I setup monit to monitor some services which are running on my servers. On one of the servers I also have a mail server running, which handles the mail transport for the domains I own (in this case for example example.com). For a long time, monit was configured to send an e-mail to my e-mail address (myname@example.com) whenever a service does not respond anymore.
Now, since some time (I unfortunately don't know when exactly), monit does not send an e-mail anymore. In my logs I found lines something like this:
[CEST Oct 11 11:10:50] debug : Processing postponed events queue
[CEST Oct 11 11:10:50] debug : monit: processing queued event /var/lib/monit/events/1476176912_a2e860
[CEST Oct 11 11:10:50] debug : Timestamp failed notification is sent to myname@example.com
[CEST Oct 11 11:10:50] error : monit: Cannot get the SSL server certificate!
[CEST Oct 11 11:10:50] error : Sendmail: Cannot switch to SSL
[CEST Oct 11 11:10:50] error : Alert handler failed, retry scheduled for next cycle
(debug log enabled)
The configuration of the mailserver in the monitrc file looks like:
set mailserver bits.example.com port 587 username "monit@example.com" password "secret" using tlsv1 with timeout 30 seconds
As I haven't changed anything, and the configuration in monit looks good to me, I thought my mail server does not work like expected anymore (even if I haven't found any problem with other users of the server (some web projects)). However, I tried to send an e-mail directly using openssl (as the server allows tls connections only):
myuser@server:~$ openssl s_client -connect bits.example.com:587 -starttls smtp -CApath /etc/ssl/certs
CONNECTED(00000003)
depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority
verify return:1
depth=1 C = IL, O = StartCom Ltd., OU = StartCom Certification Authority, CN = StartCom Class 1 DV Server CA
verify return:1
depth=0 CN = bits.example.com
verify return:1
---
Certificate chain
0 s:/CN=bits.example.com
i:/C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom Class 1 DV Server CA
1 s:/C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom Class 1 DV Server CA
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
<removed for a shorter code snippet>
-----END CERTIFICATE-----
subject=/CN=bits.example.com
issuer=/C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom Class 1 DV Server CA
---
No client certificate CA names sent
---
SSL handshake has read 3485 bytes and written 456 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 0B22EB3DDF1E0693E4A6152CEF26206572185112A7C9353397BFADAB5CB552E0
Session-ID-ctx:
Master-Key: 29348D1D2EC0819321B1B98C910EB9737BEF54699998ACD2BCB5687D22ED320F42E086D2B263A7DB82661C56AE7A6235
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1476177537
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
250 DSN
EHLO bits.example.com
250-example.com
250-PIPELINING
250-SIZE 51200000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM:monit@example.com
250 2.1.0 Ok
rcpt to:myuser@example.com
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Test mail
This is a test.
.
250 2.0.0 Ok: queued as 50C965FAE9
QUIT
DONE
and like you see it works fine. So now I'm at the end of my knowledge :( Why can't monit send an e-mail using my own e-mail server anymore. Does anyone has an idea what the problem is? If I need to provide more information, feel free to ask! :)
Thanks in advance!
