Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Another thing I am pondering is how best to debug the SMTP connection. tcpdump shows me the dns lookup, and a connection to the correct port (465) but the server itself (exim) gives me a "TLS error on connection from &lt;host/ip&gt; SSL_accept: TCP connection closed by peer", while fleetdm pops up a "sending mail: could not dial smtp host: SMTP connection error" which suggests that the "dial deadline" has been reached.

What do you get if you `curl -vv smtp://&lt;host&gt;:&lt;port&gt;` from the host running your Fleet server?

Does your server perhaps try to negotiate a TLS connection immediately rather than using STARTTLS?

When you put it that way .. :slightly_smiling_face: -- changed the port 25 and .. STARTTLS was triggered (X=TLS1.3:AEAD-CHACHA20-POLY1305-SHA256:256); I've been too used to forcing (mobile) clients to use TLS direct. Again, thanks!