Ian

On Thu, 28 Oct 2021 at 23:08, Ian Diddams via Xymon <xymon at xymon.com> wrote:

we ahve a client configured thus

10.108.249.162 colt # ssh ntp MAINTNC:linux smtp

This smtp c heck has been green for ever - literally. It has suddenly alerted overnight and is remaining so

Service smtp on colt is not OK : Service listening but unavailable (connect timeout) Seconds: 0.001814000

"listening" means it's accepting TCP connections.

I can telnet from the xymon server on port 25 fine.

"connect timeout" means xymonnet was waiting for something that didn't come in time. I wonder if you have an "expect" string in the [smtp] section of protocols.cfg, causing xymonnet to wait for a string containing "220" but that never arrives.

postfix services on colt are working seemingly correctly (eg i can send a

mail successfully from a client that uses colt as a smtp server)

So Im now trying to find out what it is that this smtp check atually does in order to find out why it now thinks it cant do it.

The error suggests indeed its a timeout issue - but the telnet test connects immeditaely (no obvious lag anyway)

thoughts/

ian

Maybe check your Postfix logs to see if something is happening there. Have you upgraded/reconfigured Postfix recently? In some configurations, Postfix has been known to reject "pipelining" which is sending multiple commands (eg "mail" and then "quit") without waiting for a response after each command. When this happens, Postfix rejects the command, but doesn't send a "220" nor does it close the connection. Or it might be as simple as your Xymon server being removed from Postfix's allowed senders lists.

Here's the [smtp] section from the standard protocols.cfg:

[smtp] send "mail\r\nquit\r\n" expect "220" options banner port 25

Compare with yours.

You could do a packet capture to see what the dialog looks like, and compare it to the send/expect in protocols.cfg. You could try simulating the "send" string from protocols.cfg (after telnetting to port 25) and see if you get a 220 response. You could comment out the expect string in protocols.cfg and see if it starts working. You could take a look at (and perhaps even share here) the banner displayed in the smtp check status page, as that might give a clue as to what's not right.

I seem to recall a discussion about SMTP pipelining on this list, only a few weeks ago. Perhaps re-read that discussion to see if there are any nuggets of wisdom that could help.

Cheers Jeremy