infrastructure/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2025-07-12 17:04:39 +03:00
Code Issues Packages Projects Releases Wiki Activity

smtpserver: add prometheus metric for failing starttls handshakes for incoming deliveries

Browse Source 
and add an alerting rule if the failure rate becomes >10% (e.g. expired
certificate).

the prometheus metrics includes a reason, including potential tls alerts, if
remote smtp clients would send those (openssl s_client -starttls does).

inspired by issue #237, where incoming connections were aborted by remote. such
errors would show up as "eof" in the metrics.
This commit is contained in:
Mechiel Lukkien
2024-11-29 12:43:21 +01:00
parent 09e7ddba9e
commit afb182cb14
5 changed files with 63 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tlsrpt/alert.go
View File

@ -10,7 +10,8 @@ import (
"strings"
)
func formatAlert(alert uint8) string {
// FormatAlert formats a TLS alert in the form "alert-<num>" or "alert-<num>-<shortcode>".
func FormatAlert(alert uint8) string {
s := fmt.Sprintf("alert-%d", alert)
err := tls.AlertError(alert) // Since go1.21.0
// crypto/tls returns messages like "tls: short message" or "tls: alert(321)".