Why don't fingerprints match?

CentOS 6: Notification if Fetchmail fingerprints are incorrect


As already described in the CentOS 6: Renewing Fetchmail SSL Certificates tutorial, the certificates on the mail servers are generally only valid for a limited period and are exchanged regularly. Since with a corresponding configuration of Fetchmail no more e-mails are fetched from the mail server concerned after a certificate change, I wrote a small shell script which regularly checks the log file of the mail system and informs the administrator about the invalid certificate by e-mail.

Note: The following script is designed for CentOS 6.2. If you have another version of CentOS or another distribution, you may have to adapt the filter to the format in your / var / log / maillog to adjust.

With CentOS 6.2 you can see the corresponding entries in the / var / log / maillog as follows.

Sep 6 15:57:00 centos6 fetchmail [25042]: pop.gmx.net fingerprints do not match!

Use the following command to create the script in the directory ~ / sh.

[root @ centos6 ~] # vi ~ / sh / check_maillog.sh

Now add the following script to the file check_maillog.sh a.

###########################################################################
##                                                                       ##
## Check / var / log / maillog for fingerprint warnings ##
##                                                                       ##
## Creation: May 8th, 2012 ##
## Last Update: October 20, 2013 ##
##                                                                       ##
## Copyright (c) 2012-2013 by Georg Kainzbauer ##
##                                                                       ##
## This program is free software; you can redistribute it and / or modify ##
## it under the terms of the GNU General Public License as published by ##
## the Free Software Foundation; either version 2 of the License, or ##
## (at your option) any later version. ##
##                                                                       ##
###########################################################################
#! / bin / bash

# Path of maillog file
LOGFILE = / var / log / maillog

# Search string
SEARCHSTRING = "Fingerprints do not match!"

# Who will be informed in case of fingerprint warnings are found (if you do not want to be informed via mail, set this option to "")
MAILNOTIFY = "root @ localhost"

# Subject of the notification mail
MAILSUBJECT = "Fetchmail: Fingerprints do not match"

###################################################################
# NORMALLY THERE IS NO NEED TO CHANGE ANYTHING BELOW THIS COMMENT #
###################################################################

function pipe_not_empty ()
{
input = $ (cat)
if ["$ input"! = ""]; then
{printf '% s \ n' "$ {input}"; } | "$ @"
fi
}

grep "$ {SEARCHSTRING}" $ {LOGFILE} | cut -d "" -f2- | grep "^ $ (date +% e)" | cut -d: -f4- | cut -d "" -f2- | sort -u | sed "s / - $ {SEARCHSTRING} //" | pipe_not_empty mail -s "$ {MAILSUBJECT}" $ {MAILNOTIFY}

exit 0

Then change the access rights of the file.

[root @ centos6 ~] # chmod 0700 ~ / sh / check_maillog.sh

Now open the crontab for editing with the following command.

[root @ centos6 ~] # crontab -e

At the end of the file, add the following line. This will cause the script to run at 11:59 a.m. and 11:59 p.m. every day.

59 11.23 * * * /root/sh/check_maillog.sh> / dev / null 2> & 1

Further tutorials

CentOS 6: Renew Fetchmail SSL certificates


This entry was created on September 15, 2013 and last edited on January 24, 2016.

Direct link to this page: http://www.gtkdb.de/index_33_2330.html

[To the start page] [To the category]