Validating an SMTP server
Hoggins!
fuckspam at wheres5.com
Mon Sep 7 18:26:45 CEST 2015
Le 07/09/2015 18:02, Viktor Dukhovni a écrit :
>> > I'm trying to validate my DANE records against my SMTP server, but I'm
>> > facing something that I cannot understand, because I believe I'm lacking
>> > some details about the validation failure : I'm trying to validate
>> > smtp.hoggins.fr. It gives me an error on the validator
>> > (https://dane.sys4.de/smtp/smtp.hoggins.fr), but I don't know what I
>> > need to change about that.
>> >
>> > Is there a way to be more verbose about the validation failure ? Maybe
>> > some client-side checking I can do manually ?
> The MX host for a domain is required by DNS standards to not be a
> CNAME alias.
>
> hoggins.fr. IN MX 1 smtp.hoggins.fr.
> smtp.hoggins.fr. CNAME mailer.hoggins.fr.
> mailer.hoggins.fr. A 5.196.52.52
>
> The validator tries to be more strict than some MTAs, because there
> may be other MTAs for which CNAMEs in MX records are not valid.
> Change your MX hostname to "mailer.hoggins.fr" or make "smtp" be an
> "A" record with the same IP addresses as "mail", rather than an
> alias.
>
> Once you do that, the mail server's TLSA records are fine:
>
> smtp.hoggins.fr. IN CNAME mailer.hoggins.fr. ; NOERROR AD=1
> mailer.hoggins.fr. IN NOTMX 0 smtp.hoggins.fr. ; NOERROR AD=1
> _25._tcp.mailer.hoggins.fr. IN TLSA 3 1 2 05460499a59db40f0015caffef33eecb6e6121ee35afd87ee4daf88d3f9d0946a2af16db33ba3fb964d15b8a9018ec6b87e54a4aaa804cd31b20f62026d2314e ; passed
>
> The alias may be exposing a minor bug in the web interface, which
> may be querying for success with "smtp.hoggins.fr", but the ultimate
> DANE verification is of "mailer.hoggins.fr".
>
> Avoid aliases in email domain names and MX hosts.
Will do, thanks !
Hoggins!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://mail.sys4.de/cgi-bin/mailman/private/dane-users/attachments/20150907/2301d31d/attachment.pgp>
More information about the dane-users
mailing list