Re: [dane] making ietf.org eat the DANE dogfood

Thu, 23 May 2013 08:26:16 -0700 

On Tue, May 21, 2013 at 10:52:32PM +0000, Viktor Dukhovni wrote:

>     posttls-finger: Connected to mail.ietf.org[2001:1890:123a::1:1e]:25
>     posttls-finger: < 220 ietfa.amsl.com ESMTP Postfix
>     posttls-finger: > EHLO amnesiac.local
>     posttls-finger: < 250-ietfa.amsl.com
>     posttls-finger: < 250-PIPELINING
>     posttls-finger: < 250-SIZE 67108864
>     posttls-finger: < 250-ETRN
>     posttls-finger: < 250-AUTH LOGIN PLAIN
>     posttls-finger: < 250-AUTH=LOGIN PLAIN
>     posttls-finger: < 250-ENHANCEDSTATUSCODES
>     posttls-finger: < 250-8BITMIME
>     posttls-finger: < 250 DSN
>     posttls-finger: > QUIT
>     posttls-finger: < 221 2.0.0 Bye
> 
> For some reason this MX host supports SASL (more suitable for an
> MSA, where one would also want TLS for PLAIN or LOGIN), but not
> TLS which is appropriate for an inbound MX.

FWIW, AMS (aka amsl.com) are no strangers to SMTP + STARTTLS:

    $ posttls-finger amsl.com
    posttls-finger: Connected to mail.amsl.com[64.170.98.20]:25
    posttls-finger: < 220 c8a.amsl.com ESMTP Postfix
    posttls-finger: > EHLO amnesiac.localhost
    posttls-finger: < 250-c8a.amsl.com
    posttls-finger: < 250-PIPELINING
    posttls-finger: < 250-SIZE 67108864
    posttls-finger: < 250-ETRN
    posttls-finger: < 250-STARTTLS
    posttls-finger: < 250-AUTH PLAIN LOGIN
    posttls-finger: < 250-AUTH=PLAIN LOGIN
    posttls-finger: < 250-ENHANCEDSTATUSCODES
    posttls-finger: < 250-8BITMIME
    posttls-finger: < 250 DSN
    posttls-finger: > STARTTLS
    posttls-finger: < 220 2.0.0 Ready to start TLS
    posttls-finger: mail.amsl.com[64.170.98.20]:25 CommonName smtp.amsl.com
    posttls-finger: certificate verification failed for 
mail.amsl.com[64.170.98.20]:25: self-signed certificate
    posttls-finger: mail.amsl.com[64.170.98.20]:25: subject_CN=smtp.amsl.com, 
issuer_CN=smtp.amsl.com, 
fingerprint=A8:39:D3:5D:90:65:96:D4:BB:DB:0A:E5:F9:C8:0E:14:99:15:7D:6C, 
pkey_fingerprint=0F:E2:FB:2F:A6:AA:69:3B:B6:4A:A3:40:6B:FD:2D:09:95:03:74:38
    posttls-finger: Untrusted TLS connection established to 
mail.amsl.com[64.170.98.20]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 
(256/256 bits)
    posttls-finger: > EHLO amnesiac.localhost
    posttls-finger: < 250-c8a.amsl.com
    posttls-finger: < 250-PIPELINING
    posttls-finger: < 250-SIZE 67108864
    posttls-finger: < 250-ETRN
    posttls-finger: < 250-AUTH PLAIN LOGIN
    posttls-finger: < 250-AUTH=PLAIN LOGIN
    posttls-finger: < 250-ENHANCEDSTATUSCODES
    posttls-finger: < 250-8BITMIME
    posttls-finger: < 250 DSN
    posttls-finger: > QUIT
    posttls-finger: < 221 2.0.0 Bye

-- 
        Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane

Reply via email to