And reviving a really old thread... Just FYI, I posted this on perpass, realized I should have updated DANE too...
AMS had lost one of their sysadmins a while back-- they have hired a replacement, and are still planning on doing STARTTLS and DANE. The new person started recently and it takes some time to get up to speed / figure out where the skeletons are buried. Their "current estimate is that we will be able to address it directly following London, rather than before." I'm sure we are all somewhat frustrated at the delays (it *should* be a simple change), but I can understand them not wanting to make changes before the meeting / before the new person is fully up to speed. I'll push them after the meeting ends... W On Thu, May 23, 2013 at 11:26 AM, Viktor Dukhovni <[email protected]> wrote: > On Tue, May 21, 2013 at 10:52:32PM +0000, Viktor Dukhovni wrote: > >> posttls-finger: Connected to mail.ietf.org[2001:1890:123a::1:1e]:25 >> posttls-finger: < 220 ietfa.amsl.com ESMTP Postfix >> posttls-finger: > EHLO amnesiac.local >> posttls-finger: < 250-ietfa.amsl.com >> posttls-finger: < 250-PIPELINING >> posttls-finger: < 250-SIZE 67108864 >> posttls-finger: < 250-ETRN >> posttls-finger: < 250-AUTH LOGIN PLAIN >> posttls-finger: < 250-AUTH=LOGIN PLAIN >> posttls-finger: < 250-ENHANCEDSTATUSCODES >> posttls-finger: < 250-8BITMIME >> posttls-finger: < 250 DSN >> posttls-finger: > QUIT >> posttls-finger: < 221 2.0.0 Bye >> >> For some reason this MX host supports SASL (more suitable for an >> MSA, where one would also want TLS for PLAIN or LOGIN), but not >> TLS which is appropriate for an inbound MX. > > FWIW, AMS (aka amsl.com) are no strangers to SMTP + STARTTLS: > > $ posttls-finger amsl.com > posttls-finger: Connected to mail.amsl.com[64.170.98.20]:25 > posttls-finger: < 220 c8a.amsl.com ESMTP Postfix > posttls-finger: > EHLO amnesiac.localhost > posttls-finger: < 250-c8a.amsl.com > posttls-finger: < 250-PIPELINING > posttls-finger: < 250-SIZE 67108864 > posttls-finger: < 250-ETRN > posttls-finger: < 250-STARTTLS > posttls-finger: < 250-AUTH PLAIN LOGIN > posttls-finger: < 250-AUTH=PLAIN LOGIN > posttls-finger: < 250-ENHANCEDSTATUSCODES > posttls-finger: < 250-8BITMIME > posttls-finger: < 250 DSN > posttls-finger: > STARTTLS > posttls-finger: < 220 2.0.0 Ready to start TLS > posttls-finger: mail.amsl.com[64.170.98.20]:25 CommonName smtp.amsl.com > posttls-finger: certificate verification failed for > mail.amsl.com[64.170.98.20]:25: self-signed certificate > posttls-finger: mail.amsl.com[64.170.98.20]:25: subject_CN=smtp.amsl.com, > issuer_CN=smtp.amsl.com, > fingerprint=A8:39:D3:5D:90:65:96:D4:BB:DB:0A:E5:F9:C8:0E:14:99:15:7D:6C, > pkey_fingerprint=0F:E2:FB:2F:A6:AA:69:3B:B6:4A:A3:40:6B:FD:2D:09:95:03:74:38 > posttls-finger: Untrusted TLS connection established to > mail.amsl.com[64.170.98.20]:25: TLSv1.2 with cipher > ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) > posttls-finger: > EHLO amnesiac.localhost > posttls-finger: < 250-c8a.amsl.com > posttls-finger: < 250-PIPELINING > posttls-finger: < 250-SIZE 67108864 > posttls-finger: < 250-ETRN > posttls-finger: < 250-AUTH PLAIN LOGIN > posttls-finger: < 250-AUTH=PLAIN LOGIN > posttls-finger: < 250-ENHANCEDSTATUSCODES > posttls-finger: < 250-8BITMIME > posttls-finger: < 250 DSN > posttls-finger: > QUIT > posttls-finger: < 221 2.0.0 Bye > > -- > Viktor. > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane > _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
