On Mon, Dec 15, 2025 at 03:24:07AM +0100, Thomas Bohl wrote:
> To bad that OpenBSD's "openssl s_client" doesn't have the -bind option or I
> would have asked for the output of
>
> openssl s_client -connect blackblock.22decembre.eu:10027 -bind
> [2603:c026:306:9211::300]
Can't you use /usr/bin/nc instead now, since you've switched the listener to
smtps?
> That is a clear text connection only. Try
>
> listen on $ip6 port 10027 smtps \
^^^^^
> hostname blackblock.22decembre.eu \
> pki blackblock
# nc -cv blackblock.22decembre.eu 10027
The -s and -p options allow to select source address and port.
> I assume you block connections to 10027 from the internet? Because I tried and
> can't connect.
I also tested just now, and see no response from port 10027 on either IPv6 or
IPv4. Connection to port 25 succeeds. But the OP says in another mail that
10027 has now been opened to the internet for debugging, so I was expecting to
get a connection. Maybe it was just opened temporarily?
Separately, I wonder if there any filewall rules on the relay host that
prevent an outgoing connection based on UID or GID. That would explain why
connecting as an arbitrary user works, but smtpd fails.
