Btw. If MTA-STS fails one won't get any report from MS at all (google is sending them in disregard to your MTA-STS policy). So one has to fix the MTA-STS problem first to see the failed connections from MS. I'd say, that is kind of useless because I get the reports when the problems are solved.
Regards Norbert -----Ursprüngliche Nachricht----- Von: mailop <mailop-boun...@mailop.org> Im Auftrag von Mechiel Lukkien via mailop Gesendet: Sonntag, 17. November 2024 22:42 An: mailop@mailop.org Betreff: Re: [mailop] SMTP TLS Reports for forged senders. > Microsoft is sending TLS reports reporting DANE and MTA-STS connections. > They seem to test and report both of 'em so the count is more or less > doubled. If you get 10 connections they report 20 connections (10 for MTA-STS > and 10 for DANE). TLS reporting is about the policies found, and how many connections were (un)successful against them. If you verify both DANE and MTA-STS, you will find both policies and you'll have two verification results for each connection. So I wouldn't say they are reporting the connections twice. I recently received "validation failures" in TLS reports from Microsoft. The failures were only counting towards the MTA-STS policy, not towards the DANE policy, even though the problem appears to be with a TLS stack incompatibility (with the Go TLS stack). TLS reporting is about MTA-STS and/or DANE verification. So other kinds of TLS errors will probably be reported differently based on implementations (and possibly with not-quite-correct failure codes). Another quirk, the Microsoft DANE TLS reporting implementation seems to double-JSON-encode the TLSA records. Example with two TLSA records: "policy": { "policy-type": "tlsa", "policy-string": [ "[\"3 1 1 5C046FF012891B5F0D6176024C5C25FF486A7C12B8000FDF8B418AB3ECF6D309\",\"3 1 1 CEC87FB33D2A7499CA78E824E59B77531AC1FDEC7378FC81FCE7E5D213A364AB\"]" ], "policy-domain": "ueber.net" }, Cheers, Mechiel _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop