On Monday 19 April 2010 01:06:40 Josip Rodin wrote: > I noticed our check_smtp was sending garbage in HELO, > > % /usr/lib/nagios/plugins/check_smtp -v 127.0.0.1 | head -1 > HELOCMD: HELO shortmachinename > > When is it ever a good idea to send the unqualified hostname as HELO? > Doing that to an actual real-world SMTP server just makes Nagios look like > a spammer :)
citing Holger Weiss from irc: I'm not sure whether trying to get a FQDN automagically is such a good idea. The only reasonable way to do so would be to issue a DNS query asking for the PTR record of some IP address. Given that your system might have multiple addresses: which one? If you have a patch which implements that, and which falls back to using the IP address if the lookup fails (as suggested by the RFC), I'd consider it. But the standard says that the server MUST accept any garbage. So, as far as I'm concerned, it's quite reasonable for a Nagios plugin to use some dummy value and let the users who care configure the FQDN manually. You can also find another irclog attached. So ... patches are welcome. With kind regards, Jan. -- Never write mail to <w...@spamfalle.info>, you have been warned! -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT d-- s+: a C+++ UL++++ P+ L+++ E--- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h---- r+++ y++++ ------END GEEK CODE BLOCK------
--- Log opened Mo Apr 19 00:00:59 2010 13:03 < emias> spy6, dermoth: Hmm, the SMTP standard says we "SHOULD" specify an IP address if the FQDN is not available. 13:03 < emias> I'd apply a patch which does just that. 13:03 < spy6> emias: the problem is, that the fqdn is not tried to find out 13:04 < spy6> emias: the short hostname is used in any case 13:04 < emias> Unless --fqdn was specified, yes. 13:04 < spy6> emias: yes .. but the fqdn should be used in any case 13:04 < spy6> emias: the hostname itself seems totally senseless 13:05 < spy6> (beside it was easier to implement) 13:06 < emias> It's not always possible to determine the FQDN. 13:06 < emias> check_smtp even runs on systems which don't have a FQDN pointing at them :-) 13:06 < spy6> emias: in this case you could fall back 13:08 < emias> *shrug*, I'd accept a patch which does that, too. But it should be a non-issue in practice. 13:08 < emias> We're talking about SHOULD clauses in the standard. And the standard also states that the server MUST accept any garbage. 13:09 < emias> Well, the standard says that the client MUST "try" to get the FQDN. I'd say it "tries" to retrieve the argument to the --fqdn option :-) 13:13 < emias> spy6: I doubt you'll find any SMTP client code which tries to automagically determine the FQDN. It would have to check which of the possibly multiple interfaces will be used for contacting the server and resolve the IP address, and even then, the result might still be incorrect. 13:14 < emias> spy6: Mail readers will probably just use the domain part of the email address you configured, SMTP servers (when acting as clients) will usually consult their configuration. So IMO, it's quite reasonable for a Nagios plugin to use some dummy value and let the users who care configure the FQDN manually. 13:26 < spy6> emias: do you have a rtfm for the "standard"? 13:28 < spy6> emias: you are true ... even if the plugin is executed anywhere behind a NATing device, it fails 13:28 < spy6> emias: maybe you could declare then in the open bug? 13:30 < spy6> discovering the interface should ne "easy" just looking, over which dev the route to the dst is used# 13:30 < emias> Well, the current revision is RFC 5321. That one actually states that we SHOULD no longer use HELO, but EHLO instead. (But the same rules apply, more or less.) 13:30 < emias> ftp://ftp.fu-berlin.de/doc/rfc/rfc5321.txt 13:30 < spy6> but yes, there are many points to fail detecting the fqdn or setting a wrong 13:30 < spy6> yes, helo is deprecated 13:30 < emias> spy6: I can add such a comment to the bug report, but I'd close it at the same time :-P 13:31 < spy6> emias: thats fine for me, if you fix the help output before :) 13:31 < spy6> i would reject the bug of better wontfix 13:31 < spy6> s/of/or/ 13:32 < emias> Indeed. 13:32 < emias> Wasn't dermoth committing the --help output fix? I'll do it otherwise. 13:34 < spy6> he wanted to fix cluttered formatings too 13:35 < spy6> but commiting the fix should work and cleaning up the help output later 15:22 < dermoth> emias, afaik sendmail does it... unless you specify a FQDN in the config it uses whatever is available
signature.asc
Description: This is a digitally signed message part.
