Re: [dane] Client tool to check DANE records (for monitoring)

Fri, 08 Aug 2014 08:32:58 -0700 

On Fri, Aug 08, 2014 at 04:42:51PM +0200, Carsten Strotmann wrote:

> ldns-dane from the (recent version of the) ldns tool (by NLnetLabs):
> 
> % ldns-dane verify strotmann.de 443
> 91.190.147.212 dane-validated successfully
> 2001:470:1f08:f1d::2 dane-validated successfully

For SMTP, the Postfix source distribution as of 2.11 or later, includes
posttls-finger:

        http://www.postfix.org/posttls-finger.1.html

Concise:

    $ posttls-finger -c -L summary strotmann.de
    posttls-finger: Verified TLS connection established to 
mail.strotmann.de[91.190.147.212]:25: TLSv1 with cipher DHE-RSA-AES256-SHA 
(256/256 bits)

More verbose:

    $ posttls-finger strotmann.de
    posttls-finger: using DANE RR: _25._tcp.mail.strotmann.de IN TLSA 3 0 1 
2C:DD:A7:3A:FD:1D:6D:82:C7:E9:EB:8F:D4:37:C4:88:62:73:E5:2F:9A:E3:0A:BC:16:89:93:9C:5F:52:20:91
    posttls-finger: using DANE RR: _25._tcp.mail.strotmann.de IN TLSA 3 0 1 
DD:8B:57:EE:38:AF:6C:7E:70:DA:A4:1D:A8:0A:6A:17:1D:82:18:58:48:AA:7C:7A:A8:9D:31:97:BF:11:D9:0F
    posttls-finger: Connected to mail.strotmann.de[91.190.147.212]:25
    posttls-finger: < 220 csgate3.strotmann.de ESMTP Postfix
    posttls-finger: > EHLO amnesiac.example
    posttls-finger: < 250-csgate3.strotmann.de
    posttls-finger: < 250-PIPELINING
    posttls-finger: < 250-SIZE 50000000
    posttls-finger: < 250-VRFY
    posttls-finger: < 250-ETRN
    posttls-finger: < 250-STARTTLS
    posttls-finger: < 250-AUTH PLAIN LOGIN
    posttls-finger: < 250-AUTH=PLAIN LOGIN
    posttls-finger: < 250-ENHANCEDSTATUSCODES
    posttls-finger: < 250-8BITMIME
    posttls-finger: < 250 DSN
    posttls-finger: > STARTTLS
    posttls-finger: < 220 2.0.0 Ready to start TLS
    posttls-finger: mail.strotmann.de[91.190.147.212]:25: depth=0 matched end 
entity certificate sha256 digest 
2C:DD:A7:3A:FD:1D:6D:82:C7:E9:EB:8F:D4:37:C4:88:62:73:E5:2F:9A:E3:0A:BC:16:89:93:9C:5F:52:20:91
    posttls-finger: mail.strotmann.de[91.190.147.212]:25: Matched 
subjectAltName: mail.strotmann.de
    posttls-finger: mail.strotmann.de[91.190.147.212]:25: subjectAltName: 
imap.strotmann.de
    posttls-finger: mail.strotmann.de[91.190.147.212]:25: subjectAltName: 
smtp.strotmann.de
    posttls-finger: mail.strotmann.de[91.190.147.212]:25 CommonName 
mail.strotmann.de
    posttls-finger: mail.strotmann.de[91.190.147.212]:25: 
subject_CN=mail.strotmann.de, issuer_CN=CA Cert Signing Authority, 
fingerprint=B0:2C:D6:53:A4:CD:5A:85:EE:12:BB:4E:E7:36:4F:6E:D6:5A:29:E9, 
pkey_fingerprint=BF:AE:74:62:57:F2:F0:D8:CD:40:3E:3C:D9:64:13:40:B7:8D:C6:2F
    posttls-finger: Verified TLS connection established to 
mail.strotmann.de[91.190.147.212]:25: TLSv1 with cipher DHE-RSA-AES256-SHA 
(256/256 bits)
    posttls-finger: > EHLO amnesiac.example
    posttls-finger: < 250-csgate3.strotmann.de
    posttls-finger: < 250-PIPELINING
    posttls-finger: < 250-SIZE 50000000
    posttls-finger: < 250-VRFY
    posttls-finger: < 250-ETRN
    posttls-finger: < 250-AUTH PLAIN LOGIN
    posttls-finger: < 250-AUTH=PLAIN LOGIN
    posttls-finger: < 250-ENHANCEDSTATUSCODES
    posttls-finger: < 250-8BITMIME
    posttls-finger: < 250 DSN
    posttls-finger: > QUIT
    posttls-finger: < 221 2.0.0 Bye

-- 
        Viktor.

_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane

Reply via email to