[Xymon] smtps checks seem to always fail
Ralph M
ralphmitchell at gmail.com
Wed Jun 16 07:40:13 CEST 2021
Are you getting an "sslcert" column? It gets generated automatically for
https and similar protocols, but I don't know it that's generated for
smtps. If it is, you can alert on that column. You can set WARN and PANIC
number of days in the hosts.cfg entry.
Ralph Mitchell
On Wed, Jun 16, 2021 at 1:29 AM Lists <lists at benjamindsmith.com> wrote:
> On Tuesday, June 15, 2021 7:46:56 PM PDT Jeremy Laidman wrote:
> > Benjamin
> >
> > Firstly, you'll see 220 at the very start, and then 250 after sending
> EHLO
> > or HELO. So you were correct the first time, with "expect 220".
>
> Thanks Jeremy, I put this back
>
> > Secondly, the mail server uses STARTTLS, so it's not doing encryption at
> > the point that the EHLO and QUIT strings are sent. The "ssl" option in
> > protocols.cfg assumes SSL/TLS is present during the handshake,
> immediately
> > after the TCP connection is established, rather than after issuing the
> > "send" string. Try removing the "ssl" option from protocols.cfg and see
> if
> > that helps.
>
> And when I do this, it "tests green" but apparently no longer is testing
> the
> SSL certificate.
>
> Is there a way to have xymon test the validity and currency of the SSL
> certificate too? Especially with LetsEncrypt certificates, I'd like to
> have
> warning if there is a problem with the postfix certificate config.
>
> Thanks,
>
> Ben _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20210616/b8593521/attachment.htm>
More information about the Xymon
mailing list