Configuring Check Email Delivery (check_mail_loop)
This check sends test emails via SMTP and retrieves them via IMAP/POP3 to verify mail delivery.
LAST TESTED ON CHECKMK 2.3.0P1
Step-by-step guide
Setup → Services → HTTP, TCP, Email, ... → Check Email Delivery → Add Rule
Name
The service description will be Mail Loop plus this nameSubject
Here, you can specify the subject text instead of the default text 'Check_MK-Mail-Loop'.SMTP Server
You can specify a hostname or IP address different from the IP address of the host this check will be assigned to.Use TLS over SMTP
Encrypt SMTP communication using TLSUse TLS for IMAP authentication
IMAP authentication uses TLSSMTP TCP Port to connect to
The TCP Port the SMTP server is listening on. Defaulting to 25.SMTP Authentication
Your credentials for the SMTP ServerMail Receiving
IMAP/POP3
Chose whether you want to use IMAP or POP3IMAP Server
You can specify a hostname or IP address different from the IP address of the host this check will be assigned to.SSL Encryption
Encrypt IMAP communication using TLSAuthentication
Your credentials for the IMAP Server
From
email addressDestination
email addressConnect Timeout
Timeout in seconds for network connects (defaults to 10)Loop duration
Loop duration of the most recent mail in seconds or the average of all received emails within a single check to raise aWARNING/CRITICALstateDelete processed messages
Delete all messages identified as being related to this check plugin. This is disabled by default, which might make your mailbox grow when you do not clean it up manually.
Debugging
Execute active Check manually
For debugging reasons, it could be helpful to run the check manually. Therefore, you need to open the service site of the E-Mail service and search for 'Service check command'. Now you can use the command for executing the check manually.
~/lib/nagios/plugins
OMD[mysite]:~/lib/nagios/plugins$ ./check_mail_loop--pwstore=4@16@provider1,10@17@provider2 '--smtp-server=smtp.provider1.com' '--smtp-tls' '--smtp-username=user@provider1.com' '--smtp-password=*************' '--fetch-protocol=IMAP' '--fetch-server=imap.provider2.com' '--fetch-ssl' '--fetch-port=993' '--fetch-username=mail@provider2.com' '--fetch-password=*************' '--mail-from=user@provider1.com' '--mail-to=mail@provider2.com' '--delete-messages' '--status-suffix=localhost-Email Delivery' '--warning=120' '--critical=300' '--subject=Check_MK-Mail-Loop for Strato'For a detailed log, you can use --debug at the end of the command:
~/lib/nagios/plugins
OMD[mysite]:~/lib/nagios/plugins$ ./check_mail_loop--pwstore=4@16@provider1,10@17@provider2 '--smtp-server=smtp.provider1.com' '--smtp-tls' '--smtp-username=user@provider1.com' '--smtp-password=*************' '--fetch-protocol=IMAP' '--fetch-server=imap.provider2.com' '--fetch-ssl' '--fetch-port=993' '--fetch-username=mail@provider2.com' '--fetch-password=*************' '--mail-from=user@provider1.com' '--mail-to=mail@provider2.com' '--delete-messages' '--status-suffix=localhost-Email Delivery' '--warning=120' '--critical=300' '--subject=Check_MK-Mail-Loop for Strato' --debug
For more information, you can use --help option:
~/lib/nagios/plugins/check_mail_loop -h
Status-File
This plugin needs a file to store information about sent, received, and expected emails. Defaults to either /tmp/ or /omd/sites/<sitename>/var/check_mk when executed from within an OMD site.
~/var/check_mk
OMD[mysite]:~/lib/nagios/plugins$ ls -ltr ~/var/check_mk/ |grep 'check_mail'
-rw-rw---- 1 mysite mysite 15 Dec 8 13:12 check_mail_loop.localhost-Email Delivery.status
OMD[mysite]:~/lib/nagios/plugins$ cat ~/var/check_mk/check_mail_loop.localhost-Email\ Delivery.status
1607429555 304
For debugging reasons, it may be useful to change the path and suffix of the State-File. You can do this with '--status-dir PATH' and '--status-suffix SUFFIX'.
--debug --status-dir /tmp --status-suffix TEST
With this option, you will save the State-File in /tmp with the Suffix 'TEST'
OMD[mysite]:~/lib/nagios/plugins$ ./check_mail_loop --pwstore=4@16@strato,10@17@strato '--smtp-server=smtp.provider1.com' '--smtp-tls' '--smtp-username=user@provider1.com' '--smtp-password=*************' '--fetch-protocol=IMAP' '--fetch-server=imap.provider2.com' '--fetch-ssl' '--fetch-port=993' '--fetch-username=mail@provider2.com' '--fetch-password=*************' '--mail-from=user@provider1.com' '--mail-to=mail@provider2.com' '--delete-messages' '--status-suffix=localhost-Email Delivery' '--warning=120' '--critical=300' '--subject=Check_MK-Mail-Loop for Strato'--debug --status-dir /tmp --status-suffix TEST
OMD[mysite]:~/lib/nagios/plugins$ ls -ltr /tmp/ |grep 'check_mail'
-rw-rw---- 1 nagnis_master nagnis_master 15 Dec 8 13:21 check_mail_loop.TEST.status
Debugging mail fetching
If you encounter that Checkmk might not fetch emails, you might want to try out if Checkmk is able to connect to the POP/IMAP servers with OpenSSL (in this case Google IMAP):
root@mylinuxhost:~$ openssl s_client -crlf -connect imap.gmail.com:993
Which should give you something like this:
00a0 - f7 44 36 73 a1 9d b7 12-8c 3d 91 38 5b ff 13 d6 .D6s.....=.8[...
00b0 - 0d a5 4c 2e 83 54 9b c2-7f c1 aa 20 cd 25 e6 0f ..L..T..... .%..
00c0 - 9a 65 96 9c 33 1c e2 26-78 9c cb 9b 37 83 40 fa .e..3..&x...7.@.
00d0 - a5 94 f8 7c 19 6f 7b 75-ff 53 36 43 0d 72 88 03 ...|.o{u.S6C.r..
00e0 - 9d 66 fe 39 e0 af 4a 75-6d 25 f6 5f .f.9..Jum%._
Start Time: 1649163351
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
* OK Gimap ready for requests from 87.132.243.59 i15mb422427011wre
And you can log in via
tag login <username> <password>
You can also use nmap for further debugging:
root@mylinuxhost:~$ nmap smtp.server.tld
This command will show open ports, which will help us to identify which port we need to use in Checkmk:
Starting Nmap 7.80 ( https://nmap.org ) at 2024-12-24 12:44 CET
Nmap scan report for smtp.strato.de (81.169.145.133)
Host is up (0.029s latency).
Other addresses for smtp.strato.de (not scanned): 2a01:238:20a:202:55f0::1133
Not shown: 994 closed ports
PORT STATE SERVICE
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds
465/tcp open smtps
587/tcp open submission
More information can be found one Nmap's Official site.