> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On
> Behalf Of Viktor Dukhovni
> Sent: Wednesday, April 08, 2015 11:02 AM
> To: [email protected]
> Subject: Re: DANE-enabled SMTP test destination?
>
> On Wed, Apr 08, 2015 at 05:36:03PM +0000, Kevin San Diego wrote:
>
> > Does anyone know of an SMTP+DANE email reflector address where you can
> > send test email to in order to validate proper SMTP client DANE behavior?
>
> What do you want the "reflector" to do?
Ideally, the reflector would enable SMTP+DANE client and server validation
tests. I could foresee the following functionality:
- Have the several reflector sub-domains configured with various types of TLSA
records on the domain MX records (PKIX-EE, DANE-TA, and DANE-EE)
- Have an email address that maps to the various test domains to enable inbound
testing using the various DANE validation types.
- Upon successfully receiving a test message, the reflector MTA would respond
to the original "From" address on the incoming mail, and provide the SMTP
client cert data (if provided by the SMTP client).
- When the email response is attempted, a DANE TLSA lookup for the recipient
domain should be attempted.
- If the "From" domain TLSA record doesn't exist for the recipient
domain, or the TLSA validation fails, a message would be sent stating what the
failure was.
- If the "From" TLSA record exists and validation succeeds, a success
message is sent to the client.
Sincerely,
Kevin San Diego
