Re: Testing new server

Fri, 19 Apr 2019 16:17:35 -0700 

On Fri, Apr 19, 2019 at 03:35:03PM -0700, Daniel Miller wrote:

> I've setup a new server - and it *was* working fine...but then I enabled 
> a few more settings...  I was attempting to make hardenize.com happy 
> (and I'm glad I did - it exposed some stupid mistakes on my part).

But now your server no longer responds at all after the TLS handshake
completes.  Perhaps a firewall issue?  You can ignore the certificate
verification warnings, an empty list of trusted CAs means that no
verification is expected.

    $ posttls-finger danmarkreps.com
    posttls-finger: Connected to smtp.danmarkreps.com[107.175.220.136]:25
    posttls-finger: < 220 mail.danmarkreps.com ESMTP Postfix
    posttls-finger: > EHLO amnesiac.invalid
    posttls-finger: < 250-mail.danmarkreps.com
    posttls-finger: < 250-STARTTLS
    posttls-finger: < 250-SIZE 700000000
    posttls-finger: < 250-VRFY
    posttls-finger: < 250-ENHANCEDSTATUSCODES
    posttls-finger: < 250-8BITMIME
    posttls-finger: < 250-DSN
    posttls-finger: < 250 NOOP
    posttls-finger: > STARTTLS
    posttls-finger: < 220 2.0.0 Ready to start TLS
    posttls-finger: smtp.danmarkreps.com[107.175.220.136]:25: Matched 
subjectAltName: danmarkreps.com
    posttls-finger: smtp.danmarkreps.com[107.175.220.136]:25: subjectAltName: 
host.danmarkreps.com
    posttls-finger: smtp.danmarkreps.com[107.175.220.136]:25: subjectAltName: 
imap.danmarkreps.com
    posttls-finger: smtp.danmarkreps.com[107.175.220.136]:25: subjectAltName: 
mail.danmarkreps.com
    posttls-finger: smtp.danmarkreps.com[107.175.220.136]:25: Matched 
subjectAltName: smtp.danmarkreps.com
    posttls-finger: smtp.danmarkreps.com[107.175.220.136]:25: subjectAltName: 
www.danmarkreps.com
    posttls-finger: smtp.danmarkreps.com[107.175.220.136]:25 CommonName 
danmarkreps.com
    posttls-finger: certificate verification failed for 
smtp.danmarkreps.com[107.175.220.136]:25: untrusted issuer /O=Digital Signature 
Trust Co./CN=DST Root CA X3
    posttls-finger: smtp.danmarkreps.com[107.175.220.136]:25: 
subject_CN=danmarkreps.com, issuer_CN=Let's Encrypt Authority X3, 
fingerprint=E2:D2:9F:04:A5:1B:E8:8A:EA:1C:DA:67:81:01:D4:FD:01:97:6B:33, 
pkey_fingerprint=A0:52:8A:C6:88:89:C0:C1:43:72:9D:29:D5:C2:0D:BD:5F:9B:BC:D6
    posttls-finger: Untrusted TLS connection established to 
smtp.danmarkreps.com[107.175.220.136]:25: TLSv1.3 with cipher 
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature 
RSA-PSS (2048 bits) server-digest SHA256
    posttls-finger: > EHLO amnesiac.invalid
    posttls-finger: timeout while sending EHLO
    posttls-finger: > QUIT
    posttls-finger: warning: timeout while sending QUIT command

-- 
        Viktor.

Reply via email to