-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 10/01/2012 10:58 PM, Jeremy Laidman wrote:

On 28 September 2012 06:29, Ryan Novosielski <novosirj at umdnj.edu <mailto:novosirj at umdnj.edu>> wrote:

Xymon 4.2.3 here still. For some reason, smtps doesn't test properly.

From my tests, that server is not listening on port 587, or is being blocked by a firewall/router. But perhaps access is restricted.

Assuming port 587 is open to you, you can test the SSL negotiation using openssl:

$ openssl s_client -connect mail.umdnj.edu:587 <http://mail.umdnj.edu:587> </dev/null

This should show you certificate details. If it doesn't then there was no (valid) SSL handshake.

At the very least, you should be able to connect with telnet:

$ telnet mail.umdnj.edu <http://mail.umdnj.edu> 587 </dev/null

This should show "Connected" and then immediately "Connection closed". If not, then you have a more elementary problem. If you get "Connection refused" then the service is probably not running. If you get a timeout, then there is probably a firewall/router blocking your packets.

Thanks Jeremy. I knew the port was definitely open so that was not at issue. But the openssl response is abnormal and seems to match what Xymon is getting:

/opt/csw/bin/openssl s_client -connect mail.umdnj.edu:587 < /dev/null

CONNECTED(00000004) 8388:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:583:

Telnet seems to work as well but seems to work without SSL.

Trying 10.32.15.100... Connected to mail.umdnj.edu. Escape character is '^]'. 220 scpmmp1.umdnj.edu -- Server ESMTP (Oracle Communications Messaging Exchange Server 7u4-22.01 64bit (built Apr 21 2011))

My current partially educated guess is this works via STARTTLS and not straight SSL. Would you agree? That would seem to jive with this:

HELO umdnj.edu 250 scpmmp1.umdnj.edu OK, unknown [10.32.15.102]. STARTTLS 220 2.5.0 Go ahead with TLS negotiation.

I could have sworn my e-mail client was set for SSL, not STARTTLS, but maybe it was set for "either" and I didn't notice. If that is the case, it looks like I'm out of luck on testing that aspect of it:

http://lists.xymon.com/oldarchive/2005/08/msg00079.html

• ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer |$&| |__| | | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBqXQUACgkQmb+gadEcsb4wPACbBmkP9ZS5G8mGV3XIGDP6Z/eX ifQAn0iGZuoXxRVPeT2JAnQxDXyfzGPl =gyTr -----END PGP SIGNATURE-----