Package: wnpp Severity: wishlist X-Debbugs-Cc: j...@nahmias.net, postfix-us...@dukhovni.org, debian-hask...@lists.debian.org
* Package name : danecheck Version : 1.1.0 Upstream Author : Viktor Dukhovni <postfix-us...@dukhovni.org> * URL : https://github.com/vdukhovni/danecheck * License : BSD Programming Lang: Haskell Description : DANE SMTP checker This is a tool to check DANE TLSA security for SMTP. Features: * Test the local resolver configuration by verifying the validity of the root zone DNSKEY and SOA RRSets. * Test whether DNSSEC is enabled for a given TLD. * Check whether an email domain is fully protected (across all of its MX hosts) by DANE TLSA records, and whether these match the actual certificate chains seen at each IP address of each MX host. * Perform certificate chain verification at a time offset from the current time to ensure that that certificates are not about to expire too soon. A non-zero exit status is returned if any DNS lookups fail or if the MX records or MX hosts are in an unsigned zone, or if for one of the MX hosts no associated secure TLSA records are found. A non-zero exit status is also returned if any of the SMTP connections fail to establish a TLS connection or yield a certificate chain that does not match the TLSA records. Packaging note: I do not know haskell, so wouldn't really be a good maintainer, thus submitting this as an RFP.