Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#930532: xymon: imaps reports "unexpected service response"
95 views
Skip to first unread message
Ari Sovijarvi
Jun 14, 2019, 1:10:03 PM6/14/19
to
Package: xymon
Version: 4.3.28-5
Severity: normal
After upgrading from Debian 9 to 10, Xymon has issues checking imaps service. This
appears to relate to SSL somehow, as if I change the imaps definition in protocols.cfg
to drop SSL and change port to non-SSL, it works as expected.
In the other end I have Dovecot with a valid certificate and I can connect to with with
openssl's s_client without problems.
In short, this works:
[imaps]
send "ABC123 LOGOUT\r\n"
expect "* OK"
options banner
port 143
This does not:
[imaps]
send "ABC123 LOGOUT\r\n"
expect "* OK"
options ssl,banner
port 993
Dovecot shares the certificate with Apache, which provices web mail, SSL connection to
Apache seems to work. Also, even when the imaps protocol test doesn't work, the certificate
appears correctly in the sslcert-test in Xymon.
This does not seem to leave anything in any of the Xymon's log files.
-- System Information:
Debian Release: 10.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages xymon depends on:
ii debconf [debconf-2.0] 1.5.71
ii libc-ares2 1.14.0-1
ii libc6 2.28-10
ii libldap-2.4-2 2.4.47+dfsg-3
ii libpcre3 2:8.39-12
ii librrd8 1.7.1-2
ii libssl1.1 1.1.1b-2
ii lsb-base 10.2019051400
ii xymon-client 4.3.28-5
Versions of packages xymon recommends:
ii apache2 [httpd-cgi] 2.4.38-3
Versions of packages xymon suggests:
ii rename 1.10-1
ii rrdtool 1.7.1-2
-- Configuration Files:
/etc/apache2/conf-available/xymon.conf changed [not included]
/etc/xymon/alerts.cfg changed [not included]
/etc/xymon/analysis.cfg changed [not included]
/etc/xymon/critical.cfg.bak [Errno 2] No such file or directory: '/etc/xymon/critical.cfg.bak'
/etc/xymon/protocols.cfg changed [not included]
/etc/xymon/xymonserver.cfg changed [not included]
-- debconf information:
hobbit-client/automatic-xymon-migration: true
Version: 4.3.28-5
Severity: normal
After upgrading from Debian 9 to 10, Xymon has issues checking imaps service. This
appears to relate to SSL somehow, as if I change the imaps definition in protocols.cfg
to drop SSL and change port to non-SSL, it works as expected.
In the other end I have Dovecot with a valid certificate and I can connect to with with
openssl's s_client without problems.
In short, this works:
[imaps]
send "ABC123 LOGOUT\r\n"
expect "* OK"
options banner
port 143
This does not:
[imaps]
send "ABC123 LOGOUT\r\n"
expect "* OK"
options ssl,banner
port 993
Dovecot shares the certificate with Apache, which provices web mail, SSL connection to
Apache seems to work. Also, even when the imaps protocol test doesn't work, the certificate
appears correctly in the sslcert-test in Xymon.
This does not seem to leave anything in any of the Xymon's log files.
-- System Information:
Debian Release: 10.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages xymon depends on:
ii debconf [debconf-2.0] 1.5.71
ii libc-ares2 1.14.0-1
ii libc6 2.28-10
ii libldap-2.4-2 2.4.47+dfsg-3
ii libpcre3 2:8.39-12
ii librrd8 1.7.1-2
ii libssl1.1 1.1.1b-2
ii lsb-base 10.2019051400
ii xymon-client 4.3.28-5
Versions of packages xymon recommends:
ii apache2 [httpd-cgi] 2.4.38-3
Versions of packages xymon suggests:
ii rename 1.10-1
ii rrdtool 1.7.1-2
-- Configuration Files:
/etc/apache2/conf-available/xymon.conf changed [not included]
/etc/xymon/alerts.cfg changed [not included]
/etc/xymon/analysis.cfg changed [not included]
/etc/xymon/critical.cfg.bak [Errno 2] No such file or directory: '/etc/xymon/critical.cfg.bak'
/etc/xymon/protocols.cfg changed [not included]
/etc/xymon/xymonserver.cfg changed [not included]
-- debconf information:
hobbit-client/automatic-xymon-migration: true
Christoph Berg
Jun 17, 2019, 5:00:03 AM6/17/19
to
Re: Ari Sovijarvi 2019-06-14 <156053111619.18668.14083...@blackbird.apz.fi>
Mon Jun 17 10:20:09 2019 imaps NOT ok
Service imaps on imap.df7cb.de is not OK : Unexpected service response
Seconds: 0.119109000
Possibly a race condition, I'll try sending NOOP instead of QUIT to
see if that fixes it.
Christoph
> After upgrading from Debian 9 to 10, Xymon has issues checking imaps service.
My imaps check is also flapping since I upgraded to buster.
Mon Jun 17 10:20:09 2019 imaps NOT ok
Service imaps on imap.df7cb.de is not OK : Unexpected service response
Seconds: 0.119109000
Possibly a race condition, I'll try sending NOOP instead of QUIT to
see if that fixes it.
Christoph
Christoph Berg
Jun 17, 2019, 7:10:02 AM6/17/19
to
Re: To Ari Sovijarvi 2019-06-17 <2019061708...@msg.df7cb.de>
Christoph
> Possibly a race condition, I'll try sending NOOP instead of QUIT to
> see if that fixes it.
Unfortunately, it doesn't help.
> see if that fixes it.
Christoph
Ari Sovijärvi
Jun 17, 2019, 7:30:03 AM6/17/19
to
On 17.6.2019 11.55, Christoph Berg wrote:
>> After upgrading from Debian 9 to 10, Xymon has issues checking imaps service.
> My imaps check is also flapping since I upgraded to buster.
> Mon Jun 17 10:20:09 2019 imaps NOT ok
> Service imaps on imap.df7cb.de is not OK : Unexpected service response
> Seconds: 0.119109000
> Possibly a race condition, I'll try sending NOOP instead of QUIT to
> see if that fixes it.
I tried it with couple of different valid IMAP commands, doesn't seem to
>> After upgrading from Debian 9 to 10, Xymon has issues checking imaps service.
> My imaps check is also flapping since I upgraded to buster.
> Mon Jun 17 10:20:09 2019 imaps NOT ok
> Service imaps on imap.df7cb.de is not OK : Unexpected service response
> Seconds: 0.119109000
> Possibly a race condition, I'll try sending NOOP instead of QUIT to
> see if that fixes it.
change the outcome. If SSL is removed, it works, with SSL it's just
"unexpected service response".
--
Ari Sovijärvi
Christoph Berg
Jun 17, 2019, 7:30:03 AM6/17/19
to
Re: Ari Sovijärvi 2019-06-17 <da757e42-4ed0-7448...@apz.fi>
flaps between OK and "unexpected service response" a handful of times
per day.
smtps has the same problem.
Christoph
> I tried it with couple of different valid IMAP commands, doesn't seem to
> change the outcome. If SSL is removed, it works, with SSL it's just
> "unexpected service response".
It works here most of the time, so it's not always broken. It usually
> change the outcome. If SSL is removed, it works, with SSL it's just
> "unexpected service response".
flaps between OK and "unexpected service response" a handful of times
per day.
smtps has the same problem.
Christoph
Ari Sovijärvi
Jun 17, 2019, 7:40:03 AM6/17/19
to
On 17.6.2019 14.24, Christoph Berg wrote:
> It works here most of the time, so it's not always broken. It usually
> flaps between OK and "unexpected service response" a handful of times
> per day.
> smtps has the same problem.
Looking at the history graphs, it appears it does random, 1 success
> It works here most of the time, so it's not always broken. It usually
> flaps between OK and "unexpected service response" a handful of times
> per day.
> smtps has the same problem.
flukes on my system, with most of the time being in error mode. I
discovered this when I tried to silence the alarm for 999 days and some
time later it started sending me alarms again. Xymon runs inside a very
low resource monitoring virtual machine on my setup.
--
Ari Sovijärvi
Greg Arnold
Jan 9, 2020, 1:00:03 PM1/9/20
to
I have a host that is consistently failing the imaps test - with debug
on, I get "tcp_got_expected: No data in banner"
on, I get "tcp_got_expected: No data in banner"
If I run "sudo -u xymon /usr/lib/xymon/server/bin/xymonnet" from the
command line,it seems to always pass the test.
Andreas Oberritter
May 11, 2021, 8:30:03 AM5/11/21
to
On Thu, 9 Jan 2020 17:39:27 +0000 Greg Arnold <gr...@arnoldassociates.com> wrote:
> I have a host that is consistently failing the imaps test - with debug
> on, I get "tcp_got_expected: No data in banner"
The root cause is xymonnet ignoring requests by the OpenSSL library to retry reading.
> I have a host that is consistently failing the imaps test - with debug
> on, I get "tcp_got_expected: No data in banner"
I submitted a merge request today: https://salsa.debian.org/debian/xymon/-/merge_requests/1
Previously, xymonnet would only have continued reading from the socket only if `http && (not_eof_or_error || ssl_retry) && not_done`. My patch changes the logic to `((http && not_eof_or_error) || ssl_retry) && not_done`, in order to fix retries for protocols other than HTTPS.
Roland Rosenfeld
May 27, 2023, 9:30:05 AM5/27/23
to
tags 930532 + patch
thanks
Andreas Oberritter schrieb am Dienstag, den 11. Mai 2021:
> The root cause is xymonnet ignoring requests by the OpenSSL library
> to retry reading.
>
> I submitted a merge request today:
> https://salsa.debian.org/debian/xymon/-/merge_requests/1
After ignoring the flapping imaps/pop3s for years now, I tried your
patch today and this solves the issue for me.
Many thanks for finding this fix!
It would be nice to have this incorporated into the Debian package.
Greetings
Roland
thanks
Andreas Oberritter schrieb am Dienstag, den 11. Mai 2021:
> The root cause is xymonnet ignoring requests by the OpenSSL library
> to retry reading.
>
> I submitted a merge request today:
> https://salsa.debian.org/debian/xymon/-/merge_requests/1
patch today and this solves the issue for me.
Many thanks for finding this fix!
It would be nice to have this incorporated into the Debian package.
Greetings
Roland
0 new messages