check_smtp und SMTPS

Dirk H. Schulz dirk.schulz at kinzesberg.de
Sun Mar 22 19:47:10 CET 2009


Kevin,

Kevin Keane schrieb:
> Dirk H. Schulz wrote:
>   
>> Marc Powell schrieb:
>>   
>>     
>>> On Mar 20, 2009, at 9:57 AM, Dirk H. Schulz wrote:
>>>
>>>   
>>>     
>>>       
>>>> Hi Folks,
>>>>
>>>> I am trying to check a mailserver using SSL:
>>>>
>>>> ./check_smtp -H my.server.tld -S -p 465
>>>> CRITICAL - Socket timeout after 10 seconds
>>>> ./check_tcp -H my.server.tld -p 465
>>>> TCP OK - 0.002 second response time on port 465|time=0.001616s;;;
>>>> 0.000000;10.000000
>>>>
>>>> SMTPS ist in productive use on that server, as you can see check_tcp
>>>> can reach the port, but check_smtp claims not to reach the SMTPS
>>>> service.
>>>>     
>>>>       
>>>>         
>>> It seems to work as advertised. What do you see with verbose mode for  
>>> check_smtp --
>>>   
>>>     
>>>       
>> check_smtp -H my.server.tld -S -p 465 -v
>> HELOCMD: EHLO nagios.server.tld
>> CRITICAL - Socket timeout after 10 seconds
>>
>> That is all. It looks like check_smtp sends a EHLO but does not get 
>> anything back.
>>
>> Strange. I have to check with kerio support, I guess.
>>
>> Dirk
>>   
>>     
> You are using the wrong plugin. check_smtp does not understand 
> SSL-protected SMTP. Use the check_ssmtp plugin instead; that is what I 
> am using for this purpose.
>
> The -S option turns on TLS (also known as starttls), not SSL. They are 
> *almost* the same, with one critical difference: with TLS, the initial 
> conversation (the EHLO and one or two more commands and responses) 
> occurs in plain text, and THEN the client and the server negotiate 
> encryption. That way, you can run encrypted and unencrypted traffic at 
> the same time over the same port (25 or 587).
>
> On port 465, the server turns on encryption first, and then expects the 
> EHLO to already be encrypted.
>   
Thanks for your detailled explanation - that was what I needed to know. 
check_ssmtp works fine for my environment.

Dirk


------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list