The default test in protocols.cfg is
[smtp] send "mail\r\nquit\r\n" expect "220" options banner port 25
All of my smtp servers accept the connection, return the 220 response, and return a 50X response due to the mal-formed "mail" command. The test result in Xymon is green because of the 220 response, but my smtp logs an error for each connection.
I can replace the send-string with: send "quit\r\n" and get better behavior, but I expect that I'll need to make this change every time I update Xymon. It does not appear that re-defining the smtp test in a later (included) .cfg file replaces the first definition.
Two questions: Is there anyone for whom this test is _not_ filling up the error log on their smtp server?
If I edit the native protocol.cfg, am I correct that I'll need to replace protocols.cfg with each code update?
-- Do things because you should, not just because you can.
John Thurston 907-465-8591 John.Thurston at alaska.gov Enterprise Technology Services Department of Administration State of Alaska
Actually, it's probably not just the malformed MAIL command, but the lack of an EHLO or (for compatibility with older SMTP servers that are not ESMTP) HELO command, e.g. HELO myhostname
Do send strings allow variables? e.g. can one do send "HELO $MACHINEDOTS\r\nQUIT\r\n" and have it expanded properly?
On Thu, Mar 24, 2016 at 6:25 PM, John Thurston <john.thurston at alaska.gov> wrote:
The default test in protocols.cfg is
[smtp] send "mail\r\nquit\r\n" expect "220" options banner port 25
All of my smtp servers accept the connection, return the 220 response, and return a 50X response due to the mal-formed "mail" command. The test result in Xymon is green because of the 220 response, but my smtp logs an error for each connection.
I can replace the send-string with: send "quit\r\n" and get better behavior, but I expect that I'll need to make this change every time I update Xymon. It does not appear that re-defining the smtp test in a later (included) .cfg file replaces the first definition.
Two questions: Is there anyone for whom this test is _not_ filling up the error log on their smtp server?
If I edit the native protocol.cfg, am I correct that I'll need to replace protocols.cfg with each code update?
-- Do things because you should, not just because you can.
John Thurston 907-465-8591 John.Thurston at alaska.gov Enterprise Technology Services Department of Administration State of Alaska
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
On Thu, March 24, 2016 3:40 pm, Richard Hamilton wrote:
Actually, it's probably not just the malformed MAIL command, but the lack of an EHLO or (for compatibility with older SMTP servers that are not ESMTP) HELO command, e.g. HELO myhostname
Do send strings allow variables? e.g. can one do send "HELO $MACHINEDOTS\r\nQUIT\r\n" and have it expanded properly?
It could unfortunately be either of those issues. So long as the xymonnet tester is not performing real send/expect cycles but simply pre-loading the buffer, there's always the chance of this type of message.
I don't believe the send string is parsed for variables, however you may be able to get away with hard-coding the current server itself there.
On Thu, Mar 24, 2016 at 6:25 PM, John Thurston <john.thurston at alaska.gov> wrote:
The default test in protocols.cfg is
[smtp] send "mail\r\nquit\r\n" expect "220" options banner port 25
All of my smtp servers accept the connection, return the 220 response, and return a 50X response due to the mal-formed "mail" command. The test result in Xymon is green because of the 220 response, but my smtp logs an error for each connection.
I can replace the send-string with: send "quit\r\n" and get better behavior, but I expect that I'll need to make this change every time I update Xymon. It does not appear that re-defining the smtp test in a later (included) .cfg file replaces the first definition.
Two questions: Is there anyone for whom this test is _not_ filling up the error log on their smtp server?
If I edit the native protocol.cfg, am I correct that I'll need to replace protocols.cfg with each code update?
One option here is to place your edits in a separate file included at the top. But generally, yes. A later one will have no effect.
HTH, -jc
On 3/24/2016 3:39 PM, J.C. Cleaver wrote:
- snip -
Two questions: Is there anyone for whom this test is _not_ filling up the error log on their smtp server?
If I edit the native protocol.cfg, am I correct that I'll need to replace protocols.cfg with each code update?
One option here is to place your edits in a separate file included at the top.
Dang. I hadn't thought of that. I've now done this and the new test definitions behave as expected.
My first question, however, remains unanswered.
Is there anyone using the SMTP test for whom the test is _not_ generating smtp 50X error results?
Why is the xymon protocol test sending a blatantly invalid command "mail\r\n" to the smtp server?
The smtp verb MAIL must be followed with something to mail. Xymonnet isn't considering the response to this "send" string, only the response the smtp server gives to the initial connection. Where is the benefit of sending anything other than a "quit\r\n" to politely close the connection and free the smtp server-resources?
-- Do things because you should, not just because you can.
John Thurston 907-465-8591 John.Thurston at alaska.gov Enterprise Technology Services Department of Administration State of Alaska
Unless someone remembers the origin of that, I doubt you'll ever know for sure why. It might have been a workaround for some mail server quirk, or simply a mistake. If for some reason it works better with _any_ extra command before QUIT, perhaps NOOP (no-op) would be the best candidate. :-)
On Fri, Mar 25, 2016 at 2:12 PM, John Thurston <john.thurston at alaska.gov> wrote:
On 3/24/2016 3:39 PM, J.C. Cleaver wrote:
- snip -
Two questions:
Is there anyone for whom this test is _not_ filling up the error log on their smtp server?
If I edit the native protocol.cfg, am I correct that I'll need to replace protocols.cfg with each code update?
One option here is to place your edits in a separate file included at the top.
Dang. I hadn't thought of that. I've now done this and the new test definitions behave as expected.
My first question, however, remains unanswered.
Is there anyone using the SMTP test for whom the test is _not_ generating smtp 50X error results?
Why is the xymon protocol test sending a blatantly invalid command "mail\r\n" to the smtp server?
The smtp verb MAIL must be followed with something to mail. Xymonnet isn't considering the response to this "send" string, only the response the smtp server gives to the initial connection. Where is the benefit of sending anything other than a "quit\r\n" to politely close the connection and free the smtp server-resources?
-- Do things because you should, not just because you can.
John Thurston 907-465-8591 John.Thurston at alaska.gov Enterprise Technology Services Department of Administration State of Alaska
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
My memory is a bit hazy from back then, but there seemed to be cases where mail servers would immediately respond with a 4xx or 5xx error state after a MAIL from in certain cases, which would mean the service was down enough that you'd want a banner check to note it.
That being said, it's been a while since the heyday of MTA craziness and there are probably fewer of us running sendmail servers on single-core Athlon's with sky-high load averages.
The MAIL command itself doesn't seem to cause errors to be logged on my systems, but I know it has for others.
-jc
On Fri, March 25, 2016 12:25 pm, Richard Hamilton wrote:
Unless someone remembers the origin of that, I doubt you'll ever know for sure why. It might have been a workaround for some mail server quirk, or simply a mistake. If for some reason it works better with _any_ extra command before QUIT, perhaps NOOP (no-op) would be the best candidate. :-)
On Fri, Mar 25, 2016 at 2:12 PM, John Thurston <john.thurston at alaska.gov> wrote:
On 3/24/2016 3:39 PM, J.C. Cleaver wrote:
- snip -
Two questions:
Is there anyone for whom this test is _not_ filling up the error log on their smtp server?
If I edit the native protocol.cfg, am I correct that I'll need to replace protocols.cfg with each code update?
One option here is to place your edits in a separate file included at the top.
Dang. I hadn't thought of that. I've now done this and the new test definitions behave as expected.
My first question, however, remains unanswered.
Is there anyone using the SMTP test for whom the test is _not_ generating smtp 50X error results?
Why is the xymon protocol test sending a blatantly invalid command "mail\r\n" to the smtp server?
The smtp verb MAIL must be followed with something to mail. Xymonnet isn't considering the response to this "send" string, only the response the smtp server gives to the initial connection. Where is the benefit of sending anything other than a "quit\r\n" to politely close the connection and free the smtp server-resources?
-- Do things because you should, not just because you can.
John Thurston 907-465-8591 John.Thurston at alaska.gov Enterprise Technology Services Department of Administration State of Alaska
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
Ok, I checked the code (I think), and it does NOT appear to do variable substitutions on the send strings.
But unless an SMTP server is set up to be very strict, one can probably get away with sending "HELO bogus" i.e. there has to be something after HELO, but the server may not care what that is. It's redundant with the envelope info in MAIL From: anyway, I think.
On Thu, Mar 24, 2016 at 6:40 PM, Richard Hamilton <rlhamil2 at gmail.com> wrote:
Actually, it's probably not just the malformed MAIL command, but the lack of an EHLO or (for compatibility with older SMTP servers that are not ESMTP) HELO command, e.g. HELO myhostname
Do send strings allow variables? e.g. can one do send "HELO $MACHINEDOTS\r\nQUIT\r\n" and have it expanded properly?
On Thu, Mar 24, 2016 at 6:25 PM, John Thurston <john.thurston at alaska.gov> wrote:
The default test in protocols.cfg is
[smtp] send "mail\r\nquit\r\n" expect "220" options banner port 25
All of my smtp servers accept the connection, return the 220 response, and return a 50X response due to the mal-formed "mail" command. The test result in Xymon is green because of the 220 response, but my smtp logs an error for each connection.
I can replace the send-string with: send "quit\r\n" and get better behavior, but I expect that I'll need to make this change every time I update Xymon. It does not appear that re-defining the smtp test in a later (included) .cfg file replaces the first definition.
Two questions: Is there anyone for whom this test is _not_ filling up the error log on their smtp server?
If I edit the native protocol.cfg, am I correct that I'll need to replace protocols.cfg with each code update?
-- Do things because you should, not just because you can.
John Thurston 907-465-8591 John.Thurston at alaska.gov Enterprise Technology Services Department of Administration State of Alaska
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
participants (3)
-
cleaver@terabithia.org
-
john.thurston@alaska.gov
-
rlhamil2@gmail.com