Hi Brian, I test and got the following info.
curl -g 'http://0.0.0.0:9115/probe?module=smtp_starttls&target=1.1.1.1:25&debug=true' Logs for the probe: ts=2022-07-04T07:40:59.871275007Z caller=main.go:320 module=smtp_starttls target= 1.1.1.1 :25 level=info msg="Beginning probe" probe=tcp timeout_seconds=5 ts=2022-07-04T07:40:59.871360243Z caller=tcp.go:40 module=smtp_starttls target= 1.1.1.1 :25 level=info msg="Resolving target address" ip_protocol=ip6 ts=2022-07-04T07:40:59.871381401Z caller=tcp.go:40 module=smtp_starttls target= 1.1.1.1 :25 level=info msg="Resolving target address" ip_protocol=ip4 ts=2022-07-04T07:40:59.871398489Z caller=tcp.go:40 module=smtp_starttls target= 1.1.1.1 :25 level=info msg="Resolved target address" ip=100.70.222.51 ts=2022-07-04T07:40:59.871417521Z caller=tcp.go:121 module=smtp_starttls target= 1.1.1.1 :25 level=info msg="Dialing TCP without TLS" ts=2022-07-04T07:40:59.882814373Z caller=main.go:130 module=smtp_starttls target= 1.1.1.1 :25 level=info msg="Successfully dialed" ts=2022-07-04T07:40:59.882850655Z caller=main.go:130 module=smtp_starttls target= 1.1.1.1 :25 level=info msg="Processing query response entry" entry_number=0 ts=2022-07-04T07:40:59.89189959Z caller=main.go:130 module=smtp_starttls target= 1.1.1.1 :25 level=debug msg="Read line" line="220 ... ESMTP" ts=2022-07-04T07:41:04.871897159Z caller=main.go:130 module=smtp_starttls target= 1.1.1.1 :25 level=error msg="Error reading from connection" err="read tcp4 0.0.0.0:35004->1.1.1.1:25: i/o timeout" ts=2022-07-04T07:41:04.871975741Z caller=main.go:320 module=smtp_starttls target= 1.1.1.1 :25 level=error msg="Probe failed" duration_seconds=5.000650342 Metrics that would have been returned: # HELP probe_dns_lookup_time_seconds Returns the time taken for probe dns lookup in seconds # TYPE probe_dns_lookup_time_seconds gauge probe_dns_lookup_time_seconds 5.7111e-05 # HELP probe_duration_seconds Returns how long the probe took to complete in seconds # TYPE probe_duration_seconds gauge probe_duration_seconds 5.000650342 # HELP probe_failed_due_to_regex Indicates if probe failed due to regex # TYPE probe_failed_due_to_regex gauge probe_failed_due_to_regex 0 # HELP probe_ip_addr_hash Specifies the hash of IP address. It's useful to detect if the IP address changes. # TYPE probe_ip_addr_hash gauge probe_ip_addr_hash 2.493392506e+09 # HELP probe_ip_protocol Specifies whether probe ip protocol is IP4 or IP6 # TYPE probe_ip_protocol gauge probe_ip_protocol 4 # HELP probe_success Displays whether or not the probe was a success # TYPE probe_success gauge probe_success 0 Module configuration: prober: tcp timeout: 5s http: ip_protocol_fallback: true follow_redirects: true tcp: ip_protocol_fallback: true query_response: - expect: ^220 ([^ ]+) ESMTP (.+)$ - send: "EHLO prober\r" - expect: ^250-STARTTLS - send: "STARTTLS\r" - expect: ^220 - starttls: true - send: "EHLO prober\r" - expect: ^250-AUTH - send: "QUIT\r" icmp: ip_protocol_fallback: true dns: ip_protocol_fallback: true On Friday, May 20, 2022 at 3:28:59 AM UTC+8 Brian Candler wrote: > Hit blackbox_exporter with curl, and add &debug=true to see what's > happening. > > > *curl -g > 'http://prometheus-blackbox-exporter:9115/probe?module=smtp_starttls&target=127.0.0.1&debug=true > > <http://prometheus-blackbox-exporter:9115/probe?module=smtp_starttls&target=127.0.0.1&debug=true>'* > My guess is that the target mailserver doesn't have a valid TLS > certificate. This is almost certainly true if you are connecting to it as > "127.0.0.1" instead of using its real hostname. > > On Thursday, 19 May 2022 at 15:40:06 UTC+1 [email protected] wrote: > >> Thank you Brian. >> >> If I only want to test if SMTP connection can be setup or not, like >> Nagios check_smtp, can I use smtp_starttls module? I got failed status of >> smtp_starttls, and from the log of blackbox exporter, I even cannot see the >> output of "smtp_starttls" module. I curled, the response returned all the >> HTLM info without useful information. >> >> On Wednesday, May 18, 2022 at 11:00:50 PM UTC+8 Brian Candler wrote: >> >>> On Wednesday, 18 May 2022 at 13:41:37 UTC+1 [email protected] wrote: >>> >>>> static_configs: >>>> - targets: >>>> - 127.0.0.1 >>>> relabel_configs: >>>> - source_labels: [__address__] >>>> target_label: __param_target >>>> - source_labels: [__param_target] >>>> target_label: instance >>>> - target_label: __address__ >>>> replacement: prometheus-blackbox-exporter:9115 >>>> >>>> >>> This is saying that you are talking to blackbox_exporter running on host >>> "prometheus-blackbox-exporter", but blackbox_exporter will be testing the >>> SMTP server on 127.0.0.1, i.e. the mail server that you are testing is >>> running on the same server as blackbox_exporter. >>> >>> If that's what you want, then it looks OK to me. If you test it and it >>> doesn't do what you expect, then you can start debugging it. >>> >>> > - which module can be used to implement Nagios check_ldap_startTLS? >>> >>> LDAP is a binary protocol. You won't be able to test this using >>> blackbox_exporter, except for checking that a connection is accepted on >>> port 389. >>> >>> You could look for a specific LDAP exporter. Or you could write a >>> script which performs the check (e.g. by shelling out to "ldapsearch") and >>> returns prometheus metrics. You can then run this script from cron and get >>> it to write a file to be picked up by node_exporter's textfile collector; >>> or you can run it under exporter_exporter; or you can write your own >>> exporter <https://prometheus.io/docs/instrumenting/writing_exporters/> >>> (basically just a small webserver which listens for scrapes). >>> >>> Alternatively, if you already have a Nagios check module which does what >>> you want, you can run it under nrpe_exporter. >>> >>> > - Is there a way to know what does smtp_startTLS module exactly do? >>> >>> It negotiates a TLS connection on the TCP stream. If it's successful, >>> all the subsequent communication on this stream is TLS-encrypted. I'm not >>> sure what else to say about it! >>> >> -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/2b9916c0-0979-4a1a-9826-a7ff6d2a1792n%40googlegroups.com.
