smtp_banner:
prober: tcp
timeout: 20s
tcp:
preferred_ip_protocol: ip4
query_response:
- expect: "^220 ([^ ]+) ESMTP( .+)?$"
send: "EHLO prober"
- expect: "^250 "
send: "QUIT\r"
smtp_starttls:
prober: tcp
timeout: 20s
tcp:
tls_config:
insecure_skip_verify: true
query_response:
- expect: "^220 ([^ ]+) ESMTP( .+)?$"
send: "EHLO prober\r"
- expect: "^250-STARTTLS"
- expect: "^250 .*$"
send: "STARTTLS\r"
- expect: "^220"
starttls: true
- send: "EHLO prober\r"
- expect: "^250 .*$"
send: "QUIT\r"
Can I design as above then 2 jobs
- job_name: Mail Server
metrics_path: /probe
params:
module: [smtp_banner]
file_sd_configs:
- files:
- '/etc/prometheus/mail'
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: prometheus-blackbox-exporter:9115
- job_name: Mail Server TLS
metrics_path: /probe
params:
module: [smtp_starttls]
file_sd_configs:
- files:
- '/etc/prometheus/mail'
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: prometheus-blackbox-exporter:9115
On Tuesday, August 9, 2022 at 5:13:17 PM UTC+8 Brian Candler wrote:
> Do you mean, you want one probe that tests TCP connection and the "SMTP"
> banner only; and another job that tests further including STARTTLS and the
> certificate?
>
> Then just make two blackbox tests, one for each of those cases.
>
> You want different scrape_interval for them? Then just make two
> prometheus scrape jobs, and put one test under the first job, and the other
> test under the second job.
>
> You want to use different evaluation_interval? Then make two different
> alerting rule groups, with different evaluation intervals, and put one
> alerting rule under each.
>
> On Tuesday, 9 August 2022 at 09:25:18 UTC+1 [email protected] wrote:
>
>> Thank you Brian. I know.
>>
>> I already use smtp_starttls to check the connection with mail server. I
>> found smtp_starttls also exposed ssl cert related metrics.
>> But now I want to take ssl cert check out from the job which is for
>> checking SMTP. Because I want to set different scrape_interval and
>> evaluation inverval for the cert check.
>>
>> Any good suggestion?
>>
>> On Tuesday, August 9, 2022 at 4:17:34 PM UTC+8 Brian Candler wrote:
>>
>>> Sigh. We've been through all this with you before in great detail.
>>> https://groups.google.com/g/prometheus-users/c/LZbihDncIig/m/cqAA-UtdAQAJ
>>>
>>> Port 587 is SMTP submission, and it does not perform TLS on connection.
>>> Try "telnet dns 587" and you'll see it responds in plain text, which is
>>> just what the error message told you: "tls: first record does not look like
>>> a TLS handshake"
>>>
>>> To get it to do TLS, you need to send the "starttls" command before
>>> starting the TLS negotiation, like this example
>>> <https://github.com/prometheus/blackbox_exporter/blob/master/example.yml#L91-L104>
>>> and
>>> in the thread linked above.
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/prometheus-users/7da8063f-70a9-47ac-a55c-d18044382bb3n%40googlegroups.com.
