[Xymon] Problem with the smtps test (unspecified SSL error)

Novosielski, Ryan novosirj at umdnj.edu
Tue Oct 2 05:18:38 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/01/2012 10:58 PM, Jeremy Laidman wrote:
> On 28 September 2012 06:29, Ryan Novosielski <novosirj at umdnj.edu 
> <mailto:novosirj at umdnj.edu>> wrote:
> 
> Xymon 4.2.3 here still. For some reason, smtps doesn't test 
> properly.
> 
> 
> From my tests, that server is not listening on port 587, or is 
> being blocked by a firewall/router.  But perhaps access is 
> restricted.
> 
> Assuming port 587 is open to you, you can test the SSL negotiation 
> using openssl:
> 
> $ openssl s_client -connect mail.umdnj.edu:587 
> <http://mail.umdnj.edu:587> </dev/null
> 
> This should show you certificate details.  If it doesn't then
> there was no (valid) SSL handshake.
> 
> At the very least, you should be able to connect with telnet:
> 
> $ telnet mail.umdnj.edu <http://mail.umdnj.edu> 587 </dev/null
> 
> This should show "Connected" and then immediately "Connection 
> closed". If not, then you have a more elementary problem.  If you 
> get "Connection refused" then the service is probably not running. 
> If you get a timeout, then there is probably a firewall/router 
> blocking your packets.

Thanks Jeremy. I knew the port was definitely open so that was not at
issue. But the openssl response is abnormal and seems to match what
Xymon is getting:

# /opt/csw/bin/openssl s_client -connect mail.umdnj.edu:587 < /dev/null
CONNECTED(00000004)
8388:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:583:

Telnet seems to work as well but seems to work without SSL.

Trying 10.32.15.100...
Connected to mail.umdnj.edu.
Escape character is '^]'.
220 scpmmp1.umdnj.edu -- Server ESMTP (Oracle Communications Messaging
Exchange Server 7u4-22.01 64bit (built Apr 21 2011))

My current partially educated guess is this works via STARTTLS and not
straight SSL. Would you agree? That would seem to jive with this:

HELO umdnj.edu
250 scpmmp1.umdnj.edu OK, unknown [10.32.15.102].
STARTTLS
220 2.5.0 Go ahead with TLS negotiation.

I could have sworn my e-mail client was set for SSL, not STARTTLS, but
maybe it was set for "either" and I didn't notice. If that is the
case, it looks like I'm out of luck on testing that aspect of it:

http://lists.xymon.com/oldarchive/2005/08/msg00079.html

- -- 
- ---- _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| |  | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBqXQUACgkQmb+gadEcsb4wPACbBmkP9ZS5G8mGV3XIGDP6Z/eX
ifQAn0iGZuoXxRVPeT2JAnQxDXyfzGPl
=gyTr
-----END PGP SIGNATURE-----




More information about the Xymon mailing list