On Tuesday, June 15, 2021 7:46:56 PM PDT Jeremy Laidman wrote:
Benjamin
Firstly, you'll see 220 at the very start, and then 250 after sending EHLO or HELO. So you were correct the first time, with "expect 220".
Thanks Jeremy, I put this back
Secondly, the mail server uses STARTTLS, so it's not doing encryption at the point that the EHLO and QUIT strings are sent. The "ssl" option in protocols.cfg assumes SSL/TLS is present during the handshake, immediately after the TCP connection is established, rather than after issuing the "send" string. Try removing the "ssl" option from protocols.cfg and see if that helps.
And when I do this, it "tests green" but apparently no longer is testing the SSL certificate.
Is there a way to have xymon test the validity and currency of the SSL certificate too? Especially with LetsEncrypt certificates, I'd like to have warning if there is a problem with the postfix certificate config.
Thanks,
Ben