0

I'm using the Nagios plugin check_email_delivery to monitor email, and to check software statuses in some cases. We're now moving all of our internal mail servers to Office 365 and have discovered that this command:

./check_imap_receive_epn -H outlook.office365.com -U user@example.com -P password --ssl -s SUBJECT -s $ARG1$ -w 1200 -c 1800

Results in:

IMAP RECEIVE CRITICAL - Could not connect to outlook.office365.com port 993: IO::Socket::INET6 configuration failederror:00000000:lib(0):func(0):reason(0) at ./check_imap_receive_epn line 93.

HOWEVER! Resolving the cname to an IP address seems to work. Example:

./check_imap_receive_epn -H 157.56.239.201 -U user@example.com -P password --ssl -s SUBJECT -s $ARG1$ -w 1200 -c 1800

With a result of:

IMAP RECEIVE OK - 5 seconds, 1 found, 1 deleted

I think the issue is caused here:

my $socket = IO::Socket::SSL->new(PeerAddr=>"$imap_server:$imap_port", %ssl_args);

Where $imap_server isn't resolving correctly. Any suggestions? >.<

666jfox777
  • 89
  • 1
  • 1
  • 6
  • It sounds like you may have answered your own question: perhaps name resolution is not working? – codnodder Dec 24 '13 at 21:32
  • Name resolution is working - I can resolve the DNS cname using ping, dig, nslookup... I need a solution that I can place in `"$imap_server:$imap_port"` to resolve "outlook.office365.com" to the resulting IP. – 666jfox777 Dec 24 '13 at 22:07
  • Perhaps something like [this](http://stackoverflow.com/questions/9244843/dns-checking-using-perl-and-netdns) or [this](http://stackoverflow.com/questions/6233243/can-i-determine-if-a-given-hostname-is-a-cname-via-perl). But not quite. – 666jfox777 Dec 24 '13 at 22:19
  • I can also confirm that a record resolution works fine. – 666jfox777 Dec 24 '13 at 22:19

1 Answers1

1

because IO::Socket::INET6 is installed IO::Socket::SSL will use this as base class. IO::Socket::INET6 tries to get an IPv6 address first (e.g. DNS AAAA record), while ping etc often try IPv4 only (there is usually a ping6 to for IPv6). So if your IPv6 setup is broken you might not realize it with IPv4-only tools. Please check:

  • dig outlook.office365.com AAAA - this should give you IPv6 addresses. If you don't have IPv6 it should give no records at all and NOERROR, but some broken resolvers return NXDOMAIN instead
  • if you get an IPv6 address try to connect to it, e.g. perl -MIO::Socket::INET6 -e 'IO::Socket::INET6->new("[2a01:111:f400:9800::6]:993") or die $!' If you get an error your IPv6 setup is broken, e.g. the resolver returns IPv6 records even you cannot reach hosts by IPv6
Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172