[Xymon] SMTP checks

Jeremy Laidman jeremy at laidman.org
Wed Sep 29 14:31:03 CEST 2021 

Lars, I could be wrong, but I think I remember someone posting that the
send/expect doesn't support multiples for a single protocol. So your
send/expect/send sequence might just be a send/expect sequence.

If I append a second expect and send after the first instances in the
[smtp] section (of protocols.cfg) and then run "xymonnet --dump=before" I
see this:

10007 2021-09-29 22:05:48  Name      : smtp
10007 2021-09-29 22:05:48    Sendtext: extra-send\r\n
10007 2021-09-29 22:05:48    Sendlen : 12
10007 2021-09-29 22:05:48    Exp.text: extra-expect
10007 2021-09-29 22:05:48    Exp.len : 12
10007 2021-09-29 22:05:48    Exp.ofs : 0
10007 2021-09-29 22:05:48    Flags   : 1
10007 2021-09-29 22:05:48    Port    : 25

It has ignored the original instances, and only sees the ones I added
after. So it looks like xymonnet only takes the last send, and last expect,
that are defined for a protocol.

If this is the case, your [smtp] definition is essentially "send quit\r\n"
and "expect 220".

In fact, running xymonnet via strace, with your configuration, shows this:

connect(3, {sa_family=AF_INET, sin_port=htons(25),
sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in
progress)
write(3, "quit\r\n", 6)                 = 6
read(3, "220 <servername> ESMTP Postfix\r\n221 2.0.0 Bye\r\n", 4095) = 60
close(3)

The "ehlo string" was completely ignored, and was not sent to the mail
server.

Also, note that the quit was sent BEFORE the banner was read. This suggests
to me that the "expect" looks at the banner that is sent before the "send"
command is sent. In fact, the only way I could make my test go green was to
either remove "--checkresponse" or to match the start of the banner, which
is "220". I can match stuff after the 220 (eg expect "220 <servername>
ESMTP") but whatever is in the expect string must be at the start of the
banner.

J

On Wed, 29 Sept 2021 at 21:39, Lars Kollstedt <lk at man-da.de> wrote:

> On Mittwoch, 29. September 2021 12:18:19 CEST Ian Diddams via Xymon wrote:
> >
> >  improper command pipelining after EHLO from unknown[x.x.x.x]
>
> Hello Ian,
>
> the following works for me without this log message:
>
> [smtp]
>    send "ehlo xymonnet\r\n"
>    expect "220"
>    send "quit\r\n"
>    options banner
>    port 25
>
> But I have the sends and expects commented out for smtps (with
> authentication)
> due to TLS 1.3 issues at the moment.
>
> Kind regards,
>         Lars
>
> --
> Lars Kollstedt
>
> Telefon: +49 6151 16-71027
> E-Mail:  lk at man-da.de
>
> man-da.de GmbH
> Dolivostraße 11
> 64293 Darmstadt
>
> Sitz der Gesellschaft: Darmstadt
> Registergericht: Amtsgericht Darmstadt
> Handelsregisternummer: HRB 9484
> Geschäftsführer: Andreas Ebert
>
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20210929/df559f19/attachment.htm>

More information about the Xymon mailing list