From ce85affd208cd8c873dd88c17b8d3d0540c8872e Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Thu, 13 Dec 2018 18:24:53 +0100 Subject: check_smtp: Add option to prefix PROXY header This enables checks of SMTP servers that expect the haproxy PROXY protocol: -o smtpd_upstream_proxy_protocol=haproxy. Backported from nagios-plugins: https://github.com/nagios-plugins/nagios-plugins/commit/3246efe923b5482c5024c40e593ce942e628a3cb --- plugins/check_smtp.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'plugins/check_smtp.c') diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index eaa7eeba..addabfc6 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c @@ -52,6 +52,7 @@ int days_till_exp_warn, days_till_exp_crit; enum { SMTP_PORT = 25 }; +#define PROXY_PREFIX "PROXY TCP4 0.0.0.0 0.0.0.0 25 25\r\n" #define SMTP_EXPECT "220" #define SMTP_HELO "HELO " #define SMTP_EHLO "EHLO " @@ -102,6 +103,7 @@ double critical_time = 0; int check_critical_time = FALSE; int verbose = 0; int use_ssl = FALSE; +short use_proxy_prefix = FALSE; short use_ehlo = FALSE; short use_lhlo = FALSE; short ssl_established = 0; @@ -184,6 +186,13 @@ main (int argc, char **argv) if (result == STATE_OK) { /* we connected */ + /* If requested, send PROXY header */ + if (use_proxy_prefix) { + if (verbose) + printf ("Sending header %s\n", PROXY_PREFIX); + send(sd, PROXY_PREFIX, strlen(PROXY_PREFIX), 0); + } + /* watch for the SMTP connection string and */ /* return a WARNING status if we couldn't read any data */ if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) { @@ -478,6 +487,7 @@ process_arguments (int argc, char **argv) {"starttls",no_argument,0,'S'}, {"certificate",required_argument,0,'D'}, {"ignore-quit-failure",no_argument,0,'q'}, + {"proxy",no_argument,0,'r'}, {0, 0, 0, 0} }; @@ -494,7 +504,7 @@ process_arguments (int argc, char **argv) } while (1) { - c = getopt_long (argc, argv, "+hVv46Lt:p:f:e:c:w:H:C:R:SD:F:A:U:P:q", + c = getopt_long (argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:SD:F:A:U:P:q", longopts, &option); if (c == -1 || c == EOF) @@ -621,6 +631,9 @@ process_arguments (int argc, char **argv) use_ssl = TRUE; use_ehlo = TRUE; break; + case 'r': + use_proxy_prefix = TRUE; + break; case 'L': use_lhlo = TRUE; break; @@ -819,6 +832,8 @@ print_help (void) printf (" %s\n", _("FROM-address to include in MAIL command, required by Exchange 2000")), printf (" %s\n", "-F, --fqdn=STRING"); printf (" %s\n", _("FQDN used for HELO")); + printf (" %s\n", "-r, --proxy"); + printf (" %s\n", _("Use PROXY protocol prefix for the connection.")); #ifdef HAVE_SSL printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]"); printf (" %s\n", _("Minimum number of days a certificate has to be valid.")); -- cgit v1.2.3-74-g34f1 From 6d5e81fcbadbef557cf3f61ce7fd6ef73e25683e Mon Sep 17 00:00:00 2001 From: Franz Schwartau Date: Mon, 12 Jun 2023 15:55:32 +0200 Subject: check_smtp: add missing -r option in usage --- plugins/check_smtp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/check_smtp.c') diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index addabfc6..a1debd25 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c @@ -875,6 +875,6 @@ print_usage (void) printf ("%s\n", _("Usage:")); printf ("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]\n", progname); printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n"); - printf ("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-v] \n"); + printf ("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-r] [-v] \n"); } -- cgit v1.2.3-74-g34f1 From d762fb137401491270c898febe07e34ba200e388 Mon Sep 17 00:00:00 2001 From: Franz Schwartau Date: Mon, 12 Jun 2023 22:09:54 +0200 Subject: check_smtp: update year in copyright header --- plugins/check_smtp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/check_smtp.c') diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index a1debd25..70191ad9 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c @@ -3,7 +3,7 @@ * Monitoring check_smtp plugin * * License: GPL -* Copyright (c) 2000-2007 Monitoring Plugins Development Team +* Copyright (c) 2000-2023 Monitoring Plugins Development Team * * Description: * -- cgit v1.2.3-74-g34f1 From 252272344ea63a164eabc1631e9b77450d2b1c4b Mon Sep 17 00:00:00 2001 From: Arkadiusz Miƛkiewicz Date: Fri, 30 Aug 2019 11:30:10 +0200 Subject: Add support for SNI in check_smtp. Add support for SSL/TLS hostname extension support (SNI) for check_smtp plugin. Backported from nagios-plugins: https://github.com/nagios-plugins/nagios-plugins/commit/9f1628f4b5525335ce1d6e48e8ac8b07d0757f82 --- plugins/check_smtp.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'plugins/check_smtp.c') diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index 70191ad9..c0ab838a 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c @@ -103,6 +103,7 @@ double critical_time = 0; int check_critical_time = FALSE; int verbose = 0; int use_ssl = FALSE; +int use_sni = FALSE; short use_proxy_prefix = FALSE; short use_ehlo = FALSE; short use_lhlo = FALSE; @@ -234,7 +235,7 @@ main (int argc, char **argv) smtp_quit(); return STATE_UNKNOWN; } - result = np_net_ssl_init(sd); + result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL)); if(result != STATE_OK) { printf (_("CRITICAL - Cannot create SSL context.\n")); close(sd); @@ -463,6 +464,10 @@ process_arguments (int argc, char **argv) int c; char* temp; + enum { + SNI_OPTION + }; + int option = 0; static struct option longopts[] = { {"hostname", required_argument, 0, 'H'}, @@ -485,6 +490,7 @@ process_arguments (int argc, char **argv) {"help", no_argument, 0, 'h'}, {"lmtp", no_argument, 0, 'L'}, {"starttls",no_argument,0,'S'}, + {"sni", no_argument, 0, SNI_OPTION}, {"certificate",required_argument,0,'D'}, {"ignore-quit-failure",no_argument,0,'q'}, {"proxy",no_argument,0,'r'}, @@ -631,6 +637,13 @@ process_arguments (int argc, char **argv) use_ssl = TRUE; use_ehlo = TRUE; break; + case SNI_OPTION: +#ifdef HAVE_SSL + use_sni = TRUE; +#else + usage (_("SSL support not available - install OpenSSL and recompile")); +#endif + break; case 'r': use_proxy_prefix = TRUE; break; @@ -839,6 +852,8 @@ print_help (void) printf (" %s\n", _("Minimum number of days a certificate has to be valid.")); printf (" %s\n", "-S, --starttls"); printf (" %s\n", _("Use STARTTLS for the connection.")); + printf (" %s\n", "--sni"); + printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); #endif printf (" %s\n", "-A, --authtype=STRING"); @@ -875,6 +890,6 @@ print_usage (void) printf ("%s\n", _("Usage:")); printf ("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]\n", progname); printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n"); - printf ("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-r] [-v] \n"); + printf ("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-r] [--sni] [-v] \n"); } -- cgit v1.2.3-74-g34f1