SMTP test where TCP connection opens but immediately dropped?

David Baldwin david.baldwin at ausport.gov.au
Wed Mar 4 03:31:35 CET 2009


I have various servers which I am checking for SMTP servers running or
not running. This all works fine if there is or isn't a service
listening on the port. The problem comes with Windows boxes which are
running an SMTP server for localhost relay only but it allows connection
from the LAN but drops the connection immediately. It would apply to any
kind of service that is using a libwrap style client IP check which
relies on opening the TCP connection to determine the client IP address
and then denying access. This shows up as a yellow if I specify smtp or
red for !smtp.

Is there a way to test for a TCP connection which immediately drops as a
green? For this case, I want to be alerted if the server does start
accepting SMTP connections. It's effectively the opposite of smtp:s.
Maybe defined something new in bb-services? There doesn't seem to be a
lot of options on the expected response string - substring of the
response received looks like that's all, no option to check response
length for example. green on zero response length and red for refused or
non-zero length would be ideal. How about smtp:z ?

My testing shows the following reports for the various cases:

* no smtp server running - smtp = red, !smtp = green, smtp:s =red,
!smtp:s =green
$ nc -v nosmtp 25 </dev/null
nosmtp.ausport.gov.au [10.x.x.x] 25 (smtp) : Connection refused
$ telnet nosmtp 25
Trying 10.x.x.x...
telnet: connect to address 10.x.x.x: Connection refused
telnet: Unable to connect to remote host: Connection refused


* smtp server running - smtp = green, !smtp = red, smtp:s =yellow,
!smtp:s =red
$ nc -v smtp 25 </dev/null
smtp.ausport.gov.au [10.x.x.x] 25 (smtp) open
220 smtp.ausport.gov.au ESMTP
$ telnet smtp 25
Trying 10.x.x.x...
Connected to smtp.ausport.gov.au (10.x.x.x).
Escape character is '^]'.
220 smtp.ausport.gov.au ESMTP
QUIT
221 Bye
Connection closed by foreign host.

* smtp accepting only for localhost - smtp = yellow, !smtp = red, smtp:s
=yellow, !smtp:s =red

$ nc -v windows 25 </dev/null
windows.ausport.gov.au [10.x.x.x] 25 (smtp) open
$ telnet windows 25
Trying 10.x.x.x...
Connected to windows.ausport.gov.au (10.x.x.x).
Escape character is '^]'.
Connection closed by foreign host.

Thanks, David.

-- 
David Baldwin - IT Unit
Australian Sports Commission          www.ausport.gov.au
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
david.baldwin at ausport.gov.au          Leverrier Street Bruce ACT 2617


-------------------------------------------------------------------------------------
Keep up to date with what's happening in Australian sport visit http://www.ausport.gov.au

This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.
-------------------------------------------------------------------------------------



More information about the Xymon mailing list