Xymon Mailing List Archive search

SMTP checks

list Jeremy Laidman
Wed, 29 Sep 2021 22:42:18 +1000
Message-Id: <CACO=ejzS4GAew=kYNPUjE8EhHFjeg+OBRaAaqRTSG3=user-f649eb8dc1f5@xymon.invalid>

Ian

I believe the postfix warning is because there's a "mail" command before a
"helo" or "ehlo" command. Pipelining is when Postfix checks to see that the
mail client is waiting for the response to one command, before sending the
next command, rather than just sending a "pipeline" of commands without
checking the results of each. Spamming robots do this kind of thing. You
can either modify the postfix configuration (see reject_unauth_pipelining),
or adjust the [smtp] protocol to not start sending a mail message. I'd
suggest sending "ehlo xymonnet\r\nquit\r\n".

What triggers the smtp check is:
a) you have "smtp" on the host's line in hosts.cfg, and
b) you have xymonnet being launched every 5 minutes, which reads hosts.cfg,
sees "smtp" and looks up the [smtp] section in protocols.cfg

When there's a test failure, xymonnet-again runs every minute and does a
rapid re-check of any failed tests. So a test that goes red can go green
again a minute later. In fact, xymonnet and xymonnet-again don't seem to be
synchronised at all, so I guess it's possible for xymonnet to run
immediately after xymonnet has finished.

J

On Wed, 29 Sept 2021 at 20:18, Ian Diddams via Xymon <xymon at xymon.com>
wrote:

---------- Forwarded message ----------
From: Ian Diddams <user-7fbf34ed5219@xymon.invalid>
To: xymon <xymon at xymon.com>
Cc:
Bcc:
Date: Wed, 29 Sep 2021 10:18:19 +0000 (UTC)
Subject: Re: [Xymon] SMTP checks
I also can see from the maillog that when the smtp check occurs


Sep 29 11:05:01 oscar postfix/smtpd[27269]: connect from unknown[x.x.x.x]
Sep 29 11:05:01 oscar postfix/smtpd[27269]: improper command pipelining
after MAIL from unknown [x.x.x.x]
Sep 29 11:05:01 oscar postfix/smtpd[27269]: disconnect from unknow
[x.x.x.x]

so obviously the smtp check is sending something postfix doesnt
like/handle.  That isnt a bhiggy in itself - bgut it nojw makes me wonder
out of curiosity exactly what the logic of  the smtp check is..

I also tried Jeremy's example of "ehlo xymonnet\r\nquit\r\n" in
protocols.cfg - that also has the same warning/error in maillog

 improper command pipelining after EHLO from unknown[x.x.x.x]

all jolly wierd,....

ian


On Wednesday, 29 September 2021, 10:59:09 BST, Ian Diddams via Xymon <
xymon at xymon.com> wrote:


secondary question...

what triggers the smtp check?

Ive had instances where the test goes red, and then just a few seconds
later back to green.  So this isnt a standard "every 5 minutes" clearly ?

...
Wed Sep 29 08:44:39 2021 green 0:02:13
Wed Sep 29 08:44:15 2021 red 0:00:24
Wed Sep 29 07:44:36 2021 green 0:59:39
...

anybody know?

cheers

ian


---------- Forwarded message ----------
From: Ian Diddams via Xymon <xymon at xymon.com>
To: xymon <xymon at xymon.com>
Cc:
Bcc:
Date: Wed, 29 Sep 2021 10:18:19 +0000 (UTC)
Subject: Re: [Xymon] SMTP checks