Hellow Joachim, "Joachim Lindenberg" <postfix-us...@lindenberg.one> writes:
> Hello Byung-Hee, > I do have all of the following in my TLS policy: > domain may > mx.domain may > [mx.domain]:25 may > and it doesn´t work for me. Well you could check that your server is 'good' or 'not good' with this: <https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/ct.py> Above code require only FQDN, not domain. Default port is '25'. Example result: #+BEGIN_SRC text (shell command output) soyeomul@penguin:~$ ./ct.py yw-1204.doraji.xyz depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = yw-1204.doraji.xyz verify return:1 250 CHUNKING DONE notBefore=May 24 02:00:00 2022 GMT notAfter=Aug 22 01:59:59 2022 GMT ^^^ posttls-finger: yw-1204.doraji.xyz[185.17.255.72]:25: Matched subjectAltName: yw-1204.doraji.xyz posttls-finger: yw-1204.doraji.xyz[185.17.255.72]:25 CommonName yw-1204.doraji.xyz posttls-finger: yw-1204.doraji.xyz[185.17.255.72]:25: subject_CN=yw-1204.doraji.xyz, issuer_CN=R3, fingerprint=9E:48:5B:F2:D9:70:40:C3:52:7A:C6:8B:1E:79:8D:9B:4A:E1:1A:0B:8D:0D:67:DF:A3:55:58:20:DE:76:6D:24, pkey_fingerprint=98:02:56:7B:09:51:9A:EB:A7:94:B1:B9:A0:52:FC:64:33:CD:EE:39:C4:03:4D:4C:B3:74:5B:FB:87:6D:77:93 posttls-finger: Verified TLS connection established to yw-1204.doraji.xyz[185.17.255.72]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 soyeomul@penguin:~$ #+END_SRC Sincerely, Linux fan Byung-Hee -- ^고맙습니다 _地平天成_ 감사합니다_^))//
