Dear admin,
I'm trying advanced host monitor software today.
I want to monitor intranet exchange server smtp port 25. smtp port is normail now but AHM says bad.
how can i check this problem, thanks a lot for help!
smtp testing error
-
qinling_bai
- Posts: 2
- Joined: Thu Sep 14, 2006 3:48 am
Thanks for your quick reply!KS-Soft wrote:"Bad" means HostMonitor received response from server but it doesn't like response code. May be you are using "Perform VRFY" option while this option is not allowed on the server.
You may use telnet utility (menu Tools) to check server's responsehow can i check this problem
Regards
Alex
I'm sure that I don't select "Perform VRFY" option.
BTW, I can using telnet command connect Exchange Server port 25 in intranet, it shows 220, but AHM else shows 'bad'.
now, i'm at home, so I'll learn it tomorrow in office.
HELO syntax
Is there any way to adjust the HELO syntax to HELO hostname or HELO FQDN? Under Postfix and, I believe, sendmail the standard behavior is to reject mail from unknown hosts and domains, and I believe the HELO syntax is supposed to be HELO FQDN.KS-Soft wrote:After initial 220 response, HostMonitor sends HELO command and expects code 220 or 250. If server respond with different code, test status will be "Bad"
- Dan
It would be useful to use FQDN, but I can adjust the Postfix config to work with just a hostname.KS-Soft wrote:HostMonitor always use "HELO hostname" syntax for SMTP test. Do you need to use fully qualified domain name?
Does the SMTP test look for anything more than a 220 response? I did a wireshark capture and when the SMTP server responds to connect with "220 mail.mydomain.com ESMTP Postfix (Ubuntu)\r\n" I'm showing the test results changed to "No answer" but I did not see the HELO hostname sequence sent. Wondering if I need to adjust my welcome message in Postfix?
- Dan
H'm, "No answer" means HostMonitor did not receive any answer at all.
Normally HostMonitor establish TCP connection, checks for code 220 in reply then sends HELO and waits for answer with code 220, 250. Performs VRFY command if such option is marked, checks the answer, sends QUIT and closes connection.
If server respond with some other codes, HostMonitor sets "Bad" status, not "No answer".
Note: This test does not support SSL encryption.
Can you setup TCP test for this server? Does it work?
Regards
Alex
Normally HostMonitor establish TCP connection, checks for code 220 in reply then sends HELO and waits for answer with code 220, 250. Performs VRFY command if such option is marked, checks the answer, sends QUIT and closes connection.
If server respond with some other codes, HostMonitor sets "Bad" status, not "No answer".
Note: This test does not support SSL encryption.
Can you setup TCP test for this server? Does it work?
Regards
Alex
TCP test to port 25 returns No Answer. Hostmonitor runs as a service under a domain admin account, it should have rights to perform the test. It's not connectivity, remote machine can respond. Wireshark showed the remote smtp server responding with its 220 message. Telnet confirms:KS-Soft wrote:H'm, "No answer" means HostMonitor did not receive any answer at all.
Can you setup TCP test for this server? Does it work?
telnet mail.notmyrealdmain.com 25
220 mail.notmyrealdomain.com ESMTP Postfix (Ubuntu)
HELO hostmonitor.notmyrealdomain.com
250 mail.notmyrealdomain.com
QUIT
221 2.0.0 Bye
I'm now completely baffled as to why the test would fail after receiving the 220 response above.
Connection to host lost.
What Windows do you use? Service Pack?
HostMonitor version?
Have you started telnet on the same system where HostMonitor is running?
Do you have installed some antivirus monitors, personal firewall, content monitoring software? Non stanard winsock components?
Could you try to execute "netsh winsock reset" and reboot the system (system where HostMonitor is running)?
Regards
Alex
HostMonitor version?
Have you started telnet on the same system where HostMonitor is running?
Do you have installed some antivirus monitors, personal firewall, content monitoring software? Non stanard winsock components?
Could you try to execute "netsh winsock reset" and reboot the system (system where HostMonitor is running)?
Regards
Alex
Wireshark results
Logged onto the console as the service account, performed the smtp test with wireshark running. 7 packets total.
From from the hostmonitor server noted by packet direction:
-> SYN
<- SYN-ACK
-> ACK
-> FIN-ACK
<- ACK
<- 220 mail.notmyrealdomain.com EMMPT Postfix (Ubuntu)
-> RST-ACK
That last packet is an ACK with a connection reset flag set, and it originates from the hostmonitor service, so evidently hostmonitor is resetting the connection for some reason after the 220 message.
You can get the e-mail address from my profile, I'll be happy to send the wireshark trace directly.
- Dan
From from the hostmonitor server noted by packet direction:
-> SYN
<- SYN-ACK
-> ACK
-> FIN-ACK
<- ACK
<- 220 mail.notmyrealdomain.com EMMPT Postfix (Ubuntu)
-> RST-ACK
That last packet is an ACK with a connection reset flag set, and it originates from the hostmonitor service, so evidently hostmonitor is resetting the connection for some reason after the 220 message.
You can get the e-mail address from my profile, I'll be happy to send the wireshark trace directly.
- Dan
You can send it to support@ks-soft.net or just click HostMonitor menu Help->Support.
However, we still need some answers...
What version of HostMonitor should we check?
Do you have installed some antivirus monitors, personal firewall, content monitoring software? Non stanard winsock components?
Could you try to execute "netsh winsock reset" and reboot the system (system where HostMonitor is running)?
Regards
Alex
However, we still need some answers...
What version of HostMonitor should we check?
Do you have installed some antivirus monitors, personal firewall, content monitoring software? Non stanard winsock components?
Could you try to execute "netsh winsock reset" and reboot the system (system where HostMonitor is running)?
Regards
Alex
Issued the netsh winsock reset but cannot reboot the machine until after hours. There is anti-virus and content monitoring but it's file-system only, no personal firewall on the machine. Windows 2003R2 server 32-bit.KS-Soft wrote: Do you have installed some antivirus monitors, personal firewall, content monitoring software? Non stanard winsock components?
Could you try to execute "netsh winsock reset" and reboot the system (system where HostMonitor is running)?
The behavior appeared under Hostmonitor 8.64. I applied 8.80 and noth the SMTP and TCP test operate properly. Could have been something the winsock reset took care of. I suppose if somebody else has the same problem we should pursue finding a root cause, but otherwise I consider it solved.
- Dan
noth the SMTP and TCP test operate properly?The behavior appeared under Hostmonitor 8.64. I applied 8.80 and noth the SMTP and TCP test operate properly.
Do you mean "now the SMTP and TCP test operate properly"
Hostmonitor 8.64 and 8.80 use exactly the same code for both tests and this code works fine for years. I assume problem fixed because you have restarted HostMonitor or applied netsh winsock reset command.
Are you sure your antivirus checks file system only? What antivirus do you use?
If this problem happens again, could you check resource usage for each process? You may use standard Windows Task Manager to check Handles, GDI and USER objects. Please check total resource usage on the system and how many handles/threads/GDI objects used by hostmon.exe process.
Regards
Alex