On 04/04/14 20:14, Ron Leach wrote: > On 04/04/2014 02:06, Scott Ferguson wrote: >> >> Your mail setup is a little, um, odd; *no* TLS configured or SPF >> records, and other [...] >> > > Sorry to go off-topic but, since I'm in the process of setting up a new > domain and mailserver, could I ask how you 'knew' or were able to 'see' > that a mailserver has 'no TLS configured'?
stunnel, gnutls-cli, and other tools will do the job. > > On a new installation, I've set mx records, and have SPF records which > pass the SPF test. I'd hadn't understood how or where to make TLS > visible, other than simply letting the MTA use TLS whenever it could, > and it would be visible on the initial SMTP connection. > > Did you mean there is a setting in the DNS records intended for TLS > reception or preference? (The server isn't handling any mail, yet, in > part because I haven't cracked certificate signing, which I'm also > learning about.) I just wondered how you detected that a server wasn't > configured for TLS. $ openssl s_client -CApath /etc/ssl/certs/ -starttls smtp -connect mail.example.com:25 CONNECTED(00000003) didn't found starttls in server response, try anyway... 3074561672:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:766: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 190 bytes and written 355 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- > > regards, Ron > > Kind regards -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/533e8c84.8060...@gmail.com
