I’m testing the rollout of MTA-STS for my mail server. It passes tests from https://aykevl.nl/apps/mta-sts/ <https://aykevl.nl/apps/mta-sts/> and https://www.mailhardener.com/tools/mta-sts-validator?domain=semperen.com <https://www.mailhardener.com/tools/mta-sts-validator?domain=semperen.com>
What it doesn’t pass is https://internet.nl/mail/semperen.com/529704/ <https://internet.nl/mail/semperen.com/529704/> where it claims STARTTLS isn’t presented. So I dug into a packet capture and sure enough STARTTLS is not presented to the internet.nl <http://internet.nl/> client as an option (see highlighted sections from the packet capture. STARTTLS is presented to all other hosts I’ve tested so what would make it not present it in this case? 15:01:37.902309 IP ip-100-86-20-120.smtp > internet.nl.4514: Flags [P.], seq 1:38, ack 1, win 26883, length 37: SMTP: 220 smtp.semperen.com ESMTP Postfix 0x0000: 4500 004d 142e 4000 ff06 6dd8 6456 1478 e.....@...m.dv.x 0x0010: 3ecc 420a 0019 11a2 9b8e ac99 466e 6e00 >.B.........Fnn. 0x0020: 5018 6903 f9e3 0000 3232 3020 736d 7470 P.i.....220.smtp 0x0030: 2e73 656d 7065 7265 6e2e 636f 6d20 4553 .semperen.com.ES 0x0040: 4d54 5020 506f 7374 6669 780d 0a MTP.Postfix.. 15:01:37.992610 IP internet.nl.4514 > ip-100-86-20-120.smtp: Flags [.], ack 38, win 64203, length 0 0x0000: 4500 0028 4aa3 4000 2e06 0889 3ecc 420a E..(J.@.....>.B. 0x0010: 6456 1478 11a2 0019 466e 6e00 9b8e acbe dV.x....Fnn..... 0x0020: 5010 facb aced 0000 d931 4a68 9257 P........1Jh.W 15:01:38.016294 IP internet.nl.4514 > ip-100-86-20-120.smtp: Flags [P.], seq 1:19, ack 38, win 64203, length 18: SMTP: EHLO internet.nl 0x0000: 4500 003a 4aa4 4000 2e06 0876 3ecc 420a E..:J.@....v>.B. 0x0010: 6456 1478 11a2 0019 466e 6e00 9b8e acbe dV.x....Fnn..... 0x0020: 5018 facb c8e1 0000 4548 4c4f 2069 6e74 P.......EHLO.int 0x0030: 6572 6e65 742e 6e6c 0d0a ernet.nl.. 15:01:38.016301 IP ip-100-86-20-120.smtp > internet.nl.4514: Flags [.], ack 19, win 26883, length 0 0x0000: 4500 0028 142f 4000 ff06 6dfc 6456 1478 E..(./@...m.dV.x 0x0010: 3ecc 420a 0019 11a2 9b8e acbe 466e 6e12 >.B.........Fnn. 0x0020: 5010 6903 f9be 0000 P.i..... 15:01:38.051355 IP ip-100-86-20-120.smtp > internet.nl.4514: Flags [P.], seq 38:171, ack 19, win 26883, length 133: SMTP: 250-smtp.semperen.com 0x0000: 4500 00ad 1430 4000 ff06 6d76 6456 1478 e.....@...mvdv.x 0x0010: 3ecc 420a 0019 11a2 9b8e acbe 466e 6e12 >.B.........Fnn. 0x0020: 5018 6903 fa43 0000 3235 302d 736d 7470 P.i..C..250-smtp 0x0030: 2e73 656d 7065 7265 6e2e 636f 6d0d 0a32 .semperen.com..2 0x0040: 3530 2d53 495a 4520 3230 3030 3030 3030 50-SIZE.20000000 0x0050: 300d 0a32 3530 2d56 5246 590d 0a32 3530 0..250-VRFY..250 0x0060: 2d4e 4f4f 500d 0a32 3530 2d41 5554 4820 -NOOP..250-AUTH. 0x0070: 504c 4149 4e20 4c4f 4749 4e0d 0a32 3530 PLAIN.LOGIN..250 0x0080: 2d45 4e48 414e 4345 4453 5441 5455 5343 -ENHANCEDSTATUSC 0x0090: 4f44 4553 0d0a 3235 302d 3842 4954 4d49 ODES..250-8BITMI 0x00a0: 4d45 0d0a 3235 3020 4453 4e0d 0a ME..250.DSN.. --- Eric Germann ekgermann(at)semperen(dot)com || ekgermann(at)gmail(dot)com LinkedIn: https://www.linkedin.com/in/ericgermann Twitter: @ekgermann GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1 Telegram||Signal +1(dash)419(dash)513(dash)0712
_______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
