Email monitoring done right

For several years before starting NodePing I worked in a number of different roles in IT, including system administration, project management, infrastructure and network management, and development. A sizable chunk of that time was spent at an organization that ran email servers in a number of different countries scattered around the world. Making sure that all of those email systems were working properly and generating useful reporting was a huge challenge, and involved a lot of repetitive manual steps.

Availability report outputNodePing’s monitoring services were largely motivated by the desire to make widespread monitoring of web sites and other Internet accessible services as simple and automatic as possible. One of the reasons I’m so excited about our suite of email monitoring checks is that I know from personal experience how important these tools are, both from a sys admin’s point of view as well as from technical management roles.

The core of this set of tools is SMTP monitoring. This check has several options that allow you to check the remote SMTP server in a variety of ways. At its most basic, it can be used to check that the server is operating and answering to SMTP connections and is accessible. It can also watch the SSL/TLS certificates, and notify you in advance of when certificates will expire. The check also can be used to monitor if the SMTP server accepts or denies specific email addresses, which can be used for open relay monitoring. Authentication verification can make sure that the server is logging people in properly. This is particularly important when email servers are integrated with separate directory services, such as an LDAP service or Active Directory.

SMTP server monitoring should also be paired with RBL monitoring. This checks the server’s address against a number of different RBL services, and can notify you if the server has been blacklisted. Any experienced email administrator knows that staying off of these lists is critically important, and it is possible to get on a black list without doing anything outside of normal business practices. When it happens you need to know quickly so you can remedy or clarify the situation and get off of the black list before it negatively impacts business.

The IMAP and POP checks go hand in hand with the SMTP check to ensure that your customers and employees can retrieve mail from their inboxes. Like the SMTP check, these checks not only monitor that the server is accepting connections, but can verify authentication and warn you in advance if an SSL certificate is nearing expiration.

The final piece of the email service monitoring tool set is monitoring the web interface. Here NodePing’s HTTP Content check can be used to make sure that the service is responding with the proper web page, and the SSL check can verify that the web interface’s SSL certificate is in place and working properly, as well as warn of a nearing expiration date.

These checks together provide a full complement of tools for monitoring email services. For most systems, we’d suggest a full set of checks:

  • The SMTP service is operating properly on port 25, accept a STARTTLS command, accepts authentication, and accepts a given address for relay from an authenticated user. All of this, with verification of the TLS certificate, can be done with one check.
  • The SMTP service is listening and accepting SSL based connections on port 587.
  • The SMTP service rejects open relay requests.
  • The SMTP service accepts a local address from non-authenticated hosts.
  • The server is not on any RBL’s.
  • The IMAP server is operating properly on port 143 and authenticating properly
  • The IMAP server is operating properly on port 993 and the SSL certificate is good
  • The POP server is operating properly on port 110 and authenticating properly
  • The POP server is operating properly on port 995 and the SSL certificate is good
  • The web interface is operating properly on port 80 (if that is supported)
  • The web interface is operating properly on port 443 and the certificate is good.

This is a long way from a check that just monitors if a port is listening somewhere. It is the full set of checks that together help to ensure a healthy email system. We continue to extend our monitoring service and make our checks smarter, with the goal to take as much of the manual busy work out of the hands of busy administrators and allow them to focus on tasks that use their actual skills.

If you are responsible for email servers and haven’t added NodePing’s monitoring to your tool set yet, sign up for our free trial and give a try!

Don’t let your certificate expirations catch you offguard

Microsoft’s recent slipup with a certificate that caused outages for the Azure service is a reminder for the rest of us to make sure we are keeping a close eye on certificate expirations. Having a certificate expire on you makes you company look really inept, but in practice keeping track of certificates and when they expire can be a pain if you are trying to do it manually. A system that monitors certificates and reminds you before they will expire can be an excellent way to avoid having this happen to you, and is much easier than tracking them in a spreadsheet or sticky notes.

NodePing provides a few different ways to keep ahead of certificate expirations. For web servers, we have an SSL Check specifically designed to check the validity of SSL certificates and warn you a set number of days before they expire. You can set the number of days to anything that is useful for you. We typically suggest a couple of weeks in advance of the expiration.

Certificate expirations can also hit other types of services as well. Our email checks (SMTP, POP, and IMAP) can verify the SSL/TLS certificates used by each of these servers. Similar to the SSL check for web services, these checks verify that the SSL certificate is valid and working, and also can be set to warn you a certain number of days before they expire.

Tracking your certificates can be a pain, but it doesn’t have to be. Using an automated monitoring system like NodePing for SSL Certificate monitoring can make the task easy and painless, and let you focus on more interesting things.

POP Monitoring Enhancements

As part of strengthening our email server monitoring solutions, we’ve added a bunch of new features to the POP3 check type. They nicely complement our recent changes to our SMTP and IMAP checks.

New features include:

  • Non-standard ports. Specify any port, not just POP default port 110
  • SSL/TLS support on any port – not just 995.
  • SSL certificate validation
  • SSL certificate expiration warnings – configurable to X days before expiration
  • User login verification.

More details about the new POP server monitoring enhancements can be found in our documentation.

These features are available to all NodePing server monitoring accounts today. If you don’t have an account yet, you can sign up for a free 15-day trial at https://nodeping.com.

Now, if you just had a way to monitor spam blacklists for your server ip addresses… RBL Check is on its way!

SMTP Check Enhancements

We’ve rolled out some important enhancements to our SMTP check that will help ensure your email server is running as it should be.

Added enhancements include:

  • Non-standard ports
  • SSL/TLS support including certificate verification and expiration warning
  • STARTTLS support
  • AUTH with support for PLAIN, LOGIN, and CRAM-MD5
  • Mail acceptance verification including open relay notification

The SMTP check will now not only verify that your email server is running but can also optionally check to see if your server is an open relay or properly accepting mail for a particular email address.

The new open relay functionality will test to see if your mail server will accept mail for an address that should not be allowed. If your server is an open relay, we will send you a notification.

It’s also important to verify that your email server is not rejecting mail that it should be accepting. There are many reasons an SMTP server may reject email. The configuration may have changed or a particular mailbox may be over its quota. This enhancement verifies that your server will accept messages to an email address of your choice and send you a notification if it is rejected.

We’ve added extensive SSL/TLS support including STARTTLS as well as certificate verification and certificate expiration warnings. Simply set how many days in advance of the expiration you would like to be notified and we’ll send you an alert, giving you time to renew and install your new certificates.

The new optional AUTH support allows you to verify that users can log in and send mail using industry standard PLAIN, LOGIN, and CRAM-MD5 AUTH mechanisms.

You can find more information about our new SMTP check enhancements in our documentation.

These enhancements are available now to all NodePing customers. If you don’t currently have an account, please sign up for our free 15 day trial.

SSL Check Now Supports SNI and UCC Certificates

We’re happy to announce a couple of enhancements to our SSL certificate check. We now support SNI and UCC certificates

SNI (Server Name Indication) passes the hostname to the server when we request the certificate. That allows you to serve multiple SSL certificates on a single IP address.

UCC (Unified Communications Certificates) allow you use one certificate for multiple hostnames. Unlike wildcard certificates, which NodePing has supported from the beginning, UCC certificates can cover multiple hostnames on multiple domains.

As IPV4 addresses keep getting scarcer, the ability to monitor your SNI and UCC certificates for validity and expiration dates will become increasingly more important. NodePing is glad to be able to offer reliable monitoring for these SSL types.

If you’re not already a NodePing customer, please sign up for our free trial and see how SNI and UCC certificate monitoring can be easy and economical.

SSL Certificate Check

An SSL certificate is an important part of serving up secure websites. It puts the ‘S’ in HTTPS and gives your visitors that warm fuzzy feeling when they see that padlock in their browsers. But those SSL certificates don’t last forever. Most have to be renewed every 1-3 years and should you forget and let that certificate expire, your visitors will be met with an ugly “This Site is Untrusted‘ message instead of your great content. Let NodePing keep an eye on your SSL certificates with our new SSL check available today.

Monitoring your SSL certificate with NodePing will allow you to receive notifications if the certificates is nearing its expiration, is replaced with an invalid certificate, or if your webserver is incorrectly serving it. You can also configure how many days in advance of expiration you’d like to receive the notification, giving you time to renew and install a new certificate without interruption.

The new SSL check is just one more link in your comprehensive server monitoring chain. NodePing is happy to keep an eye on your SSL┬ácertificates. If you don’t have an account yet, sign up for a free 15 day trial at http://nodeping.com.

Let us know what you think of the new SSL check in the comments below.