 2.0.0 prod-git1.sun.com closing connection
So we changed the health check from being smtp to a custom script (note that you need the double backslashes):
open 25,tcp expect "ESMTP" send "VRFY root\\n" expect "503" send "QUIT\\n" expect "221" close
And after pushing this change out, sendmail stopped filling the log with messages I don't want to see.
