monit-general
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cannot test SSL ports for Postfix and Dovecot

From: Martin Pala
Subject: Re: Cannot test SSL ports for Postfix and Dovecot
Date: Tue, 24 Jun 2014 16:40:44 +0200 
Hi,

yes, the Dovecot issue was Dovecot's bug (fixed in their development version).

I have tested your mailserver using the following configuration ... it works 
normally:

--8<--
check host chillimail with address mail.hot-chilli.net
        if failed host mail.hot-chilli.net port 465 type TCPSSL for 2 cycles 
then alert
--8<--

snip from Monit verbose mode:
--8<--
'mail.hot-chilli.net' succeeded connecting to INET[mail.hot-chilli.net:465] via 
TCPSSL
'mail.hot-chilli.net' succeeded testing protocol [DEFAULT] at 
INET[mail.hot-chilli.net:465] via TCPSSL
--8<--

The problem could be, that you're testing via 127.0.0.1 - the certificate is 
most probably issued for mail.hot-chilli.net, so the certificate doesn't match.

Regards,
Martin



On 24 Jun 2014, at 15:00, Martin Sebald <address@hidden> wrote:

> Hi,
> 
> hm, anyone, any idea? ;-)
> 
> Hanno Böck brought up the same problem with Dovecot, so this seems to be
> solved or at least know why it is happening, as it is a Dovecot problem.
> 
> But Postfix? Same problem?
> 
> Cheers,
> Martin
> 
> On 10.06.2014 21:13, Martin Sebald wrote:
>> Hello all,
>> 
>> I am new to this list because I cannot get my Monit problems fixed. So first
>> of all, hello everybody.
>> 
>> The problems are the following:
>> 
>> I tried everything, but I cannot get SSL tests up and running for Postfix and
>> Dovecot. I use Monit 5.8.1. Here is what I have/had/tried in the config (left
>> out uninteresting parts):
>> 
>> Postfix:
>> 
>> if failed host 127.0.0.1 port 465 type TCPSSL for 2 cycles then restart
>> 
>> I also tried with SSLV3 and TLSV1:
>> if failed host 127.0.0.1 port 465 type TCPSSL SSLV3 for 2 cycles then restart
>> if failed host 127.0.0.1 port 465 type TCPSSL TLSV1 for 2 cycles then restart
>> 
>> (I do not use "protocol smtp" here as I check SMTP-Auth by using expect/send
>> statements.)
>> 
>> Dovecot:
>> 
>> if failed host 127.0.0.1 port 993 type TCPSSL protocol imap for 2 cycles then
>> restart
>> if failed host 127.0.0.1 port 995 type TCPSSL protocol pop for 2 cycles then
>> restart
>> 
>> I also tried with SSLV3 and TLSV1, like with Postfix, see above.
>> 
>> Whatever I setup, Monit just tells me basicly the same for all 3 tests (1 for
>> Postfix, 2 for Dovecot) on its daemon website:
>> connection failed to 127.0.0.1:993 [IMAP via TCPSSL]
>> connection failed to 127.0.0.1:995 [POP via TCPSSL]
>> 
>> But there is intersting stuff in syslog:
>> Jun 10 15:55:34 server monit[31627]: Cannot get the SSL server certificate
>> Jun 10 15:55:34 server monit[31627]: 'postfix' failed, cannot open a
>> connection to INET[mail.hot-chilli.net:465] via TCPSSL
>> 
>> Jun 10 21:06:56 server monit[25072]: 'dovecot' failed protocol test [POP] at
>> INET[127.0.0.1:995] via TCPSSL -- POP: error receiving data -- Success
>> 
>> Jun 10 21:06:57 server monit[25072]: 'dovecot' failed protocol test [IMAP] at
>> INET[127.0.0.1:993] via TCPSSL -- IMAP: error receiving data -- Success
>> 
>> Can anybody help? I really am confused...
>> 
>> As we are planning to shut down the unencrypted ports in the near future the
>> monitoring should also work on the SSL ports as well.
>> 
>> Thanks a lot and cheers,
>> Martin
>> 
>> --
>> To unsubscribe:
>> https://lists.nongnu.org/mailman/listinfo/monit-general
>> 
> 
> --
> To unsubscribe:
> https://lists.nongnu.org/mailman/listinfo/monit-general
reply via email to
[Prev in Thread] Current Thread [Next in Thread]