-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 That's while i use openssl:
> :~$ openssl s_client -starttls smtp -crlf -connect > 88.198.107.18:25 CONNECTED(00000003) depth=0 C = DE, ST = Berlin, L > = Berlin, O = Frozenstar Communications, OU = SMTP, CN = > smtp.frozenstar.info, emailAddress = admin[at]frozenstar.info > verify error:num=18:self signed certificate verify return:1 depth=0 > C = DE, ST = Berlin, L = Berlin, O = Frozenstar Communications, OU > = SMTP, CN = smtp.frozenstar.info, emailAddress = > admin[at]frozenstar.info verify return:1 --- Certificate chain 0 > s:/C=DE/ST=Berlin/L=Berlin/O=Frozenstar > Communications/OU=SMTP/CN=smtp.frozenstar.info/emailAddress=admin[at]f rozenstar.info > > i:/C=DE/ST=Berlin/L=Berlin/O=Frozenstar Communications/OU=SMTP/CN=smtp.frozenstar.info/emailAddress=admin[at]fro zenstar.info > --- Server certificate -----BEGIN CERTIFICATE----- > MIIGIzCCBAugAwIBAgIJAPV+AisgHuWIMA0GCSqGSIb3DQEBBQUAMIGnMQswCQYD > VQQGEwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xIjAgBgNV > WjCBpzELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVy > bGluMSIwIAYDVQQKDBlGcm96ZW5zdGFyIENvbW11bmljYXRpb25zMQ0wCwYDVQQL > DARTTVRQMR0wGwYDVQQDDBRzbXRwLmZyb3plbnN0YXIuaW5mbzEkMCIGCSqGSIb3 > DQEJARYVYWRtaW5AZnJvemVuc3Rhci5pbmZvMIICIjANBgkqhkiG9w0BAQEFAAOC > 5arrfxBqFmGC7oaKftdlek5d+7VHwN9/CBkMXncPLKGm/x6x/zWMOrXXeCOoqBl+ > 73yH0exuNAeTRKR6L/PAf4peIZVxCrlc2c9defUOhUeiMqHIVkXWFR+4iwlSSDEF > wIIeLu/3xy5vr1dPAEqvpcRH/LzvF6KFJTT7EWzdMSwWWvxHHmUoFFQbI44ionrd > BLW22easVlWo2KSRCWUBR2QHCKI2E718ikoQ92saOmM2B4V2+QsD -----END > CERTIFICATE----- subject=/C=DE/ST=Berlin/L=Berlin/O=Frozenstar > Communications/OU=SMTP/CN=smtp.frozenstar.info/emailAddress=admin[at]f rozenstar.info > > issuer=/C=DE/ST=Berlin/L=Berlin/O=Frozenstar Communications/OU=SMTP/CN=smtp.frozenstar.info/emailAddress=admin[at]fro zenstar.info > --- No client certificate CA names sent --- SSL handshake has read > 2706 bytes and written 466 bytes --- New, TLSv1/SSLv3, Cipher is > ECDHE-RSA-AES256-GCM-SHA384 Server public key is 4096 bit Secure > Renegotiation IS supported Compression: NONE Expansion: NONE > SSL-Session: Protocol : TLSv1.2 Cipher : > ECDHE-RSA-AES256-GCM-SHA384 Session-ID: > DE1240991CE9AA59F9337E80106A4365343E4C76FB371E4BD9CD53B98D2A1BB0 > Session-ID-ctx: Master-Key: > 55B8C0826A345F5BF08D9740D35305ED2C9699A03ED2B9C9B99620745B6742FD163CAB 0E0A7D8B9A80616FECBC9D3F71 > > Key-Arg : None > PSK identity: None PSK identity hint: None SRP username: None TLS > session ticket lifetime hint: 3600 (seconds) TLS session ticket: > 0000 - fd 8a bb 58 ce bb 59 5b-d8 34 d6 73 69 2e bb db > ...X..Y[.4.si... 0010 - ab 9f f7 84 36 ef 4c f8-62 35 3f 4e 81 30 > 78 da ....6.L.b5?N.0x. 0020 - 43 fa 3a a1 a9 29 03 c1-1e dd cf 85 > 91 8a b0 ac C.:..).......... 0030 - 09 62 93 b7 0f b8 eb e0-cc 4f > 09 6c 1a 31 73 5b .b.......O.l.1s[ > 0080 - ce 11 1b c0 1e 16 ae cb-5a 74 87 cd f2 74 f7 b7 > ........Zt...t.. 0090 - 0f 23 8a b1 4a ec 52 05-9f 08 79 7d a7 b2 > 4c 43 .#..J.R...y}..LC > > Start Time: 1429367076 Timeout : 300 (sec) Verify return code: 18 > (self signed certificate) --- 250 DSN This is insted by telnet: > :~$ telnet smtp.frozenstar.info 25Trying 88.198.107.18... Connected > to smtp.frozenstar.info. Escape character is '^]'. 220 > smtp.frozenstar.info ESMTP Postfix ehlo frozenstar.info > 250-smtp.frozenstar.info 250-PIPELINING 250-SIZE 10240000 250-ETRN > 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN AUTH is NOT on the list and logs say: > postfix/smtpd[27162]: warning: hostname riseup.net does not resolve > to address 199.58.81.144: Name or service not known Apr 18 16:26:51 > www postfix/smtpd[27162]: connect from unknown[199.58.81.144] Apr > 18 16:26:53 www postfix/smtpd[27162]: Anonymous TLS connection > established from unknown[199.58.81.144]: TLSv1.2 with cipher > ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) Apr 18 16:26:53 www > dovecot: auth-worker(27188): mysql(127.0.0.1): Connected to > database mailserver Apr 18 16:26:55 www postfix/smtpd[27162]: > warning: unknown[199.58.81.144]: SASL PLAIN authentication failed: > Apr 18 16:27:02 www postfix/smtpd[27162]: warning: > unknown[199.58.81.144]: SASL LOGIN authentication failed: > UGFzc3dvcmQ6 Connection to mysql seems to work but not the authentication Regards On 18/04/2015 16:02, Danny Horne wrote: > > > On 18/04/2015 2:08 pm, Krzs wrote: >> SMTPD does starttls >> >>> 220 2.0.0 Ready to start TLS > > 'Ready to start TLS' isn't the same as a running TLS connection, > you've shown no evidence of the key negotiation (if that's what > it's called) required to create the encrypted connection, and I > don't believe you can do this from a telnet session anyway. > > This site helped me understand the process - > > https://qmail.jms1.net/test-auth.shtml > - -- Key fingerprint = EB67 3CA1 6C61 EACE B705 4EC3 A28D E2DD 4C47 A4D9 -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVMmvJAAoJEKKN4t1MR6TZrZ4P/2fecQbA5Vr71+GX/xY7TYqO twT3qXgzpcuutxcSkXRCR1c/GilZCTOsYwywvgLJN3J+Y6ArG3l/XEXki5zYsbYw Inl4OhcIIo2B5hxkhK1cQcln1x7igQlxAyAvVdEUFHvVQDVE/ezbqaEUmcbY37hg 2gn+119fgd4vEtPTssKINnyolXFNEut8cZDTNS0u/99h+6urEk3VQx3z9faTNhI3 prT1IY+EnlTxtGTsqLyS/oPzfqxPOXB+/KjTmKC3EdnSUzCD+tKhHnmgm06GdsnB prmdOIRlwXsvc2qUvVgXRBMWZEC/j4lPElJHnSWak5LcIfJRgHWDBEdgKt0RV7UD 8OCtP4L9aSbQIXnzStXUDq94nr39acsaaJOmIbqXNX5NRg9Nl0fRQhW9MymNs1ki 7KuKZ/VnqqQTy92vuf0n6CZ25zhGgNNgOkoLQp2+mor4wRkGinixUbHH9KG8jCyy 81HKEExsUghXh1wqmlgDO91N36eWmekguwq85B1stcpTSVasOwKu6Tabm87iNdBt OzGa7t54FC4gkDT8EwqFlSmcdvsSoFeoYG1kw//pTtF6ndggBVX3tJW6fBh1FzJL gA2pON9iEuazs8zxFW2GQON69n7y17JtfHj3Oh8MfYJrjY0VID/XciEVtR/3jqO3 dTmpweibJpWMN8MsCi0F =ODOk -----END PGP SIGNATURE-----
