- edited description
SMTP TLS/SSL Check no other port than 25/587 possible
There is a connection error when specifying another port than 25 or 587.
[CEST Jul 7 13:17:44] warning : 'postfix_20025_20587' failed protocol test [SMTP] at [localhost]:20025 [TCP/IP TLS] -- SSL connection error: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol [CEST Jul 7 13:17:44] warning : 'postfix_20025_20587' certificate expiry in 0 days matches check limit [valid > 30 days]
Also as you can see the second line alos prints a false positive fail because the certificate cannot be checked.
Monitrc:
check process postfix_25_587 pidfile /var/spool/postfix/pid/master.pid if failed host localhost port 20587 protocol smtps certificate valid > 30 days for 3 cycles then alert
Comments (5)
-
reporter -
repo owner -
assigned issue to
- edited description
-
assigned issue to
-
repo owner If you set the protocol to "smtps", then monit enables performs an SSL handshake during connection, which in your case fails, because the target mailserver doesn't speak SSL on connect ... it is most probably just plaintext protocol with STARTTLS command. Monit switches from SSL to STARTTLS automatically only for well-known STARTTLS ports: 25 and 587.
Workaround: modify the configuration to plaintext SMTP protocol test ... you will have to drop the certificate check:
check process postfix_25_587 pidfile /var/spool/postfix/pid/master.pid if failed host localhost port 20587 protocol smtp for 3 cycles then alert
We'll implement STARTLS support for non-default SMTP ports, so it'll be possible to checks SSL certificates too.
-
repo owner - marked as enhancement
- marked as minor
-
reporter Thanks alot for clearing things up, and also for your fast response, as always!
- Log in to comment