Description of problem: The latest check_smtp plugin version fails to properly detect availability of STARTTLS on the server and reports a false error for the service. Proper TLS configuration of my servers has been verified by clients and testssl.sh Version-Release number of selected component (if applicable): nagios-plugins-smtp-2.2.1-15.20180725git3429dad.el7.x86_64 How reproducible: Every time Steps to Reproduce: 1. Properly configure an SMTP server to support starttls 2. Execute a check of the service using the -S and -D options to check TLS: `check_smtp -H 192.33.115.33 -S -D 30` 3. Observe the warning that TLS is not supported (when it, in fact, is) Actual results: [root@sysmon ~]# /usr/lib64/nagios/plugins/check_smtp -H 192.33.115.33 -S -D 30 -v HELOCMD: EHLO sysmon Sending header PROXY TCP4 0.0.0.0 0.0.0.0 25 25 220 corvus.cv.nrao.edu ESMTP Sendmail 8.14.4/8.14.4; Mon, 31 Dec 2018 08:31:44 -0500 WARNING - TLS not supported by server sent QUIT received 250-corvus.cv.nrao.edu Hello nagios.cv.nrao.edu [10.2.96.126], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-STARTTLS 250-DELIVERBY 250 HELP Expected results: [root@sysmon ~]# /usr/local/nagios/plugins/check_smtp -H 192.33.115.33 -S -D 30 -v HELOCMD: EHLO sysmon 220 corvus.cv.nrao.edu ESMTP Sendmail 8.14.4/8.14.4; Mon, 31 Dec 2018 09:04:08 -0500 sent EHLO sysmon 250-corvus.cv.nrao.edu Hello nagios.cv.nrao.edu [10.2.96.126], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH LOGIN PLAIN 250-DELIVERBY 250 HELP SSL OK - Certificate '*.cv.nrao.edu' will expire on 2019-04-26 19:59 -0400/EDT. sent QUIT received 221 2.0.0 corvus.cv.nrao.edu closing connection Additional info: Compiling check_smtp from the current nagios-plugins 2.2.1 from upstream vendor (https://www.nagios.org/downloads/nagios-plugins/) does not exhibit this issue.
Same issue with the nagios-plugins-smtp-2.2.1-15.20180725git3429dad.el7.x86_64 # /usr/lib64/nagios/plugins/check_smtp -S -H 127.0.0.1 -p 25 -D 21 -v HELOCMD: EHLO server110 Sending header PROXY TCP4 0.0.0.0 0.0.0.0 25 25 220 vml70110.idmz.tachtler.net ESMTP Postfix WARNING - TLS not supported by server sent QUIT received 250-server110 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN /usr/lib64/nagios/plugins/check_smtp does NOT detect the EHLO answer 250-STARTTLS correctly.
I have opened this up as an issue in the upstream: https://github.com/nagios-plugins/nagios-plugins/issues/431 . That said, I am not sure what the state of this source code base is as it has not seen a merge since 2017. I will see if there is a more active upstream who might have fixed this already.
There is a PUIAS package: https://centos.pkgs.org/7/puias-unsupported-x86_64/nagios-plugins-smtp-2.2.1-9git5c7eb5b9.sdl7.x86_64.rpm.html which work as expected.
nagios-plugins-2.2.1-16.20180725git3429dad.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-0a4389d486
I confirm that this build https://bodhi.fedoraproject.org/updates/nagios-plugins-2.2.1-16.20180725git3429dad.el7 works as expected.
nagios-plugins-2.2.1-16.20180725git3429dad.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-0a4389d486
nagios-plugins-2.2.1-16.20180725git3429dad.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
(In reply to Fedora Update System from comment #7) > nagios-plugins-2.2.1-16.20180725git3429dad.el7 has been pushed to the Fedora > EPEL 7 stable repository. If problems still persist, please make note of it > in this bug report. Confirming fixed in my env. Thank you!