On Sun, Oct 09, 2005 at 06:15:18PM +0200, Jeroen van Wolffelaar wrote: > It sends a HELO, yes, but not an EHLO, which is still wrong when you want to > do TLS. > > < 220 Personal mailserver of Jeroen van Wolffelaar <[EMAIL PROTECTED]>, using > Debian Exim > > HELO bla > < 250 mordor.wolffelaar.nl Hello 22pc220.sshunet.nl [145.97.220.22] > > STARTTLS > < 503 STARTTLS command used when not advertised > > [EMAIL PROTECTED] > < 421 mordor.wolffelaar.nl lost input connection > > Note that nagios starts TLS even though it's being refused by the SMTP server.
okay, so then then that's two problems, as even though the starttls
was refused to the first error, it blindly kept on going regardless of
the 5xx error.
> It also doesn't send a FQDN as HELO/EHLO parameter, which is technically also
> an SMTP protocol failure. the hostname -f FQDN would do, for example, and/or
> making is configureable.
i don't know of a generalizable-but-portable way to get the
hostname+fqdn within C, but perhaps some ifdefs could be used to
use gethostname/getdomainname if available for a default value,
and provide a cmdline option to override that. how does that sound?
> You are right though that it behaves a little bit better, it's just not quite
> there yet. Something that, to be honest, should have been obvious reading the
> buglog & peeking at the code(-changes), so I'm wondering why you closed the
> bug, but oh well. In the even I suddenly get magically enough time left over,
> I'll take a stab at the code myself... But honesty requires me to admit that's
> quite unlikely to happen anywhere soon.
yeah, i suppose a more critical eye should have caught that, but given
the large number of bugs i'm having to address w/nagios-plugins,
i'm doing a bit of skimming here and there, as has been made evident.
anyway, don't worry about spending time on this one, i'll hack a fix
together. however, if you could address the issues in the ntp-related
bugs (verifying the old patch is still valid, and any additional
patching/removal of code you'd recommend for the ntpdate stuff), i'd be
very appreciative.
sean
--
signature.asc
Description: Digital signature
