infrastructure/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2025-07-12 13:04:38 +03:00
Code Issues Packages Projects Releases Wiki Activity

smtpserver: add prometheus metric for failing starttls handshakes for incoming deliveries

Browse Source 
and add an alerting rule if the failure rate becomes >10% (e.g. expired
certificate).

the prometheus metrics includes a reason, including potential tls alerts, if
remote smtp clients would send those (openssl s_client -starttls does).

inspired by issue #237, where incoming connections were aborted by remote. such
errors would show up as "eof" in the metrics.
This commit is contained in:
Mechiel Lukkien
2024-11-29 12:43:21 +01:00
parent 09e7ddba9e
commit afb182cb14
5 changed files with 63 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tlsrpt/report.go
View File

@ -394,7 +394,7 @@ func TLSFailureDetails(err error) (ResultType, string) {
// todo: ideally, crypto/tls would let us check if this is an alert. it could be another uint8-typed error.
v := reflect.ValueOf(netErr.Err)
if v.Kind() == reflect.Uint8 && v.Type().Name() == "alert" {
reasonCode = "tls-remote-" + formatAlert(uint8(v.Uint()))
reasonCode = "tls-remote-" + FormatAlert(uint8(v.Uint()))
}
}
return ResultValidationFailure, reasonCode
@ -429,7 +429,7 @@ func TLSFailureDetails(err error) (ResultType, string) {
}
v := reflect.ValueOf(err)
if v.Kind() == reflect.Uint8 && v.Type().Name() == "alert" {
reasonCode = "tls-local-" + formatAlert(uint8(v.Uint()))
reasonCode = "tls-local-" + FormatAlert(uint8(v.Uint()))
}
}
return ResultValidationFailure, reasonCode