2 files changed, 69 insertions, 20 deletions
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index e7cf2ea2..e4da30ed 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -282,6 +282,35 @@ main (int argc, char **argv)
                  } else {
                        ssl_established = 1;
                  }
+                /*
+                 * Resend the EHLO command.
+                 *
+                 * RFC 3207 (4.2) says: ``The client MUST discard any knowledge
+                 * obtained from the server, such as the list of SMTP service
+                 * extensions, which was not obtained from the TLS negotiation
+                 * itself.  The client SHOULD send an EHLO command as the first
+                 * command after a successful TLS negotiation.''  For this
+                 * reason, some MTAs will not allow an AUTH LOGIN command before
+                 * we resent EHLO via TLS.
+                 */
+                if (my_send(helocmd, strlen(helocmd)) <= 0) {
+                        printf(_("SMTP UNKNOWN - Cannot send EHLO command via TLS.\n"));
+                        my_close();
+                        return STATE_UNKNOWN;
+                }
+                if (verbose)
+                        printf(_("sent %s"), helocmd);
+                if ((n = my_recv(buffer, MAX_INPUT_BUFFER - 1)) <= 0) {
+                        printf(_("SMTP UNKNOWN - Cannot read EHLO response via TLS.\n"));
+                        my_close();
+                        return STATE_UNKNOWN;
+                }
+                if (verbose) {
+                        buffer[n] = '\0';
+                        printf("%s", buffer);
+                }
 #  ifdef USE_OPENSSL
                  if ( check_cert ) {
                    result = np_net_ssl_check_cert(days_till_exp);
@@ -705,8 +734,8 @@ print_help (void)
        printf (_(UT_IPv46));
        printf (" %s\n", "-e, --expect=STRING");
-  printf (_("String to expect in first line of server response (default: '%s')"),SMTP_EXPECT);
+  printf (_("    String to expect in first line of server response (default: '%s')\n"), SMTP_EXPECT);
-  printf (" %s\n\n", "-n, nocommand\n");
+  printf (" %s\n", "-n, nocommand");
  printf ("    %s\n", _("Suppress SMTP command"));
  printf (" %s\n", "-C, --command=STRING");
  printf ("    %s\n", _("SMTP command (may be used repeatedly)"));
@@ -734,6 +763,7 @@ print_help (void)
        printf (_(UT_VERBOSE));
+        printf("\n");
        printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return"));
  printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN.  Successful"));
  printf ("%s\n", _("connects, but incorrect reponse messages from the host result in"));
diff --git a/plugins/t/check_smtp.t b/plugins/t/check_smtp.t
index 3bf32ecf..0046a58a 100644
--- a/plugins/t/check_smtp.t
+++ b/plugins/t/check_smtp.t
@@ -6,29 +6,48 @@
 #
 use strict;
-use Test;
+use Test::More;
 use NPTest;
-use vars qw($tests);
+my $host_tcp_smtp      = getTestParameter( "NP_HOST_TCP_SMTP", 
-BEGIN {$tests = 5; plan tests => $tests}
+                                           "A host providing an SMTP Service (a mail server)", "mailhost");
-my $host_tcp_smtp      = getTestParameter( "host_tcp_smtp",      "NP_HOST_TCP_SMTP",      "mailhost",
+my $host_nonresponsive = getTestParameter( "NP_HOST_NONRESPONSIVE", 
-                                           "A host providing an STMP Service (a mail server)");
+                                           "The hostname of system not responsive to network requests", "10.0.0.1" );
-my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
+my $hostname_invalid   = getTestParameter( "NP_HOSTNAME_INVALID",   
-                                           "The hostname of system not responsive to network requests" );
+                                           "An invalid (not known to DNS) hostname", "nosuchhost" );
+my $res;
-my $hostname_invalid   = getTestParameter( "hostname_invalid",   "NP_HOSTNAME_INVALID",   "nosuchhost",
+plan tests => 8;
-                                           "An invalid (not known to DNS) hostname" );
-my %exceptions = ( 2 => "No SMTP Server present?" );
-my $t;
+SKIP: {
+        skip "No SMTP server defined", 3 unless $host_tcp_smtp;
+        $res = NPTest->testCmd( "./check_smtp $host_tcp_smtp" );
+        is ($res->return_code, 0, "OK");
+        
+        $res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp -p 25 -w 9 -c 9 -t 10 -e 220" );
+        is ($res->return_code, 0, "OK, within 9 second response");
-$t += checkCmd( "./check_smtp    $host_tcp_smtp",                                   0, undef, %exceptions );
+        $res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp -p 25 -wt 9 -ct 9 -to 10 -e 220" );
-$t += checkCmd( "./check_smtp -H $host_tcp_smtp -p 25 -t 1 -w 9 -c 9 -t 10 -e 220", 0, undef, %exceptions );
+        is ($res->return_code, 0, "OK, old syntax");
-$t += checkCmd( "./check_smtp -H $host_tcp_smtp -p 25 -wt 9 -ct 9 -to 10 -e 220",   0, undef, %exceptions );
-$t += checkCmd( "./check_smtp    $host_nonresponsive", 2 );
+        $res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp -e 221" );
-$t += checkCmd( "./check_smtp    $hostname_invalid",   3 );
+        is ($res->return_code, 1, "WARNING - got correct error when expecting 221 instead of 220" );
+        TODO: {
+                local $TODO = "Output is over two lines";
+                like ( $res->output, qr/^SMTP WARNING/, "Correct error message" );
+        }
+        # SSL connection
+        $res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp -p 25 -S" );
+        is ($res->return_code, 0, "OK, with STARTTLS" );
+}
+$res = NPTest->testCmd( "./check_smtp $host_nonresponsive" );
+is ($res->return_code, 2, "CRITICAL - host non responding" );
+$res = NPTest->testCmd( "./check_smtp $hostname_invalid" );
+is ($res->return_code, 3, "UNKNOWN - hostname invalid" );
-exit(0) if defined($Test::Harness::VERSION);
-exit($tests - $t);

diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index e7cf2ea2..e4da30ed 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c
@@ -282,6 +282,35 @@ main (int argc, char **argv)
282	} else {	282	} else {
283	ssl_established = 1;	283	ssl_established = 1;
284	}	284	}
		285
		286	/*
		287	* Resend the EHLO command.
		288	*
		289	* RFC 3207 (4.2) says: ``The client MUST discard any knowledge
		290	* obtained from the server, such as the list of SMTP service
		291	* extensions, which was not obtained from the TLS negotiation
		292	* itself. The client SHOULD send an EHLO command as the first
		293	* command after a successful TLS negotiation.'' For this
		294	* reason, some MTAs will not allow an AUTH LOGIN command before
		295	* we resent EHLO via TLS.
		296	*/
		297	if (my_send(helocmd, strlen(helocmd)) <= 0) {
		298	printf(_("SMTP UNKNOWN - Cannot send EHLO command via TLS.\n"));
		299	my_close();
		300	return STATE_UNKNOWN;
		301	}
		302	if (verbose)
		303	printf(_("sent %s"), helocmd);
		304	if ((n = my_recv(buffer, MAX_INPUT_BUFFER - 1)) <= 0) {
		305	printf(_("SMTP UNKNOWN - Cannot read EHLO response via TLS.\n"));
		306	my_close();
		307	return STATE_UNKNOWN;
		308	}
		309	if (verbose) {
		310	buffer[n] = '\0';
		311	printf("%s", buffer);
		312	}
		313
285	# ifdef USE_OPENSSL	314	# ifdef USE_OPENSSL
286	if ( check_cert ) {	315	if ( check_cert ) {
287	result = np_net_ssl_check_cert(days_till_exp);	316	result = np_net_ssl_check_cert(days_till_exp);
@@ -705,8 +734,8 @@ print_help (void)
705	printf (_(UT_IPv46));	734	printf (_(UT_IPv46));
706		735
707	printf (" %s\n", "-e, --expect=STRING");	736	printf (" %s\n", "-e, --expect=STRING");
708	printf (_("String to expect in first line of server response (default: '%s')"),SMTP_EXPECT);	737	printf (_(" String to expect in first line of server response (default: '%s')\n"), SMTP_EXPECT);
709	printf (" %s\n\n", "-n, nocommand\n");	738	printf (" %s\n", "-n, nocommand");
710	printf (" %s\n", _("Suppress SMTP command"));	739	printf (" %s\n", _("Suppress SMTP command"));
711	printf (" %s\n", "-C, --command=STRING");	740	printf (" %s\n", "-C, --command=STRING");
712	printf (" %s\n", _("SMTP command (may be used repeatedly)"));	741	printf (" %s\n", _("SMTP command (may be used repeatedly)"));
@@ -734,6 +763,7 @@ print_help (void)
734		763
735	printf (_(UT_VERBOSE));	764	printf (_(UT_VERBOSE));
736		765
		766	printf("\n");
737	printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return"));	767	printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return"));
738	printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN. Successful"));	768	printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN. Successful"));
739	printf ("%s\n", _("connects, but incorrect reponse messages from the host result in"));	769	printf ("%s\n", _("connects, but incorrect reponse messages from the host result in"));


diff --git a/plugins/t/check_smtp.t b/plugins/t/check_smtp.t index 3bf32ecf..0046a58a 100644 --- a/plugins/t/check_smtp.t +++ b/plugins/t/check_smtp.t
@@ -6,29 +6,48 @@
6	#	6	#
7		7
8	use strict;	8	use strict;
9	use Test;	9	use Test::More;
10	use NPTest;	10	use NPTest;
11		11
12	use vars qw($tests);	12	my $host_tcp_smtp = getTestParameter( "NP_HOST_TCP_SMTP",
13	BEGIN {$tests = 5; plan tests => $tests}	13	"A host providing an SMTP Service (a mail server)", "mailhost");
14		14
15	my $host_tcp_smtp = getTestParameter( "host_tcp_smtp", "NP_HOST_TCP_SMTP", "mailhost",	15	my $host_nonresponsive = getTestParameter( "NP_HOST_NONRESPONSIVE",
16	"A host providing an STMP Service (a mail server)");	16	"The hostname of system not responsive to network requests", "10.0.0.1" );
17		17
18	my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",	18	my $hostname_invalid = getTestParameter( "NP_HOSTNAME_INVALID",
19	"The hostname of system not responsive to network requests" );	19	"An invalid (not known to DNS) hostname", "nosuchhost" );
		20	my $res;
20		21
21	my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost",	22	plan tests => 8;
22	"An invalid (not known to DNS) hostname" );
23	my %exceptions = ( 2 => "No SMTP Server present?" );
24		23
25	my $t;	24	SKIP: {
		25	skip "No SMTP server defined", 3 unless $host_tcp_smtp;
		26	$res = NPTest->testCmd( "./check_smtp $host_tcp_smtp" );
		27	is ($res->return_code, 0, "OK");
		28
		29	$res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp -p 25 -w 9 -c 9 -t 10 -e 220" );
		30	is ($res->return_code, 0, "OK, within 9 second response");
26		31
27	$t += checkCmd( "./check_smtp $host_tcp_smtp", 0, undef, %exceptions );	32	$res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp -p 25 -wt 9 -ct 9 -to 10 -e 220" );
28	$t += checkCmd( "./check_smtp -H $host_tcp_smtp -p 25 -t 1 -w 9 -c 9 -t 10 -e 220", 0, undef, %exceptions );	33	is ($res->return_code, 0, "OK, old syntax");
29	$t += checkCmd( "./check_smtp -H $host_tcp_smtp -p 25 -wt 9 -ct 9 -to 10 -e 220", 0, undef, %exceptions );	34
30	$t += checkCmd( "./check_smtp $host_nonresponsive", 2 );	35	$res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp -e 221" );
31	$t += checkCmd( "./check_smtp $hostname_invalid", 3 );	36	is ($res->return_code, 1, "WARNING - got correct error when expecting 221 instead of 220" );
		37
		38	TODO: {
		39	local $TODO = "Output is over two lines";
		40	like ( $res->output, qr/^SMTP WARNING/, "Correct error message" );
		41	}
		42
		43	# SSL connection
		44	$res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp -p 25 -S" );
		45	is ($res->return_code, 0, "OK, with STARTTLS" );
		46	}
		47
		48	$res = NPTest->testCmd( "./check_smtp $host_nonresponsive" );
		49	is ($res->return_code, 2, "CRITICAL - host non responding" );
		50
		51	$res = NPTest->testCmd( "./check_smtp $hostname_invalid" );
		52	is ($res->return_code, 3, "UNKNOWN - hostname invalid" );
32		53
33	exit(0) if defined($Test::Harness::VERSION);
34	exit($tests - $t);