On Tue, Aug 27, 2024 at 03:18:42PM +1000, Viktor Dukhovni wrote:
> Checks are also possible via:
>
> * https://www.huque.com/bin/danecheck
>
> Not a domain check, you have to explicitly check a particular MX
> host, and specify port 25.
>
> Don't forget to choose the "SMTP" radio button under "STARTTLS
> Application"
I neglected to find and post Shumon's SMTP-specific test site, that does
check all the MX hosts of a domain:
https://www.huque.com/bin/danecheck-smtp
FWIW, as with many other sites, this does not probe multi-certificate
deployments, where often multiple connections are required with
different offers of client supported TLS algorithms in order to test
both RSA and ECDSA (or some day also Ed25519 if/when that becomes
popular in EE certificates).
Automated regular tests should perform local validation, the test sites
are for occasional ad hoc sanity checks.
--
Viktor.
