smtpdane testing tool (early alpha)
Phil Pennock
dane-users-phil at spodhuis.org
Sat Feb 25 06:05:15 CET 2017
Folks,
If you have Golang 1.8 (or newer) installed, my "smtpdane" tool might be
of interest.
mkdir ~/go
go get go.pennock.tech/smtpdane
There's a README.md with invoking hints, etc. Current git hosting has
this visible at:
https://github.com/PennockTech/smtpdane
I'll repeat the warning at the top of the README.md:
} EARLY ALPHA SOFTWARE
}
} THIS HAS NOT YET BEEN TESTED TO CONFIRM IT FAILS WHEN IT SHOULD,
} AGAINST BAD CERTIFICATES OR DNS
So yes, I need to create a test suite still, instead of relying upon
ad-hoc testing against various servers. That said, while I wouldn't yet
rely upon the tool for monitoring or assurance, it's useful for taking a
look.
Also: Go 1.8 is a very recent release; please do check version.
This is not a frivolous requirement on my part: Go 1.8 introduced the
hooks into the TLS certificate verification logic which I need to splice
DANE logic in there. The code should "cleanly" fail to build with an
obvious error message if an older toolchain is used.
At present, smtpdane still relies upon a validating DNS resolver,
instead of validating DNSSEC itself. For use as a monitoring component,
I'd like to remove that dependency.
smtpdane -help
smtpdane -mx spodhuis.org
Every MX host, every IP, connected to in parallel and success reported.
Feedback welcome. There's a TODO of things I know still need to be
done.
Thanks,
-Phil
More information about the dane-users
mailing list