On Mon, Aug 19, 2024 at 11:33:14AM +0200, Renaud Allard wrote:
> > so I reinstalled the locally built older one for now
>
> It would have surprised me if it was rfc1413 requests, but that was
> something to test.
>
> Does it also do the same error if you just connect with "openssl s_client
> -starttls smtp -connect localhost:25"?
but if I supply the hostname I get
[Mon Aug 19 11:41:55] peter@skapet:~/website$ doas openssl s_client -starttls
smtp -connect skapet.bsdly.net:25
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = E5
verify return:1
depth=0 CN = bsdly.net
verify return:1
---
Certificate chain
0 s:/CN=bsdly.net
i:/C=US/O=Let's Encrypt/CN=E5
1 s:/C=US/O=Let's Encrypt/CN=E5
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEsTCCBDagAwIBAgISAzKboy1DprBUxQN2J3Dtt0ShMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NTAeFw0yNDA4MDQxMDEzNDNaFw0yNDExMDIxMDEzNDJaMBQxEjAQBgNVBAMTCWJz
ZGx5Lm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABKyZlBG2mdYrPbDla0bbF99D
lxK9tDo9CDuEPJpAPn0nhvZwIiXY7aHKPf2RU6nt3heHybsqzu0AitgmjYnbQfA/
f4HfRSk1H/xcjEpBndMJW45qs9X54V0lU3gv7zMVIKOCAyswggMnMA4GA1UdDwEB
/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
BAIwADAdBgNVHQ4EFgQU5xvFKZJ7Vcds1ph7vibnrGabeOkwHwYDVR0jBBgwFoAU
nytfzzwhT50Et+0rLMTGcIvS1w0wVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzAB
hhVodHRwOi8vZTUuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNS5p
LmxlbmNyLm9yZy8wggExBgNVHREEggEoMIIBJIILKi5ic2RseS5jb22CCiouYnNk
bHkuZXWCCyouYnNkbHkubmV0ggoqLmJzZGx5Lm5vggsqLmJzZGx5Lm9yZ4IKKi5i
c2RseS5zZYIMKi5laHRyaWIuY29tggsqLmVodHJpYi5ub4IMKi5laHRyaWIub3Jn
ggoqLmxmamEub3Jngg0qLm54ZG9tYWluLm5vgg0qLnhlbm9maWwub3Jngglic2Rs
eS5jb22CCGJzZGx5LmV1gglic2RseS5uZXSCCGJzZGx5Lm5vgglic2RseS5vcmeC
CGJzZGx5LnNlggplaHRyaWIuY29tggllaHRyaWIubm+CCmVodHJpYi5vcmeCCGxm
amEub3JnggtueGRvbWFpbi5ub4ILeGVub2ZpbC5vcmcwEwYDVR0gBAwwCjAIBgZn
gQwBAgEwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgA/F0tP1yJHWJQdZRyEvg0S
7ZA3fx+FauvBvyiF7PhkbgAAAZEdFwRKAAAEAwBHMEUCIQCGFx32mNLdQXwXGsvH
UocQ1dzQPbHxrahWPYlLghsOCgIgW2m0mn/POq+2/5bPaIEH02p+6VP1p3nw5o71
ySwGF58AdwDuzdBk1dsazsVct520zROiModGfLzs3sNRSFlGcR+1mwAAAZEdFwRH
AAAEAwBIMEYCIQDWM8JOuTkF9bI5vpJXguI+HuAwkDkzRHTxFffUOl6W2AIhALtS
wHG8M+M1k2HTwTJEReOsSy3Jkh0UPCliWW8bJy4OMAoGCCqGSM49BAMDA2kAMGYC
MQDlOEJjbYcJhrHASUoq/xSTQ2vOBtnC4Oa/co/4RRFV0JOrMi0x3d8Yf1BnyRBu
gUkCMQDpAF/26Mvlmf6IxD5St1fcJtev8vXSQ8JAej3DBEky8TwekAhlO3KDb5fX
pkTeRGQ=
-----END CERTIFICATE-----
subject=/CN=bsdly.net
issuer=/C=US/O=Let's Encrypt/CN=E5
---
No client certificate CA names sent
Server Temp Key: ECDH, X25519, 253 bits
---
SSL handshake has read 3025 bytes and written 417 bytes
---
New, TLSv1/SSLv3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 384 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1724060528
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
250 HELP
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
