Service smtp on hostname is not OK : Unexpected service response
list Theodore A -fs Wilcox
We are getting yellow alerts for all SMTP tests in Xymon. The error given is "Service smtp on hostname is not OK : Unexpected service response". This is a new installation and all of the SMTP servers have been yellow since Xymon was started. Telnet into the server gives the response: "220 sv62.r1.fs.fed.us ESMTP Service ready at Mon, 24 Mar 2014 12:23:42 -0600". The hosts file is from Big Brother. All SMTP tests are SMTP.S. We tried commenting out any line in the [SMTP] section that starts with "Send", but that didn't change anything. There is nothing recent in the archives about this. Any suggestions? Ted This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately.
list Henrik Størner
▸
Den 24-03-2014 19:43, Wilcox, Theodore A -FS skrev:
We are getting yellow alerts for all SMTP tests in Xymon. The error given is “Service smtp on hostname is not OK : Unexpected service response”. This is a new installation and all of the SMTP servers have been yellow since Xymon was started. Telnet into the server gives the response: “220 sv62.r1.fs.fed.us ESMTP Service ready at Mon, 24 Mar 2014 12:23:42 -0600”. The hosts file is from Big Brother. All SMTP tests are SMTP.S. We tried commenting out any line in the [SMTP] section that starts with “Send”, but that didn’t change anything. There is nothing recent in the archives about this. Any suggestions?
Which SMTP server software are you using? The SMTP network test in Xymon 4 doesn't really adhere to the SMTP protocol specs, but it has worked for all of the server-types I know. Regards, Henrik
list Henrik Størner
Den 2014-03-25 16:54, Wilcox, Theodore A -FS skrev:
Which SMTP server software are you using?These are Domino and Lotus Notes servers running on AIX.
okay, that's a bit unusual. Might be why it hasn't shown up before. Would it be possible for you to do a network "snif" of the traffic between Xymon and these servers? E.g. on the Xymon server run "tcpdump -s 1500 -w xymon-smtp.dump host <ip-of-smtp-server> and tcp port 25". (Assuming this is not encrypted smtp). Thanks, Henrik
list Vernon Everett
Hi guys One of my clients is using Notes on Solaris, and the smtp test as defined in hosts.cfg is working perfectly. We are using Xymon 4.3.12 Hope it helps in tracking down any issues. Regards Vernon
▸
On 26 March 2014 19:55, Henrik Størner <user-ce4a2c883f75@xymon.invalid> wrote:
Den 2014-03-25 16:54, Wilcox, Theodore A -FS skrev:Which SMTP server software are you using? These are Domino and Lotus Notes servers running on AIX.okay, that's a bit unusual. Might be why it hasn't shown up before. Would it be possible for you to do a network "snif" of the traffic between Xymon and these servers? E.g. on the Xymon server run "tcpdump -s 1500 -w xymon-smtp.dump host <ip-of-smtp-server> and tcp port 25". (Assuming this is not encrypted smtp). Thanks, Henrik
--
"Accept the challenges so that you can feel the exhilaration of victory"
- General George Patton
list Theodore A -fs Wilcox
I commented out the lines that began with "send" in protocols.cfg and it is all green now. Theodore (Ted) Wilcox, PMP , ITIL Incident Management Program Manager, EOC Monitor CIO/EOC USDA Forest Service p: XXX-XXX-XXXX user-956989af94d8@xymon.invalid XXX Sun Avenue NE Albuquerque, NM XXXXX www.fs.fed.us Caring for the land and serving people
▸
-----Original Message-----
From: Henrik Størner [mailto:user-ce4a2c883f75@xymon.invalid]
Sent: Wednesday, March 26, 2014 5:55 AM
To: Wilcox, Theodore A -FS
Cc: xymon at xymon.com
Subject: RE: [Xymon] Service smtp on hostname is not OK : Unexpected service response
Den 2014-03-25 16:54, Wilcox, Theodore A -FS skrev:Which SMTP server software are you using?These are Domino and Lotus Notes servers running on AIX.
okay, that's a bit unusual. Might be why it hasn't shown up before. Would it be possible for you to do a network "snif" of the traffic between Xymon and these servers? E.g. on the Xymon server run "tcpdump -s 1500 -w xymon-smtp.dump host <ip-of-smtp-server> and tcp port 25". (Assuming this is not encrypted smtp). Thanks, Henrik This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately.
list Theodore A -fs Wilcox
Oops, it turned yellow again. I didn't wait long enough. So commenting out the line beginning with "expect" in addition turned them green
▸
Theodore (Ted) Wilcox, PMP , ITIL
Incident Management Program Manager, EOC Monitor
CIO/EOC
USDA Forest Service
p: XXX-XXX-XXXX
user-956989af94d8@xymon.invalid
XXX Sun Avenue NE
Albuquerque, NM XXXXX
www.fs.fed.us
Caring for the land and serving people
-----Original Message-----
From: Wilcox, Theodore A -FS
Sent: Friday, March 28, 2014 12:53 PM
To: 'Henrik Størner'
Cc: xymon at xymon.com
Subject: RE: [Xymon] Service smtp on hostname is not OK : Unexpected service response
I commented out the lines that began with "send" in protocols.cfg and it is all green now.
Theodore (Ted) Wilcox, PMP , ITIL
Incident Management Program Manager, EOC Monitor CIO/EOC USDA Forest Service
p: XXX-XXX-XXXX
user-956989af94d8@xymon.invalid
XXX Sun Avenue NE
Albuquerque, NM XXXXX
www.fs.fed.us
Caring for the land and serving people
-----Original Message-----
From: Henrik Størner [mailto:user-ce4a2c883f75@xymon.invalid]
Sent: Wednesday, March 26, 2014 5:55 AM
To: Wilcox, Theodore A -FS
Cc: xymon at xymon.com
Subject: RE: [Xymon] Service smtp on hostname is not OK : Unexpected service response
Den 2014-03-25 16:54, Wilcox, Theodore A -FS skrev:Which SMTP server software are you using?These are Domino and Lotus Notes servers running on AIX.
okay, that's a bit unusual. Might be why it hasn't shown up before. Would it be possible for you to do a network "snif" of the traffic between Xymon and these servers? E.g. on the Xymon server run "tcpdump -s 1500 -w xymon-smtp.dump host <ip-of-smtp-server> and tcp port 25". (Assuming this is not encrypted smtp). Thanks, Henrik This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately.
list Jeremy Laidman
▸
On 29 March 2014 06:09, Wilcox, Theodore A -FS <user-956989af94d8@xymon.invalid> wrote:
Oops, it turned yellow again. I didn't wait long enough. So commenting out the line beginning with "expect" in addition turned them green
Could be that you won't notice when if fails also. What I would do is to
work out the required send/expect strings to get it working correctly. A
tcpdump, as suggested by Henrik, would be a good start.
Do you have the "banner" keyword defined for [smtp] in protocols.cfg? If
you do (and it's the default) then you should see the message that comes
back from the server in the "smtp" status page. This string is what would
be matched against the expect string. If the banner doesn't include "220"
anywhere, then that's the reason it's failing, and what it shows instead
could be useful in working out what's wrong.
Or try this one-liner and see what comes back:
{ printf "mail\r\nquit\r\n"; sleep 1; } | telnet mail.cdn.telstra.com.au 25
J