Probe needed for Cyrus IMAP
info-cyrus-spodhuis at spodhuis.org
Wed Nov 1 18:26:06 EST 2006
On 2006-11-01 at 17:37 -0500, Scott Adkins wrote:
> Of course, contacting SSL ports are a bit more difficult. If you need to
> probe an IMAPS or POP3S port, telnet just doesn't work.
True, and there are many good examples available. Wrapping imtest will
even let you check authentication inside SSL.
Myself though, I'd be a little cautious about through SSL at the service
immediately. When the system's starting and various daemons are doing
their Thing, entropy is precious and unnecessary cryptography to be
avoided as it can lead to delays elsewhere.
So I personally suggest leaving the automated checks to plain TCP and
seeing if the monitoring facility (sorry, I don't know SMF) can delay
the SSL/TLS-based checks until five minutes after boot/service-start.
Unless you have decent hardware crypto accelerators providing decent
entropy, so that in practice you never need to worry about running out.
"Everything has three factors: politics, money, and the right way to do it.
In that order." -- Gary Donahue
More information about the Info-cyrus