I'm trying to use this command to check on port 587 for my postfix server.
Using nmap -P0 mail.server.com
I see this:
Starting Nmap 5.51 ( http://nmap.org ) at 2013-11-04 05:01 PST
Nmap scan report for mail.server.com (xx.xx.xx.xx)
Host is up (0.0016s latency).
rDNS record for xx.xx.xx.xx: another.server.com
Not shown: 990 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
110/tcp open pop3
111/tcp open rpcbind
143/tcp open imap
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
5666/tcp open nrpe
So I know the relevant ports for smtps (465 or 587) are open.
When I use openssl s_client -connect mail.server.com:587 -starttls smtp
I get a connection with all the various SSL info. (Same for port 465).
But when I try libexec/check_ssmtp -H mail.server.com -p587
I get:
CRITICAL - Cannot make SSL connection.
140200102082408:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:699:
What am I doing wrong?
You need to use the
-S
flag with thecheck_smtp
command, as MadHatter correctly states, the check_ssmtp plugin is for SSL enabled SMTP only.MadHatter adds (with NickW's kind permission):
This is from
tcpdump -n -n -X host www.teaparty.net
on my NAGIOS server, whilst at the same time running/usr/lib64/nagios/plugins/check_smtp -H www.teaparty.net -p 25 -S
. You'll note that TLS is clearly requested and initiated (I have cut out all the tedious certificate exchange that happened immediately afterwards).