Bug 1662677 - check_smtp plugin fails to properly detect availability of STARTTLS
Summary: check_smtp plugin fails to properly detect availability of STARTTLS
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: nagios-plugins
Version: epel7
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Stephen John Smoogen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-31 14:08 UTC by Josh Malone
Modified: 2019-01-07 13:37 UTC (History)
10 users (show)

Fixed In Version: nagios-plugins-2.2.1-16.20180725git3429dad.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-01-05 00:44:28 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Josh Malone 2018-12-31 14:08:48 UTC
Description of problem:

The latest check_smtp plugin version fails to properly detect availability of STARTTLS on the server and reports a false error for the service. Proper TLS configuration of my servers has been verified by clients and testssl.sh


Version-Release number of selected component (if applicable):

nagios-plugins-smtp-2.2.1-15.20180725git3429dad.el7.x86_64

How reproducible:

Every time

Steps to Reproduce:
1. Properly configure an SMTP server to support starttls
2. Execute a check of the service using the -S and -D options to check TLS:
    `check_smtp -H 192.33.115.33 -S -D 30`
3. Observe the warning that TLS is not supported (when it, in fact, is) 

Actual results:

[root@sysmon ~]# /usr/lib64/nagios/plugins/check_smtp -H 192.33.115.33 -S -D 30 -v
HELOCMD: EHLO sysmon
Sending header PROXY TCP4 0.0.0.0 0.0.0.0 25 25

220 corvus.cv.nrao.edu ESMTP Sendmail 8.14.4/8.14.4; Mon, 31 Dec 2018 08:31:44 -0500
WARNING - TLS not supported by server
sent QUIT
received 250-corvus.cv.nrao.edu Hello nagios.cv.nrao.edu [10.2.96.126], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP

Expected results:

[root@sysmon ~]# /usr/local/nagios/plugins/check_smtp -H 192.33.115.33 -S -D 30 -v
HELOCMD: EHLO sysmon
220 corvus.cv.nrao.edu ESMTP Sendmail 8.14.4/8.14.4; Mon, 31 Dec 2018 09:04:08 -0500
sent EHLO sysmon
250-corvus.cv.nrao.edu Hello nagios.cv.nrao.edu [10.2.96.126], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
SSL OK - Certificate '*.cv.nrao.edu' will expire on 2019-04-26 19:59 -0400/EDT. sent QUIT
received 221 2.0.0 corvus.cv.nrao.edu closing connection

Additional info:

Compiling check_smtp from the current nagios-plugins 2.2.1 from upstream vendor (https://www.nagios.org/downloads/nagios-plugins/) does not exhibit this issue.

Comment 1 Klaus Tachtler 2019-01-01 16:50:04 UTC
Same issue with the nagios-plugins-smtp-2.2.1-15.20180725git3429dad.el7.x86_64

# /usr/lib64/nagios/plugins/check_smtp -S -H 127.0.0.1 -p 25 -D 21 -v
HELOCMD: EHLO server110
Sending header PROXY TCP4 0.0.0.0 0.0.0.0 25 25

220 vml70110.idmz.tachtler.net ESMTP Postfix
WARNING - TLS not supported by server
sent QUIT
received 250-server110
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

/usr/lib64/nagios/plugins/check_smtp does NOT detect the EHLO answer 250-STARTTLS correctly.

Comment 2 Stephen John Smoogen 2019-01-02 23:24:21 UTC
I have opened this up as an issue in the upstream: https://github.com/nagios-plugins/nagios-plugins/issues/431 . That said, I am not sure what the state of this source code base is as it has not seen a merge since 2017. I will see if there is a more active upstream who might have fixed this already.

Comment 3 Klaus Tachtler 2019-01-03 08:05:30 UTC
There is a PUIAS package: https://centos.pkgs.org/7/puias-unsupported-x86_64/nagios-plugins-smtp-2.2.1-9git5c7eb5b9.sdl7.x86_64.rpm.html which work as expected.

Comment 4 Fedora Update System 2019-01-03 11:15:29 UTC
nagios-plugins-2.2.1-16.20180725git3429dad.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-0a4389d486

Comment 5 Adrian Perez Rodriguez 2019-01-03 12:59:18 UTC
I confirm that this build https://bodhi.fedoraproject.org/updates/nagios-plugins-2.2.1-16.20180725git3429dad.el7 works as expected.

Comment 6 Fedora Update System 2019-01-04 00:51:33 UTC
nagios-plugins-2.2.1-16.20180725git3429dad.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-0a4389d486

Comment 7 Fedora Update System 2019-01-05 00:44:28 UTC
nagios-plugins-2.2.1-16.20180725git3429dad.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Josh Malone 2019-01-07 13:37:27 UTC
(In reply to Fedora Update System from comment #7)
> nagios-plugins-2.2.1-16.20180725git3429dad.el7 has been pushed to the Fedora
> EPEL 7 stable repository. If problems still persist, please make note of it
> in this bug report.

Confirming fixed in my env. Thank you!


Note You need to log in before you can comment on or make changes to this bug.