Email monitoring done right

For several years before starting NodePing I worked in a number of different roles in IT, including system administration, project management, infrastructure and network management, and development. A sizable chunk of that time was spent at an organization that ran email servers in a number of different countries scattered around the world. Making sure that all of those email systems were working properly and generating useful reporting was a huge challenge, and involved a lot of repetitive manual steps.

NodePing’s monitoring services were largely motivated by the desire to make widespread monitoring of web sites and other Internet accessible services as simple and automatic as possible. One of the reasons I’m so excited about our suite of email monitoring checks is that I know from personal experience how important these tools are, both from a sys admin’s point of view as well as from technical management roles.

The core of this set of tools is SMTP monitoring. This check has several options that allow you to check the remote SMTP server in a variety of ways. At its most basic, it can be used to check that the server is operating and answering to SMTP connections and is accessible. It can also watch the SSL/TLS certificates, and notify you in advance of when certificates will expire. The check also can be used to monitor if the SMTP server accepts or denies specific email addresses, which can be used for open relay monitoring. Authentication verification can make sure that the server is logging people in properly. This is particularly important when email servers are integrated with separate directory services, such as an LDAP service or Active Directory.

SMTP server monitoring should also be paired with RBL monitoring. This checks the server’s address against a number of different RBL services, and can notify you if the server has been blacklisted. Any experienced email administrator knows that staying off of these lists is critically important, and it is possible to get on a black list without doing anything outside of normal business practices. When it happens you need to know quickly so you can remedy or clarify the situation and get off of the black list before it negatively impacts business.

The IMAP and POP checks go hand in hand with the SMTP check to ensure that your customers and employees can retrieve mail from their inboxes. Like the SMTP check, these checks not only monitor that the server is accepting connections, but can verify authentication and warn you in advance if an SSL certificate is nearing expiration.

The final piece of the email service monitoring tool set is monitoring the web interface. Here NodePing’s HTTP Content check can be used to make sure that the service is responding with the proper web page, and the SSL check can verify that the web interface’s SSL certificate is in place and working properly, as well as warn of a nearing expiration date.

These checks together provide a full complement of tools for monitoring email services. For most systems, we’d suggest a full set of checks:

• The SMTP service is operating properly on port 25, accept a STARTTLS command, accepts authentication, and accepts a given address for relay from an authenticated user. All of this, with verification of the TLS certificate, can be done with one check.
• The SMTP service is listening and accepting SSL based connections on port 587.
• The SMTP service rejects open relay requests.
• The SMTP service accepts a local address from non-authenticated hosts.
• The server is not on any RBL’s.
• The IMAP server is operating properly on port 143 and authenticating properly
• The IMAP server is operating properly on port 993 and the SSL certificate is good
• The POP server is operating properly on port 110 and authenticating properly
• The POP server is operating properly on port 995 and the SSL certificate is good
• The web interface is operating properly on port 80 (if that is supported)
• The web interface is operating properly on port 443 and the certificate is good.

This is a long way from a check that just monitors if a port is listening somewhere. It is the full set of checks that together help to ensure a healthy email system. We continue to extend our monitoring service and make our checks smarter, with the goal to take as much of the manual busy work out of the hands of busy administrators and allow them to focus on tasks that use their actual skills.

If you are responsible for email servers and haven’t added NodePing’s monitoring to your tool set yet, sign up for our free trial and give a try!