Comments (20)
mouday
commented on September 23, 2024
如果不是新版本,升级下试试;还不行的话,加我wx或者qq,单独发我一个测试的地址,我试试看。
from domain-admin.
astrowq
commented on September 23, 2024
我更新至最新1.5.22后仍然如此。
例如,监测mail.drees-email.de时,端口25会显示错误,而465没有问题。465端口默认使用ssl/tls.
from domain-admin.
mouday
commented on September 23, 2024
25端口确实不行,比如:smtp.163.com:25
465 端口是可行的, smtp.163.com:465
25端口一般不走ssl。这块应该是没有问题的。就好比https走443,http走80, http协议肯定就拿不到ssl证书。
from domain-admin.
astrowq
commented on September 23, 2024
我们自建了一个邮件发送服务,基于postal (https://github.com/postalserver/postal) 。它只能使用一个端口比如25,然后使用StartTLS,让客户端升级到tls。
我希望能在监测端口25时,额外检测一下是否支持StartTLS。如是,升级到tls再获取ssl证书信息。
另外,端口143,587和25类似,也是直接连接时不加密,但有StartTLS选项升级到tls。
from domain-admin.
astrowq
commented on September 23, 2024
Connecting to 103.129.252.92
220 163.com Anti-spam GT for Coremail System (163com[20141201]) [1941 ms]
EHLO keeper-us-east-1d.mxtoolbox.com
250-mail
250-PIPELINING
250-AUTH LOGIN PLAIN XOAUTH2
250-AUTH=LOGIN PLAIN XOAUTH2
250-coremail 1Uxr2xKj7kG0xkI17xGrU7I0s8FY2U3Uj8Cz28x1UUUUU7Ic2I0Y2UrHTTAEUCa0xDrUUUUj
250-STARTTLS
250-ID
250 8BITMIME [567 ms]
MAIL FROM:<[email protected]>
SendSMTPCommand: You hung up on us after we connected. Please whitelist us. (connection lost)
LookupServer 7641ms
如上连接smtp.163.com:25,可以看到250-STARTTLS
from domain-admin.
mouday
commented on September 23, 2024
底层使用的是socket获取SSL证书,应该不能获取TLS的证书
from domain-admin.
mouday
commented on September 23, 2024
我测试了下网易的587端口是可以的
from domain-admin.
astrowq
commented on September 23, 2024
mail.drees-email.de:587遵循的是默认不加密,如下可见250-STARTTLS
$ telnet mail.drees-email.de 587
Trying 2a0d:5941:1:672::678b...
Connected to mail.drees-email.de.
Escape character is '^]'.
220 mail.drees-email.de ESMTP Postfix (Ubuntu)
ehlo xd
250-mail.drees-email.de
250-PIPELINING
250-SIZE 102400000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
网易的smtp.163.com:587默认tls加密,可以使用openssl确认
$ openssl s_client -connect smtp.163.com:587
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = GeoTrust RSA CN CA G2
verify return:1
depth=0 C = CN, ST = zhejiang, L = hangzhou, O = "NetEase (Hangzhou) Network Co., Ltd", CN = *.163.com
verify return:1
---
Certificate chain
0 s:C = CN, ST = zhejiang, L = hangzhou, O = "NetEase (Hangzhou) Network Co., Ltd", CN = *.163.com
i:C = US, O = DigiCert Inc, CN = GeoTrust RSA CN CA G2
1 s:C = US, O = DigiCert Inc, CN = GeoTrust RSA CN CA G2
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGVjCCBT6gAwIBAgIQBMO0W3CU9LWVw1bE/jqYojANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVH
ZW9UcnVzdCBSU0EgQ04gQ0EgRzIwHhcNMjMwMzIzMDAwMDAwWhcNMjQwNDIyMjM1
OTU5WjB1MQswCQYDVQQGEwJDTjERMA8GA1UECBMIemhlamlhbmcxETAPBgNVBAcT
CGhhbmd6aG91MSwwKgYDVQQKEyNOZXRFYXNlIChIYW5nemhvdSkgTmV0d29yayBD
by4sIEx0ZDESMBAGA1UEAwwJKi4xNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAwELks0Q1Z81u1OpbGdEFE2Snm/WpLfmiC5YFj5nFrinSX+UZ
MIk42euBdjYSsWFxbljmWDdUCjstMhG8vRAjz3Nt1QniMCunHHFGujR5rSNLWYHE
vCPhfptIhqOaE/rvkWGZZr2KjTQQN0dRf8dm9Oewy8DHu95c9jW6c9AVgKWUVOni
tTOcJCnrndWjgCIPfKmKgrwaNaMnuQyy5nPIUHl/5EGzuGHrwjwlF+w+cT+Fwdix
C3msEOCwX6wzo6baDs4og2EzuPNyTp4n4UqH5aHhLePgBFboOAyJwWp3+XJNpNGw
GkU56cUUy7+AAn268EVvUNr7uQ65t2t+Ys32bQIDAQABo4IDETCCAw0wHwYDVR0j
BBgwFoAUJG+RP4mHhw4ywkAY38VM60/ISTIwHQYDVR0OBBYEFD1HyRYJ5jqkvYL7
C6TSt8/y3e7hMB0GA1UdEQQWMBSCCSouMTYzLmNvbYIHMTYzLmNvbTAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2
MDQwMqAwoC6GLGh0dHA6Ly9jcmwuZGlnaWNlcnQuY24vR2VvVHJ1c3RSU0FDTkNB
RzIuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6
Ly93d3cuZGlnaWNlcnQuY29tL0NQUzBxBggrBgEFBQcBAQRlMGMwIwYIKwYBBQUH
MAGGF2h0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNuMDwGCCsGAQUFBzAChjBodHRwOi8v
Y2FjZXJ0cy5kaWdpY2VydC5jbi9HZW9UcnVzdFJTQUNOQ0FHMi5jcnQwCQYDVR0T
BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUA7s3QZNXbGs7FXLedtM0T
ojKHRny87N7DUUhZRnEftZsAAAGHDSE15QAABAMARjBEAiBRpmsJ3F9AI8wFxqOQ
bHp+RL6F8cvNydajQ0Bqxjvd3AIgefAU/po3jBm+96dFVdbX+AG1uss67DL3VL5I
nUmVva8AdgBz2Z6JG0yWeKAgfUed5rLGHNBRXnEZKoxrgBB6wXdytQAAAYcNITZS
AAAEAwBHMEUCID/sUP12odF7uTTEyE0PjCpKo3nF7A3ba3b5wJJsZrDrAiEAxrat
W2eeZTD458LPSPrMMBb1/o6zibWXqJCQye+bVFwAdwBIsONr2qZHNA/lagL6nTDr
HFIBy1bdLIHZu7+rOdiEcwAAAYcNITYeAAAEAwBIMEYCIQCCJ2ktM1F+d1I5mQju
Tn7oDYxy3GCGyG3u/yhu8k7EaAIhANSP8cAaMQFV6y8B2tubKY5eSQtgkF3a6NNq
QJjtPnoHMA0GCSqGSIb3DQEBCwUAA4IBAQC8dK/G4nvs/SyQe/mnK+rUYIdSFs+4
lgzatmq8V/I1tBly+Sv/FPhnn4F3iCrqy9j8y202FP51ev95DGbjlJRTIFPqVAO8
ywYrLhvl1SJhV0b/8NF0Pr3dZVnK5Vfn11+LSBUg0cBB2hcVV30nv3IuVhz3d12n
P+VseYQgMpQf7ad+ttpZtA7yqHzrUm4fzr03G7q88GztACRSHoYiPbOlz99SeTgW
7bzZl1I4taxy2Q3b0ZBGfUt/kPY05tpKzKwDTbbqSErYszCt5X1RfVvf3coxF8Mo
9bHbs2wYIzQBdujDQ/hU0u6ItERer3SUItZoxaSIxdrZ9eXFwVvXsT/g
-----END CERTIFICATE-----
subject=C = CN, ST = zhejiang, L = hangzhou, O = "NetEase (Hangzhou) Network Co., Ltd", CN = *.163.com
issuer=C = US, O = DigiCert Inc, CN = GeoTrust RSA CN CA G2
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3486 bytes and written 390 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 641178729AADFAC86F1C78C4757E5B1B92A57E9AEB0E20BE74E8CB8B75E3ECAC
Session-ID-ctx:
Resumption PSK: E00CCAA1CE9208F17E745FE344DA362384510E42BCE2E6F1C1F29F949CA475652998311BE1D25F2E68C090D6C9BA2382
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 120 (seconds)
TLS session ticket:
0000 - 86 e1 33 cf c0 0a 5d 58-04 32 de b8 07 fa 85 66 ..3...]X.2.....f
0010 - 9b 19 b9 b9 78 01 d8 1d-29 0d 3f 88 66 d0 4f 95 ....x...).?.f.O.
0020 - 71 73 79 b5 5c 2e ff 51-64 17 05 67 d8 f2 33 f3 qsy.\..Qd..g..3.
0030 - ae 38 4a 3c c0 50 a0 98-0b c4 da aa 9e ba da 80 .8J<.P..........
0040 - 3b 2e ac 66 81 58 8f bb-a3 1c 7e dd e3 05 14 70 ;..f.X....~....p
0050 - ff 34 43 ae 46 eb 4e cd-64 20 db 75 29 3b 22 16 .4C.F.N.d .u);".
0060 - f2 e5 7e 45 5c f2 2d e5-51 27 09 13 b0 34 6b 34 ..~E\.-.Q'...4k4
0070 - 64 98 82 93 3a dd 4f ca-80 cb e7 93 b4 d2 76 6c d...:.O.......vl
0080 - 78 31 10 06 f0 1d 54 33-a3 9a 34 f0 17 28 f2 4e x1....T3..4..(.N
0090 - 43 56 d6 e7 1c 31 4f 8e-ee f5 fd ce ec cd c3 ab CV...1O.........
00a0 - b0 c3 36 a4 8c 94 9b 32-a1 3e 9f 1d a7 0f 6f e8 ..6....2.>....o.
00b0 - 8b 8f ba 4c 6c 8a 7e 02-d8 9b 02 cf e6 f5 50 da ...Ll.~.......P.
Start Time: 1694601498
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: ED046506767C78A09425FE1BC32F2AD276E2667EA1F1CABE7DF1823ABE145E10
Session-ID-ctx:
Resumption PSK: 3EBBED17A331CB12B6CB9ABE10BEEECA82E3E1E44FC6A475168394B6B8AE5CAA99344DC511BE0A62FD77B7D8BE2EE04D
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 120 (seconds)
TLS session ticket:
0000 - 86 e1 33 cf c0 0a 5d 58-04 32 de b8 07 fa 85 66 ..3...]X.2.....f
0010 - 99 d9 9c a8 cc 6d 2e 7e-a3 6a 99 99 17 8c 88 aa .....m.~.j......
0020 - 05 e0 f5 d8 50 af d9 ea-be 90 f6 8d c8 57 a7 3a ....P........W.:
0030 - 71 82 df 51 42 1a d4 43-bc ad c6 d1 5f 4b 8d b8 q..QB..C...._K..
0040 - 64 b0 e5 60 96 10 a9 62-2d 88 83 75 a3 a3 dd d7 d..`...b-..u....
0050 - 48 1e 07 d0 88 57 47 03-22 85 12 c8 2d 44 76 fe H....WG."...-Dv.
0060 - 89 f1 a3 e5 d9 ae 34 3f-1c d7 62 8b 87 02 f2 e7 ......4?..b.....
0070 - 4b b2 27 92 cd 1d 10 4d-d8 b5 f0 02 0d 7e c3 7f K.'....M.....~..
0080 - 76 f1 b3 6c fe 8c 01 a7-62 b6 ac 84 92 92 b1 35 v..l....b......5
0090 - 20 0c 3d 2b 46 a2 cc 55-d9 2a 8c 75 21 63 dd c8 .=+F..U.*.u!c..
00a0 - 73 8c bc f9 04 cd a2 06-62 1a 8e 18 fb 58 6c ba s.......b....Xl.
00b0 - 44 57 86 e5 e1 b8 69 08-b4 08 18 9f d2 8f 91 6b DW....i........k
Start Time: 1694601498
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
220 163.com Anti-spam GT for Coremail System (163com[20141201])
ehlo test.com
250-mail
250-PIPELINING
250-AUTH LOGIN PLAIN XOAUTH2
250-AUTH=LOGIN PLAIN XOAUTH2
250-coremail 1Uxr2xKj7kG0xkI17xGrU7I0s8FY2U3Uj8Cz28x1UUUUU7Ic2I0Y2UF2By9iUCa0xDrUUUUj
250-STARTTLS
250-ID
250 8BITMIME
mail.drees-email.de:587也可以使用openssl建立加密连接:
$ openssl s_client -connect mail.drees-email.de:587 -starttls smtp
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = drees-email.de
verify return:1
---
Certificate chain
0 s:CN = drees-email.de
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgISBHLFKZzEYaqKApJH8TG37Rp4MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzA4MDYwOTQ2MTJaFw0yMzExMDQwOTQ2MTFaMBkxFzAVBgNVBAMT
DmRyZWVzLWVtYWlsLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
qdeFaLExPTCTnomXcrSozkmKUlWnF/os399IG6bC6ELkvSEFW+ARUMF5i/ZqYSq5
a/47QEWAibbc19WEQYCvC2P2vOCgSdXHWoPXUZYEG+Yx1TkFLIsjLO9wN9t+O05J
W2VIgLs6bQrwyh5keMxXgd8umqG7ZDkgahYxhSS5c6N6tw3y29w+paPvslrkqmLJ
FlWSO6gaWQnfWs2XCK9JQSbHOqbj3L5HjtQaCI0kfmiZKEBm17sUvvzG9EwjiiG4
AzpEGvxb66cJQnW6ffHF4nW+e7WUx7UQjswgBNlKau5pAVlEfYsnxDGNL3nZnV9G
bMONaJr7+vC2odDEZ6C2vwIDAQABo4ICITCCAh0wDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1Ud
DgQWBBQ+BBLxC/Hn8ungeWbszhzGJoRFizAfBgNVHSMEGDAWgBQULrMXt1hWy65Q
CUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9y
My5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3Jn
LzArBgNVHREEJDAighAqLmRyZWVzLWVtYWlsLmRlgg5kcmVlcy1lbWFpbC5kZTAT
BgNVHSAEDDAKMAgGBmeBDAECATCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AHoy
jFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABicp0YnoAAAQDAEYwRAIg
PP9RYC14U1kv2kA3rOU8Z6sBc8vjm+OZQyPensVD8DQCIHXXFIbt+pnHMklrqHcO
3u91W4LIsUwmCA09osHipY/nAHYAtz77JN+cTbp18jnFulj0bF38Qs96nzXEnh0J
gSXttJkAAAGJynRicgAABAMARzBFAiEA/oCRcbH/nAHBDXoc6GBffczkanbIj5vp
f+gc7AiqlkMCIBtd6WzXps/gg905MyyOWj/wL8KMx6DV0/6BoRPRKgR8MA0GCSqG
SIb3DQEBCwUAA4IBAQBIUEsVojbsDugxtan7vrBFGl7ENyvZPPKxMb3Z7Zc6S2wM
axt81w/D9G223Nxs6ZohkZUbAB8L8paMqfwHvFohJBEnvqNnsdajC7AhW5XKthxZ
f1PPgtWtKshRtCK/XCKT+5zmZPSicdTZN3U6IkYHwb41Hv7iSJ2ZIjUqj0Cchcxt
fD9jXtB7i6MrrTZMJ/rc7ye2CRjmBBGYhUY66Mwm3H5miCzTO2F27TuStDz0BMp3
K9tpZjHtXdVP7tfiP1t/1B09YTkMENIPpQnlJbmXDvlcKNuFJ/0pv4CkCnznaCU4
GvohGbLS+qHxDA6jEA7PVnZDbe3zoWh22U5civLS
-----END CERTIFICATE-----
subject=CN = drees-email.de
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4759 bytes and written 430 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
250 CHUNKING
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: B7554E98DAC36298E541DBF2C52EA87D28CA04393B85EC632F924AF7A351879C
Session-ID-ctx:
Resumption PSK: 2C68198C067437373101C46AF5AA6235549FE4DEB043BCBE19EF012E9C42925CD753F5FEB2310A06E3D2771373BA2949
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - e1 40 bc f2 3f 17 84 fe-cc 87 25 29 9c bb b0 e0 .@..?.....%)....
0010 - 4b bb 91 bd d0 e3 17 df-26 9a 88 90 7f 4c 22 06 K.......&....L".
0020 - fd e0 7f 7c 3b 47 ea 14-44 87 39 8e 03 15 e4 d6 ...|;G..D.9.....
0030 - 9b 4b 3b 3d cb 17 7e d8-da 13 82 fc b0 d3 6e 76 .K;=..~.......nv
0040 - dd 44 a8 4f 29 dc c8 c3-a8 f4 af 7c 17 dc 86 cf .D.O)......|....
0050 - d0 d8 bb f1 6e 82 0c 06-36 60 01 88 82 dc ea ce ....n...6`......
0060 - 3e dd 24 6b ab 1b 5c 26-42 c5 22 0a fd ed 20 9b >.$k..\&B."... .
0070 - 04 c3 ff c3 d3 fd 4f f0-c3 76 6e 81 b5 35 a8 9d ......O..vn..5..
0080 - e4 5d 79 f5 32 a8 4a 15-f0 6a 8b ab ae f6 05 09 .]y.2.J..j......
0090 - ae 0d a0 24 d1 8e 4f 5b-f3 df cb d9 95 bf 46 f7 ...$..O[......F.
00a0 - c8 db f4 e0 0b cb 1d 19-4f 5a 22 ac d6 92 b4 dc ........OZ".....
00b0 - 53 08 10 76 27 d3 f9 0d-eb 41 d5 34 24 62 6c 38 S..v'....A.4$bl8
00c0 - 0b 69 54 ce 22 96 ec 73-b1 17 73 b1 f5 b6 21 7f .iT."..s..s...!.
00d0 - 87 19 7d 48 71 87 e6 d5-c5 e3 99 17 da b0 24 53 ..}Hq.........$S
00e0 - c0 0d a3 b3 c0 d8 54 8d-7f e7 c5 74 08 13 74 56 ......T....t..tV
Start Time: 1694602016
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
ehlo test.com
250-mail.drees-email.de
250-PIPELINING
250-SIZE 102400000
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
from domain-admin.
astrowq
commented on September 23, 2024
import socket, ssl
hostname = 'mail.drees-email.de'
port = 25
context = ssl.create_default_context()
with socket.create_connection((hostname, port)) as sock:
sock.recv(1000)
sock.send(b'EHLO\nSTARTTLS\n')
sock.recv(1000)
with context.wrap_socket(sock, server_hostname=hostname) as sslsock:
der_cert = sslsock.getpeercert(True)
https://stackoverflow.com/a/62695088/12848987
我运行了一下,是可以得到证书的
from domain-admin.
mouday
commented on September 23, 2024
收到,我研究下怎么加入系统
from domain-admin.
mouday
commented on September 23, 2024
我对25端口做了临时处理,暂时还没发布新版本
from domain-admin.
mouday
commented on September 23, 2024
v1.5.24已发布,增加了加密方式选项,25端口很奇怪,本地可以了,阿里云访问超时
阿里云
本地
from domain-admin.
astrowq
commented on September 23, 2024
我升级后测试了一下,587端口可以使用startTLS正常监测,但是25不行,不知道为什么
访问超时有可能是端口被封了,几乎所有的厂商都默认封这个端口。
from domain-admin.
astrowq
commented on September 23, 2024
如果我在容器内运行openssl s_client -connect mail.drees-email.de:25 -starttls smtp,可以正常加密连接。
from domain-admin.
mouday
commented on September 23, 2024
我又测试了下,
openssl s_client -connect mail.drees-email.de:25 -starttls smtp华为云可以获取,阿里云不行,一直卡着不动
from domain-admin.
mouday
commented on September 23, 2024
华为云
from domain-admin.
astrowq
commented on September 23, 2024
mail.drees-email.de:25 在我的服务器上又可以了。但是smtp.163.com:25就不行。另尝试过其他一些,有的可以,有的不行。
from domain-admin.
astrowq
commented on September 23, 2024
成功:
- mail1.canodus.be
- mail.grapheneos.org
- mail.fixmeister.nl
失败:
- mx-in.g.apple.com
- aspmx.l.google.com
- mx1001.wikimedia.org
from domain-admin.
mouday
commented on September 23, 2024
smtp.163.com:25 应该是没有开ssl,所以是正常的
from domain-admin.
astrowq
commented on September 23, 2024
163.com的MX记录事实上是163mx03.mxmail.netease.com之类,见https://www.nslookup.io/domains/163.com/dns-records/
可以用 https://www.checktls.com/TestReceiver 在线测试一下163.com
[000.000] Trying TLS on 163mx01.mxmail.netease.com[103.129.252.82:25] (10)
[000.259] Server answered
[000.945] <‑‑ 220 163.com Anti-spam GT for Coremail System (163com[20141201])
[000.946] We are allowed to connect
[000.946] ‑‑> EHLO www12-azure.checktls.com
[001.203] <‑‑ 250-mail
250-PIPELINING
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-coremail 1Uxr2xKj7kG0xkI17xGrU7I0s8FY2U3Uj8Cz28x1UUUUU7Ic2I0Y2UruBbsyUCa0xDrUUUUj
250-STARTTLS
250-SIZE 73400320
250 8BITMIME
[001.204] We can use this server
[001.204] TLS is an option on this server
[001.204] ‑‑> STARTTLS
[001.461] <‑‑ 220 Ready to start TLS
[001.461] STARTTLS command works on this server
[001.735] Connection converted to SSL
SSLVersion in use: TLSv1_3
Cipher in use: TLS_AES_256_GCM_SHA384
Perfect Forward Secrecy: yes
Session Algorithm in use: Curve X25519 DHE(253 bits)
Certificate #1 of 3 (sent by MX):
Cert VALIDATED: ok
Cert Hostname DOES NOT VERIFY (163mx01.mxmail.netease.com != *.163.com | DNS:*.163.com | DNS:163.com)
(see RFC-2818 section 3.1 paragraph 4 for info on wildcard ("*") matching)
So email is encrypted but the host is not verified
Not Valid Before: Mar 23 00:00:00 2023 GMT
Not Valid After: Apr 22 23:59:59 2024 GMT
subject: /C=CN/ST=zhejiang/L=hangzhou/O=NetEase (Hangzhou) Network Co., Ltd/CN=*.163.com
issuer: /C=US/O=DigiCert Inc/CN=GeoTrust RSA CN CA G2
Certificate #2 of 3 (sent by MX):
Cert VALIDATED: ok
Not Valid Before: Mar 4 12:04:40 2020 GMT
Not Valid After: Mar 4 12:04:40 2030 GMT
subject: /C=US/O=DigiCert Inc/CN=GeoTrust RSA CN CA G2
issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
Certificate #3 of 3 (added from CA Root Store):
Cert VALIDATED: ok
Not Valid Before: Nov 10 00:00:00 2006 GMT
Not Valid After: Nov 10 00:00:00 2031 GMT
subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
[002.894] ~~> EHLO www12-azure.checktls.com
[003.151] <~~ 250-mail
250-PIPELINING
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-coremail 1Uxr2xKj7kG0xkI17xGrU7I0s8FY2U3Uj8Cz28x1UUUUU7Ic2I0Y2UFcBzclUCa0xDrUUUUj
250-STARTTLS
250-SIZE 73400320
250 8BITMIME
[003.151] TLS successfully started on this server
[003.152] warning: STARTTLS after second EHLO (see RFC3207 #4.2)
[003.152] ~~> MAIL FROM:<[email protected]>
[003.799] <~~ 250 Mail OK
[003.800] Sender is OK
[003.800] ~~> QUIT
[004.058] <~~ 221 Bye
但是监测163mx03.mxmail.netease.com:25是失败的;也可以在上面网站修改mx host至smtp.163.com,可以得到类似结果。
可惜没有可以查看的log,不清楚到底哪里出错。
from domain-admin.
Related Issues (20)
- 通知修改建议 HOT 4
- docker客户端在申请ssl证书时不支持ftp部署方式吗? HOT 1
- 希望可以自动部署到远程URL HOT 2
- 通过api获取域名证书列表,无法获取非443端口的域名证书 HOT 2
- [Feature request] Deploy hook integration
- 通配符证书剩余0天 HOT 4
- HelloGitHub 徽章计划 HOT 1
- 证书申请能否添加对ZeroSSL的acme支持 HOT 1
- 【建议】域名监控页面增加域名状态 HOT 3
- 内网通知Webhook消息无法发送 HOT 4
- 证书申请时用户自选密钥算法 HOT 4
- 【功能请求】增加CDN和宝塔Nginx自动部署 HOT 1
- 【功能请求】增加域名备案查询接口支持 HOT 3
- 最新版docker部署后打开页面时会卡在favicon.ico 30秒 HOT 3
- 域名查询信息有误 HOT 3
- .pro 的域名好像获取不到域名解析信息 HOT 2
- 那里能拿到前端源代码 HOT 1
- 使用 k8s 部署失败 HOT 4
- 企业微信通知提示isJson is not defined HOT 12
- 1.6.30 Docker版本邮件、企业微信推送问题
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from domain-admin.