[Xymon] Problem with the smtps test (unspecified SSL error)
Novosielski, Ryan
novosirj at umdnj.edu
Tue Oct 2 05:18:38 CEST 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/01/2012 10:58 PM, Jeremy Laidman wrote:
> On 28 September 2012 06:29, Ryan Novosielski <novosirj at umdnj.edu
> <mailto:novosirj at umdnj.edu>> wrote:
>
> Xymon 4.2.3 here still. For some reason, smtps doesn't test
> properly.
>
>
> From my tests, that server is not listening on port 587, or is
> being blocked by a firewall/router. But perhaps access is
> restricted.
>
> Assuming port 587 is open to you, you can test the SSL negotiation
> using openssl:
>
> $ openssl s_client -connect mail.umdnj.edu:587
> <http://mail.umdnj.edu:587> </dev/null
>
> This should show you certificate details. If it doesn't then
> there was no (valid) SSL handshake.
>
> At the very least, you should be able to connect with telnet:
>
> $ telnet mail.umdnj.edu <http://mail.umdnj.edu> 587 </dev/null
>
> This should show "Connected" and then immediately "Connection
> closed". If not, then you have a more elementary problem. If you
> get "Connection refused" then the service is probably not running.
> If you get a timeout, then there is probably a firewall/router
> blocking your packets.
Thanks Jeremy. I knew the port was definitely open so that was not at
issue. But the openssl response is abnormal and seems to match what
Xymon is getting:
# /opt/csw/bin/openssl s_client -connect mail.umdnj.edu:587 < /dev/null
CONNECTED(00000004)
8388:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:583:
Telnet seems to work as well but seems to work without SSL.
Trying 10.32.15.100...
Connected to mail.umdnj.edu.
Escape character is '^]'.
220 scpmmp1.umdnj.edu -- Server ESMTP (Oracle Communications Messaging
Exchange Server 7u4-22.01 64bit (built Apr 21 2011))
My current partially educated guess is this works via STARTTLS and not
straight SSL. Would you agree? That would seem to jive with this:
HELO umdnj.edu
250 scpmmp1.umdnj.edu OK, unknown [10.32.15.102].
STARTTLS
220 2.5.0 Go ahead with TLS negotiation.
I could have sworn my e-mail client was set for SSL, not STARTTLS, but
maybe it was set for "either" and I didn't notice. If that is the
case, it looks like I'm out of luck on testing that aspect of it:
http://lists.xymon.com/oldarchive/2005/08/msg00079.html
- --
- ---- _ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| | | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBqXQUACgkQmb+gadEcsb4wPACbBmkP9ZS5G8mGV3XIGDP6Z/eX
ifQAn0iGZuoXxRVPeT2JAnQxDXyfzGPl
=gyTr
-----END PGP SIGNATURE-----
More information about the Xymon
mailing list