Closed MASHtm closed 2 years ago
philpennock
commented
2 years ago That's an informational message; there are multiple names which can be tried. RFC 7672 specifies that the "unexpanded input domain" is a candidate name and it's one of the things looked for. It's really a fallback given the secure MX records though.
This should report the hostname which did succeed though, to be clearer that another hostname did work. Also, the program exit status is always meaningful.
philpennock
commented
2 years ago Before:
[zidmx2.univie.ac.at. 2001:62a:4:25::25:101] 1 chains to TA; first length 2, is: ["zidmx2.univie.ac.at" "TERENA SSL CA 3"]
[zidmx2.univie.ac.at. 2001:62a:4:25::25:101] no valid TA chains for hostname "univie.ac.at"Here we see the hostnames tried in the correct order, but the hostname is not explicitly in the first record; the Subject.CommonName is in the list in square brackets, but that's not necessarily the hostname.
With the just-pushed commit 9bff1e8:
[zidmx1.univie.ac.at. 131.130.3.100] hostname "zidmx1.univie.ac.at." has 1 chains to TA; first length 2, is: ["zidmx1.univie.ac.at" "TERENA SSL CA 3"]
[zidmx1.univie.ac.at. 131.130.3.100] no valid TA chains for hostname "univie.ac.at"The lines are uncomfortably long, but the precision is worth it. I think.
philpennock
commented
2 years ago Closing this as "behaving as intended" -- checking all the RFC candidate names, and reporting on each, is correct for a validation tool. At least one needs to match and the ultimate success is correctly indicated.
Hi! If I call smtpdane with -mx option it seems to add the domain as hostname as well into the list of hostnames to check.
For example:
This results in
messages. Should "univie.ac.at" be tested in this setting? IMO no, or do I miss something? The same happens with "-submission(s)" and "-srv".