Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mail is not sending #112

Open
maureyz opened this issue Sep 17, 2021 · 1 comment
Open

Mail is not sending #112

maureyz opened this issue Sep 17, 2021 · 1 comment

Comments

@maureyz
Copy link

maureyz commented Sep 17, 2021

Using the note example: ssl-cert-check -a -f mydomain-q -x 60 -e mauricio.reyes@mymaildomain.net

Shows the next:
Host Status Expires Days


FILE:/etc/ssl/certs/never8.cer Expiring Oct 9, 2021 22
root@proxy1:/home/n8admin/ssl-cert-check-master# ./ssl-cert-check -a -f never8.com -q -x 60 -e mauricio.reyes@never8.com
Usage: ./ssl-cert-check [ -e email address ] [-E sender email address] [ -x days ] [-q] [-a] [-b] [-h] [-i] [-n] [-N] [-v]
{ [ -s common_name ] && [ -p port] } || { [ -f cert_file ] } || { [ -c cert file ] } || { [ -d cert dir ] }

-a : Send a warning message through E-mail
-b : Will not print header
-c cert file : Print the expiration date for the PEM or PKCS12 formatted certificate in cert file
-d cert directory : Print the expiration date for the PEM or PKCS12 formatted certificates in cert directory
-e E-mail address : E-mail address to send expiration notices
-E E-mail sender : E-mail address of the sender
-f cert file : File with a list of FQDNs and ports
-h : Print this screen
-i : Print the issuer of the certificate
-k password : PKCS12 file password
-n : Run as a Nagios plugin
-N : Run as a Nagios plugin and output one line summary (implies -n, requires -f or -d)
-p port : Port to connect to (interactive mode)
-q : Don't print anything on the console
-s commmon name : Server to connect to (interactive mode)
-S : Print validation information
-t type : Specify the certificate type
-V : Print version information
-x days : Certificate expiration interval (eg. if cert_date < days)

root@proxy1:/home/n8admin/ssl-cert-check-master# ./ssl-cert-check -a -f never8.com -q -x 60 -e mauricio.reyes@never8.com

@allella
Copy link

allella commented Feb 7, 2022

There are a number of reasons an email might not send, or else end up in a spam folder.

You did this above, but it's necessary to specify the -a flag and the script will only send an email if there's a certificate that's expiring within the (-x DAYS) flag. So, receiving no emails can actually be good, because it can mean no certificates are about to expire. You can test if this is the reason by temporarily setting the -x value to a high number.

If you're running this script on a server, then that server may have a local "sendmail" service setup to send email directly from the server. Or, that "sendmail" service may "relay" outgoing mail through a 3rd party sending service through SMTP.

The outbound port typically needs to be open in any firewalls on a server. These days, this is usually port 587 for secure SMTP traffic.

Using the "out of the box" email sending configuration on a server is likely to still end up in spam unless you've configured SFP and/or DKIM records to authorize your server to send on behalf of the domain specified in the "From" (-E) email address.

If you have a server that's not configured to relay mail already, then setting up a free / cheap account with a email transaction service, like Send Grid + sendmail, is a much better way to avoid emails ending up in a spam folder.

If you're trying to run the script from your local computer, then it's unlikely your local computer is setup to relay emails. Even if ti did, there are things like firewalls ports that may not be open and you're very likely to have spam folder issues relaying from a local machine unless you configure it to relay emails for the "From" domain.

You can usually see if an email is sending on a Linux server, or local computer, by opening /var/log/maillog and checking the end of the file for log messages.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants