Skip to content

TLS Integration SMTP support #22007

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jake-walker wants to merge 7 commits into
base: master
Choose a base branch
from
Open

TLS Integration SMTP support #22007

Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
81c668d
Add SMTP STARTTLS test container
jake-walker Nov 28, 2025
53a6a14
Add SMTP TLS ok test
jake-walker Nov 28, 2025
2d3d3cc
Add smtp to start_tls values
jake-walker Nov 28, 2025
9e39beb
Add smtp start_tls implementation
jake-walker Nov 28, 2025
8246a0b
Update tls/datadog_checks/tls/data/conf.yaml.example
jake-walker Dec 1, 2025
2646861
Add changelog entry
jake-walker Jan 14, 2026
6bb4f4b
Fix tls config spec
jake-walker Jan 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add smtp start_tls implementation
  • Loading branch information
@jake-walker
jake-walker committed Jan 14, 2026
commit 9e39beb41dd0869b1108e14c0ccabbceacafbc13
18 changes: 18 additions & 0 deletions tls/datadog_checks/tls/tls_remote.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,24 @@ def _switch_starttls(self, sock):
# Read Mysql welcome message
data = self._read_n_bytes_from_socket(sock, bytes_to_read)
sock.sendall(packet)
elif protocol == "smtp":
self.log.debug('Switching connection to encrypted for %s protocol', protocol)

# read & check server hello
initial_banner = sock.recv(4096)
if not initial_banner.startswith(b'220'):
raise Exception('SMTP server did not greet correctly')

# send client hello
sock.sendall(f'EHLO {self.agent_check._server_hostname}\r\n'.encode('ascii'))
# drain EHLO response
sock.recv(4096)

# upgrade connection
sock.sendall(b'STARTTLS\r\n')
data = sock.recv(1024)
if not data.startswith(b'220'):
raise Exception('SMTP endpoint does not support STARTTLS')
else:
raise Exception('Unsupported starttls protocol: ' + protocol)

Expand Down