Re: [Assp-user] Odd behavior with STARTTLS

Eric Germann via Assp-user Sun, 16 May 2021 19:00:09 -0700

Figured it out.  For the archives:

internet.nl <http://internet.nl/> walks through a series of ciphers and 
protocols including SSL2, SSL3.  It also negotiates a number of ciphers.  This 
caused it to trip the failed SSL trigger and ending up in "SSL-failed-cache”


To fix it and let the test complete, added the IP address (62.204.66.10 at this 
time) of internet.nl <http://internet.nl/> to “noBanFailedSSLIP” field and test 
completed with SSL available.

---
Eric Germann
ekgermann(at)semperen(dot)com || ekgermann(at)gmail(dot)com
LinkedIn: https://www.linkedin.com/in/ericgermann
Twitter: @ekgermann

GPG Fingerprint: 89ED 36B3 515A 211B 6390  60A9 E30D 9B9B 3EBF F1A1
Telegram||Signal +1(dash)419(dash)513(dash)0712






> On May 16, 2021, at 11:12 AM, Eric Germann <ekgerm...@semperen.com> wrote:
> 
> I’m testing the rollout of MTA-STS for my mail server.
> 
> It passes tests from https://aykevl.nl/apps/mta-sts/ 
> <https://aykevl.nl/apps/mta-sts/> and 
> https://www.mailhardener.com/tools/mta-sts-validator?domain=semperen.com 
> <https://www.mailhardener.com/tools/mta-sts-validator?domain=semperen.com>  
> 
> What it doesn’t pass is https://internet.nl/mail/semperen.com/529704/ 
> <https://internet.nl/mail/semperen.com/529704/> where it claims STARTTLS 
> isn’t presented.
> 
> So I dug into a packet capture and sure enough STARTTLS is not presented to 
> the internet.nl <http://internet.nl/> client as an option (see highlighted 
> sections from the packet capture.
> 
> STARTTLS is presented to all other hosts I’ve tested so what would make it 
> not present it in this case?
> 
> 
> 15:01:37.902309 IP ip-100-86-20-120.smtp > internet.nl 
> <http://internet.nl/>.4514: Flags [P.], seq 1:38, ack 1, win 26883, length 
> 37: SMTP: 220 smtp.semperen.com <http://smtp.semperen.com/> ESMTP Postfix
>         0x0000:  4500 004d 142e 4000 ff06 6dd8 6456 1478  e.....@...m.dv.x
>         0x0010:  3ecc 420a 0019 11a2 9b8e ac99 466e 6e00  >.B.........Fnn.
>         0x0020:  5018 6903 f9e3 0000 3232 3020 736d 7470  P.i.....220.smtp
>         0x0030:  2e73 656d 7065 7265 6e2e 636f 6d20 4553  .semperen.com.ES
>         0x0040:  4d54 5020 506f 7374 6669 780d 0a         MTP.Postfix..
> 15:01:37.992610 IP internet.nl <http://internet.nl/>.4514 > 
> ip-100-86-20-120.smtp: Flags [.], ack 38, win 64203, length 0
>         0x0000:  4500 0028 4aa3 4000 2e06 0889 3ecc 420a  E..(J.@.....>.B.
>         0x0010:  6456 1478 11a2 0019 466e 6e00 9b8e acbe  dV.x....Fnn.....
>         0x0020:  5010 facb aced 0000 d931 4a68 9257       P........1Jh.W
> 15:01:38.016294 IP internet.nl <http://internet.nl/>.4514 > 
> ip-100-86-20-120.smtp: Flags [P.], seq 1:19, ack 38, win 64203, length 18: 
> SMTP: EHLO internet.nl <http://internet.nl/>
>         0x0000:  4500 003a 4aa4 4000 2e06 0876 3ecc 420a  E..:J.@....v>.B.
>         0x0010:  6456 1478 11a2 0019 466e 6e00 9b8e acbe  dV.x....Fnn.....
>         0x0020:  5018 facb c8e1 0000 4548 4c4f 2069 6e74  P.......EHLO.int
>         0x0030:  6572 6e65 742e 6e6c 0d0a                 ernet.nl 
> <http://ernet.nl/>..
> 15:01:38.016301 IP ip-100-86-20-120.smtp > internet.nl 
> <http://internet.nl/>.4514: Flags [.], ack 19, win 26883, length 0
>         0x0000:  4500 0028 142f 4000 ff06 6dfc 6456 1478  E..(./@...m.dV.x
>         0x0010:  3ecc 420a 0019 11a2 9b8e acbe 466e 6e12  >.B.........Fnn.
>         0x0020:  5010 6903 f9be 0000                      P.i.....
> 15:01:38.051355 IP ip-100-86-20-120.smtp > internet.nl 
> <http://internet.nl/>.4514: Flags [P.], seq 38:171, ack 19, win 26883, length 
> 133: SMTP: 250-smtp.semperen.com <http://250-smtp.semperen.com/>
>         0x0000:  4500 00ad 1430 4000 ff06 6d76 6456 1478  e.....@...mvdv.x
>         0x0010:  3ecc 420a 0019 11a2 9b8e acbe 466e 6e12  >.B.........Fnn.
>         0x0020:  5018 6903 fa43 0000 3235 302d 736d 7470  P.i..C..250-smtp
>         0x0030:  2e73 656d 7065 7265 6e2e 636f 6d0d 0a32  .semperen.com 
> <http://semperen.com/>..2
>         0x0040:  3530 2d53 495a 4520 3230 3030 3030 3030  50-SIZE.20000000
>         0x0050:  300d 0a32 3530 2d56 5246 590d 0a32 3530  0..250-VRFY..250
>         0x0060:  2d4e 4f4f 500d 0a32 3530 2d41 5554 4820  -NOOP..250-AUTH.
>         0x0070:  504c 4149 4e20 4c4f 4749 4e0d 0a32 3530  PLAIN.LOGIN..250
>         0x0080:  2d45 4e48 414e 4345 4453 5441 5455 5343  -ENHANCEDSTATUSC
>         0x0090:  4f44 4553 0d0a 3235 302d 3842 4954 4d49  ODES..250-8BITMI
>         0x00a0:  4d45 0d0a 3235 3020 4453 4e0d 0a         ME..250.DSN..
> 
> ---
> Eric Germann
> ekgermann(at)semperen(dot)com || ekgermann(at)gmail(dot)com
> LinkedIn: https://www.linkedin.com/in/ericgermann 
> <https://www.linkedin.com/in/ericgermann>
> Twitter: @ekgermann
> 
> GPG Fingerprint: 89ED 36B3 515A 211B 6390  60A9 E30D 9B9B 3EBF F1A1
> Telegram||Signal +1(dash)419(dash)513(dash)0712
> 
> 
> 
> 
> 
>

_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user

Re: [Assp-user] Odd behavior with STARTTLS

Reply via email to