AW: AW: transport map with TLS policies?

Fri, 27 May 2022 05:46:44 -0700 

Couldn´t run the python script due to postfix in docker, but can run 
postfix-finger domain - but this tells me what I already knew and wrote in my 
first mail. The certificate is not trusted and thus verify as default does not 
work, and it doesn´t look like postfix-finger evaluates tls policies at all. 
Does it?
Best Regards, Joachim

-----Ursprüngliche Nachricht-----
Von: owner-postfix-us...@postfix.org <> Im Auftrag von Byung-Hee HWANG
Gesendet: Friday, 27 May 2022 14:11
An: postfix-users@postfix.org
Betreff: Re: AW: transport map with TLS policies?

Hellow Joachim,

"Joachim Lindenberg" <postfix-us...@lindenberg.one> writes:

> Hello Byung-Hee,
> I do have all of the following in my TLS policy: 
> domain                may
> mx.domain             may
> [mx.domain]:25                may
> and it doesn´t work for me.

Well you could check that your server is 'good' or 'not good' with this:
<https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/ct.py>

Above code require only FQDN, not domain. Default port is '25'.
Example result:

#+BEGIN_SRC text (shell command output)
soyeomul@penguin:~$ ./ct.py yw-1204.doraji.xyz
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify 
return:1
depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1
depth=0 CN = yw-1204.doraji.xyz
verify return:1
250 CHUNKING
DONE
notBefore=May 24 02:00:00 2022 GMT
notAfter=Aug 22 01:59:59 2022 GMT
^^^
posttls-finger: yw-1204.doraji.xyz[185.17.255.72]:25: Matched subjectAltName: 
yw-1204.doraji.xyz
posttls-finger: yw-1204.doraji.xyz[185.17.255.72]:25 CommonName 
yw-1204.doraji.xyz
posttls-finger: yw-1204.doraji.xyz[185.17.255.72]:25: 
subject_CN=yw-1204.doraji.xyz, issuer_CN=R3, 
fingerprint=9E:48:5B:F2:D9:70:40:C3:52:7A:C6:8B:1E:79:8D:9B:4A:E1:1A:0B:8D:0D:67:DF:A3:55:58:20:DE:76:6D:24,
 
pkey_fingerprint=98:02:56:7B:09:51:9A:EB:A7:94:B1:B9:A0:52:FC:64:33:CD:EE:39:C4:03:4D:4C:B3:74:5B:FB:87:6D:77:93
posttls-finger: Verified TLS connection established to 
yw-1204.doraji.xyz[185.17.255.72]:25: TLSv1.3 with cipher 
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature 
RSA-PSS (2048 bits) server-digest SHA256 soyeomul@penguin:~$ #+END_SRC


Sincerely, Linux fan Byung-Hee

-- 
^고맙습니다 _地平天成_ 감사합니다_^))//

Reply via email to