Module: check_mk Branch: master Commit: 4fb090fa0f2c617c42a0509c9593f70ac856d6a3 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4fb090fa0f2c61… Author: Andreas Boesl &lt;ab(a)mathias-kettner.de&gt; Date: Wed Dec 16 15:25:16 2015 +0100 #2816 check_mail_loop: now supports STARTTLS for IMAP authentification --- .werks/2816 | 9 ++++++++ ChangeLog | 1 + checks/check_mail_loop | 3 +++ doc/treasures/active_checks/check_mail_loop | 33 +++++++++++++++++++++++++-- web/plugins/wato/active_checks.py | 6 ++++- 5 files changed, 49 insertions(+), 3 deletions(-) diff --git a/.werks/2816 b/.werks/2816 new file mode 100644 index 0000000..0c13af0 --- /dev/null +++ b/.werks/2816 @@ -0,0 +1,9 @@ +Title: check_mail_loop: now supports STARTTLS for IMAP authentification +Level: 1 +Component: checks +Compatible: compat +Version: 1.2.7i4 +Date: 1450275857 +Class: feature + + diff --git a/ChangeLog b/ChangeLog index 63416cd..cf852c5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -65,6 +65,7 @@ * 2885 cisco_hsrp: now reports the HSRP state... * 2812 Avaya Series 88xx / 45xx: New temperature, fan and CPU utilization checks... * 2870 dotnet_clrmemory, wmi_cpuload, wmi_webservices, msexch_activesync, msexch_autodiscovery, msexch_availability, msexch_isstore, msexch_owa, msexch_rpcclientaccess: a whole slew of new checks relating to monitoring MS Exchange... + * 2816 check_mail_loop: now supports STARTTLS for IMAP authentification * 2660 FIX: fixed windows agent using the wrong working directory... * 2664 FIX: ps: Speedup in situation with many matching processes... * 2661 FIX: windows agent: fixed incomplete process list... diff --git a/checks/check_mail_loop b/checks/check_mail_loop index 5bdedd3..d8bb23b 100644 --- a/checks/check_mail_loop +++ b/checks/check_mail_loop @@ -32,6 +32,9 @@ def check_mail_loop_arguments(params): else: args += ' --smtp-server=$HOSTADDRESS$' + if 'imap_tls' in params: + args += ' --imap-tls' + if 'smtp_tls' in params: args += ' --smtp-tls' diff --git a/doc/treasures/active_checks/check_mail_loop b/doc/treasures/active_checks/check_mail_loop index 2f677de..6c635b5 100755 --- a/doc/treasures/active_checks/check_mail_loop +++ b/doc/treasures/active_checks/check_mail_loop @@ -51,6 +51,7 @@ OPTIONS: (leave empty for anonymous SMTP) --smtp-password PW Password to authenticate SMTP --smtp-tls Use TLS over SMTP (disabled by default) + --imap-tls Use TLS for IMAP authentification (disabled by default) --fetch-protocol PROTO Set to "IMAP" or "POP3", depending on your mailserver (defaults to IMAP) @@ -92,7 +93,7 @@ OPTIONS: short_options = 'dh' long_options = ['smtp-server=', 'smtp-port=', 'smtp-username=', 'smtp-password=', - 'smtp-tls', 'fetch-protocol=', 'fetch-server=', 'fetch-port=', 'fetch-username=', + 'smtp-tls', 'fetch-tls', 'fetch-protocol=', 'fetch-server=', 'fetch-port=', 'fetch-username=', 'fetch-password=', 'fetch-ssl', 'mail-from=', 'mail-to=', 'warning=', 'critical=', 'connect-timeout=', 'delete-messages', 'help', 'status-dir=', 'status-suffix=', "debug", ] @@ -119,6 +120,7 @@ fetch_port = None fetch_user = None fetch_pass = None fetch_ssl = False +imap_tls = False mail_from = None mail_to = None warning = None @@ -153,6 +155,8 @@ for o,a in opts: fetch_user = a elif o == '--fetch-password': fetch_pass = a + elif o == '--imap-tls': + imap_tls = True elif o == '--fetch-ssl': fetch_ssl = True elif o == '--mail-from': @@ -220,6 +224,22 @@ def save_expected_mails(): lines.append('%d %s' % (ts, key)) file(status_path, 'w').write('\n'.join(lines) + '\n') +def add_starttls_support(self, keyfile = None, certfile = None): + import ssl + name = "STARTTLS" + typ, dat = self._simple_command(name) + if typ != 'OK': + raise self.error(dat[-1]) + + self.sock = ssl.wrap_socket(self.sock) + self.file = self.sock.makefile() + + cap = 'CAPABILITY' + self._simple_command(cap) + if not cap in self.untagged_responses: + raise self.error('no CAPABILITY response from server') + self.capabilities = tuple(self.untagged_responses[cap][-1].upper().split()) + def fetch_mails(): global g_M if not g_expected: @@ -244,7 +264,16 @@ def fetch_mails(): else: # Get mails from IMAP mailbox fetch_class = fetch_ssl and imaplib.IMAP4_SSL or imaplib.IMAP4 - g_M = fetch_class(fetch_server, fetch_port) + + if imap_tls: + # starttls in imaplib is only available with python >= 3.2 + # we are going to implement our own version + imaplib.Commands.update({"STARTTLS": ("NONAUTH")}) + g_M = imaplib.IMAP4(fetch_server, fetch_port) + add_starttls_support(g_M) + else: + g_M = fetch_class(fetch_server, fetch_port) + g_M.login(fetch_user, fetch_pass) g_M.select('INBOX', readonly=False) # select INBOX retcode, messages = g_M.search(None, 'NOT', 'DELETED') diff --git a/web/plugins/wato/active_checks.py b/web/plugins/wato/active_checks.py index 8f798f7..b8554f7 100644 --- a/web/plugins/wato/active_checks.py +++ b/web/plugins/wato/active_checks.py @@ -1744,7 +1744,7 @@ register_rule(group, 'the SMTP protocol and then tries to receive these mails back by querying the ' 'inbox of a IMAP or POP3 mailbox. With this check you can verify that your whole ' 'mail delivery progress is working.'), - optional_keys = ['smtp_server', 'smtp_tls', 'smtp_port', 'smtp_auth', 'connect_timeout', 'delete_messages', 'duration'], + optional_keys = ['smtp_server', 'smtp_tls', 'smtp_port', 'smtp_auth', 'imap_tls', 'connect_timeout', 'delete_messages', 'duration'], elements = [ ('item', TextUnicode( title = _('Name'), @@ -1761,6 +1761,10 @@ register_rule(group, title = _('Use TLS over SMTP'), totext = _('Encrypt SMTP communication using TLS'), )), + ('imap_tls', FixedValue(True, + title = _('Use TLS for IMAP authentification'), + totext = _('IMAP authentification uses TLS'), + )), ('smtp_port', Integer( title = _('SMTP TCP Port to connect to'), help = _('The TCP Port the SMTP server is listening on. Defaulting to <tt>25</tt>.'),