The builtin smtp monitor on BIG-IP F5 has two problems:
- it only checks if the SMTP server responds to connections and HELO/EHLO
- It contains a bug that causes exim to send a TCP RST resulting on that backend being marked as down. This is fixed in a newer releases, but the original author can't use that for unrelated reasons.
This monitor also detects breakage in later stages like behavior checks (spam detection) and content checks (for example antivirus) by actually sending a test email. This is basically a simple SMTP client that adheres to the BIG-IP calling- and reporting conventions.
Check the builtin help for up-to-date information on switches and usage:
$ f5-smtp-monitor --help
This smtp backend check expects two mandatory arguments:
1. ip address (IPv4-mapped IPv6 addresses for IPv4, e.g. "":ffff:a.b.c.d")
2. tcp port number
The rest of the program is controlled by environment variables (defaults in parenthesis):
* DEBUG: when set to anything than 0 enables debugging output to syslog (0)
* SENDER: mail sender ([email protected])
* RECIPIENT: mail recipient ([email protected])
* SUBJECT: mail subject ("F5 Loadbalancer Keepalive Test")
* BODY: mail body ("")
* TLS: set TLS mode: NONE/PLAIN, STARTTLS or TLS (no certificate verification when TLS* set) (NONE)
* HELO: use value for HELO/EHLO (os.Hostname() or "f5-keepalive-test.localdomain" on error)
* TESTAV: add EICAR test virus to body when set (NOT SET)
* TESTSPAM: add GTUBE spam string to body when set (NOT SET)
Autogenerated binaries are available on the project's release page on github. There are no further dependencies.
Install Go on your build machine.
go get -v github.com/hreese/f5-smtp-monitor
cd $GOPATH/src/github.com/hreese/f5-smtp-monitor
GOOS=linux GOARCH=amd64 go build -ldflags "-s -w"
The F5-setup is firmware specific. Check the BIG-IP Local Traffic Manager: Monitors Reference for your version for details.
DEBUG
is part of BIG-IP's monitoring interface. When set to 1 debug output will be sent to syslog.SENDER
sets both the SMTP MAIL FROM and the From: header. Pick a sensible value that matches your local mail setup.RECIPIENT
sets both the SMTP RCPT TO and the To: header. Pick a sensible value that matches your local mail setup.SUBJECT
sets the Subject: header.BODY
sets the mail body.TLS
set TLS mode: NONE/PLAIN, STARTTLS or TLS (no certificate verification when TLS* set).HELO
sets SMTP HELO/EHLO. Pick a sensible value.- Setting
TESTAV
will add the EICAR antivirus test string to the mail body. It will also change to test's logic to succeed if server rejects our mail after DATA and fail it it does not. - Setting
TESTSPAM
will add the GTUBE anti-spam test string to the mail body. It will also change to test's logic to succeed if server rejects our mail after DATA and fail it it does not.
For performance reasons, the recommended way is to create a special email address or
domain that discards everything. We'll use blackhole.example.com
here.
Add a recipient acl to always accept your discard domain:
accept
domains = blackhole.example.com
endpass
Add a discard router:
blackhole:
driver = redirect
domains = blackhole.example.com
data = :blackhole:
Add your loadbalancer interfaces to smtp_reserve_hosts
to make sure your
backend tests succeed even under heavy load.
I'm happy to include other mail transfer agents if someone writes a guide for them. Please add a pull request on github.