/
Configuring Check Email Delivery (check_mail_loop)

Configuring Check Email Delivery (check_mail_loop)

Owned by Anastasios Thomaidis

This active check sends out special E-Mails to a defined mail address using the SMTP protocol and then tries to receive these emails back by querying the inbox of an IMAP or POP3 mailbox. With this check, you can verify that your whole mail delivery progress is working.

LAST TESTED ON CHECKMK 2.3.0P1

Table of Contents

Step-by-step guide

  1. Setup ServicesHTTP, TCP, Email, ... → Check Email Delivery → Add Rule

    • Name: The service description will be Mail Loop plus this name
    • Subject: Here, you can specify the subject text instead of the default text 'Check_MK-Mail-Loop'.
    • SMTP Server: You can specify a hostname or IP address different from the IP address of the host this check will be assigned to.
    • Use TLS over SMTP: Encrypt SMTP communication using TLS
    • Use TLS for IMAP authentication: IMAP authentication uses TLS
    • SMTP TCP Port to connect to: The TCP Port the SMTP server is listening on. Defaulting to 25.

    • SMTP Authentication:  Your credentials for the SMTP Server

      Screenshot of Check email delivery. Information provided for Name, subject, smtp server. TLS over smtp enabled. Smtp authenication enabled.

    • Mail Receiving
      • IMAP/POP3: Chose whether you want to use IMAP or POP3
      • IMAP Server: You can specify a hostname or IP address different from the IP address of the host this check will be assigned to.
      • SSL Encryption: Encrypt IMAP communication using TLS
      • Authentication: Your credentials for the IMAP Server
    • From: email address

    • Destination: email address

    • Connect Timeout: Timeout in seconds for network connects (defaults to 10)
    • Loop duration: Loop duration of the most recent mail in seconds or the average of all received emails within a single check to raise a WARNING/CRITICAL state

    • Delete processed messages: Delete all messages identified as being related to this check plugin. This is disabled by default, which might make your mailbox grow when you do not clean it up manually.

      Screenshot of Check email delivery. Mail reveiving set to IMAP.


Debugging

Execute active Check manually

For debugging reasons, it could be helpful to run the check manually. Therefore, you need to open the service site of the E-Mail service and search for 'Service check command'. Now you can use the command for executing the check manually.


Screenshot of Mail loop email delivery check

Screenshot of where to locate the service check command within the screen.



~/lib/nagios/plugins
OMD[mysite]:~/lib/nagios/plugins$ ./check_mail_loop--pwstore=4@16@provider1,10@17@provider2 '--smtp-server=smtp.provider1.com' '--smtp-tls' '--smtp-username=user@provider1.com' '--smtp-password=*************' '--fetch-protocol=IMAP' '--fetch-server=imap.provider2.com' '--fetch-ssl' '--fetch-port=993' '--fetch-username=mail@provider2.com' '--fetch-password=*************' '--mail-from=user@provider1.com' '--mail-to=mail@provider2.com' '--delete-messages' '--status-suffix=localhost-Email Delivery' '--warning=120' '--critical=300' '--subject=Check_MK-Mail-Loop for Strato'


For a detailed log, you can use --debug at the end of the command:

~/lib/nagios/plugins
OMD[mysite]:~/lib/nagios/plugins$ ./check_mail_loop--pwstore=4@16@provider1,10@17@provider2 '--smtp-server=smtp.provider1.com' '--smtp-tls' '--smtp-username=user@provider1.com' '--smtp-password=*************' '--fetch-protocol=IMAP' '--fetch-server=imap.provider2.com' '--fetch-ssl' '--fetch-port=993' '--fetch-username=mail@provider2.com' '--fetch-password=*************' '--mail-from=user@provider1.com' '--mail-to=mail@provider2.com' '--delete-messages' '--status-suffix=localhost-Email Delivery' '--warning=120' '--critical=300' '--subject=Check_MK-Mail-Loop for Strato' --debug


For more information, you can use --help option:

~/lib/nagios/plugins/check_mail_loop -h


Status-File

This plugin needs a file to store information about sent, received, and expected emails. Defaults to either /tmp/ or /omd/sites/<sitename>/var/check_mk when executed from within an OMD site.

~/var/check_mk
OMD[mysite]:~/lib/nagios/plugins$ ls -ltr ~/var/check_mk/ |grep 'check_mail'
-rw-rw----  1 mysite mysite     15 Dec  8 13:12 check_mail_loop.localhost-Email Delivery.status

OMD[mysite]:~/lib/nagios/plugins$ cat ~/var/check_mk/check_mail_loop.localhost-Email\ Delivery.status 
1607429555 304


For debugging reasons, it may be useful to change the path and suffix of the State-File. You can do this with '--status-dir PATH' and '--status-suffix SUFFIX'.

--debug --status-dir /tmp --status-suffix TEST


With this option, you will save the State-File in /tmp with the Suffix 'TEST'

OMD[mysite]:~/lib/nagios/plugins$ ./check_mail_loop --pwstore=4@16@strato,10@17@strato '--smtp-server=smtp.provider1.com' '--smtp-tls' '--smtp-username=user@provider1.com' '--smtp-password=*************' '--fetch-protocol=IMAP' '--fetch-server=imap.provider2.com' '--fetch-ssl' '--fetch-port=993' '--fetch-username=mail@provider2.com' '--fetch-password=*************' '--mail-from=user@provider1.com' '--mail-to=mail@provider2.com' '--delete-messages' '--status-suffix=localhost-Email Delivery' '--warning=120' '--critical=300' '--subject=Check_MK-Mail-Loop for Strato'--debug --status-dir /tmp --status-suffix TEST


OMD[mysite]:~/lib/nagios/plugins$ ls -ltr /tmp/ |grep 'check_mail'
-rw-rw---- 1 nagnis_master nagnis_master   15 Dec  8 13:21 check_mail_loop.TEST.status


Debugging mail fetching

If you encounter that Checkmk might not fetch emails, you might want to try out if Checkmk is able to connect to the POP/IMAP servers with OpenSSL (in this case Google IMAP):

root@mylinuxhost:~# openssl s_client -crlf -connect imap.gmail.com:993

Which should give you something like this: 

00a0 - f7 44 36 73 a1 9d b7 12-8c 3d 91 38 5b ff 13 d6 .D6s.....=.8[...
00b0 - 0d a5 4c 2e 83 54 9b c2-7f c1 aa 20 cd 25 e6 0f ..L..T..... .%..
00c0 - 9a 65 96 9c 33 1c e2 26-78 9c cb 9b 37 83 40 fa .e..3..&x...7.@.
00d0 - a5 94 f8 7c 19 6f 7b 75-ff 53 36 43 0d 72 88 03 ...|.o{u.S6C.r..
00e0 - 9d 66 fe 39 e0 af 4a 75-6d 25 f6 5f .f.9..Jum%._

Start Time: 1649163351
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
* OK Gimap ready for requests from 87.132.243.59 i15mb422427011wre

And you can log in via 

tag login <username> <password>


You can also use nmap for further debugging:

root@mylinuxhost:~# nmap smtp.server.tld


This command will show open ports, which will help us to identify which port we need to use in Checkmk:

Starting Nmap 7.80 ( https://nmap.org ) at 2024-12-24 12:44 CET
Nmap scan report for smtp.strato.de (81.169.145.133)
Host is up (0.029s latency).
Other addresses for smtp.strato.de (not scanned): 2a01:238:20a:202:55f0::1133
Not shown: 994 closed ports
PORT STATE SERVICE
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds
465/tcp open smtps
587/tcp open submission


More information can be found one Nmap's official site.