Re: OT: visible TLS config
On 04/04/14 20:14, Ron Leach wrote:
> On 04/04/2014 02:06, Scott Ferguson wrote:
>>
>> Your mail setup is a little, um, odd; *no* TLS configured or SPF
>> records, and other [...]
>>
>
> Sorry to go off-topic but, since I'm in the process of setting up a new
> domain and mailserver, could I ask how you 'knew' or were able to 'see'
> that a mailserver has 'no TLS configured'?
stunnel, gnutls-cli, and other tools will do the job.
>
> On a new installation, I've set mx records, and have SPF records which
> pass the SPF test. I'd hadn't understood how or where to make TLS
> visible, other than simply letting the MTA use TLS whenever it could,
> and it would be visible on the initial SMTP connection.
>
> Did you mean there is a setting in the DNS records intended for TLS
> reception or preference? (The server isn't handling any mail, yet, in
> part because I haven't cracked certificate signing, which I'm also
> learning about.) I just wondered how you detected that a server wasn't
> configured for TLS.
$ openssl s_client -CApath /etc/ssl/certs/ -starttls smtp -connect
mail.example.com:25
CONNECTED(00000003)
didn't found starttls in server response, try anyway...
3074561672:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:766:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 190 bytes and written 355 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
>
> regards, Ron
>
>
Kind regards
Reply to: