Re: when should we esmtps our mxes?
>>>>> Andrey Rahmatullin <wrar@debian.org> writes:
>>>>> On Mon, Oct 24, 2016 at 11:45:33AM +0000, Ivan Shmakov wrote:
>> $ gnutls-cli --starttls -p 25 bendel.debian.org
[…]
>> Connecting to '82.195.75.100:443'...
> I cannot reproduce gnutls-cli connecting to :443 when asked :25.
Indeed, my mistake; I somehow managed to MIME the wrong
transcript. Here’s the correct one.
[…]
--
FSF associate member #7257 58F8 0F47 53F5 2EB2 F6A5 8916 3013 B6A0 230E 334A
Processed 173 CA certificate(s).
Resolving 'bendel.debian.org'...
Connecting to '2001:41b8:202:deb:216:36ff:fe40:4002:25'...
- Simple Client Mode:
220 bendel.debian.org ESMTP Postfix
EHLO test
250-bendel.debian.org
250-PIPELINING
250-SIZE 30720000
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 8BITMIME
STARTTLS
220 2.0.0 Ready to start TLS
*** Starting TLS handshake
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA,CN=bendel.debian.org,EMAIL=hostmaster@bendel.debian.org', issuer `C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA,CN=Debian SMTP CA,EMAIL=hostmaster@puppet.debian.org', RSA key 2048 bits, signed using RSA-SHA1, activated `2016-02-09 00:00:13 UTC', expires `2017-02-08 00:00:13 UTC', SHA-1 fingerprint `d99dffbab982a0bbca0f95cf88401f75d75a0194'
Public Key ID:
a6fa6354cd66e04bba4f3c3e5f45bf82afe17b61
Public key's random art:
+--[ RSA 2048]----+
| |
| . |
| . + . |
| + = . . |
| +S+ . .|
| o+. .E .|
| ...+ oo... |
| .+o....o.. |
| .o.ooo.++. |
+-----------------+
- Certificate[1] info:
- subject `C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA,CN=Debian SMTP CA,EMAIL=hostmaster@puppet.debian.org', issuer `C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA,CN=Debian SMTP CA,EMAIL=hostmaster@puppet.debian.org', RSA key 2048 bits, signed using RSA-SHA1, activated `2009-04-04 22:40:56 UTC', expires `2019-04-02 22:40:56 UTC', SHA-1 fingerprint `2bd080f1a4c79bae4d8ce3728fd2483b49ce4ca5'
- Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
Reply to: