Add in the ISPDB ?



ISPDB Database Entries
3 years ago
3 years ago


(Reporter: Mathieu D., Unassigned)


Firefox Tracking Flags

(Not tracked)




3 years ago
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0
Build ID: 20151214004008

Steps to reproduce:

I try to connect with 'auto' setup in Firefox OS to my mail server. (

Actual results:

When I watch on Firefox WebIDE / Firefox OS 2.2 Emulator, I can see the 'email app' is making three connections : 

The last one is a 404 page.

Then, I can't connect to my mx server. (even if I enter manual settings, that works on other devices)

Expected results:

Well, two possibilities :

- answer a 200 page for URL, but my config file needs to be imported in ISPDB ?
- authorize me to connect to my imap/smtp server ?

Maybe there is also a bug in the email client on Firefox OS.
Your appear to have a few configuration errors:
- Your config is specifying a hostname of "" to use to connect for IMAP and SMTP but the IMAP certificates are not valid for "", only "" and "".
- Your IMAP chain is valid and looks like this:

Certificate chain
 0 s:/
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3

but your SMTP chain lacks the cross-signature:

depth=0 CN =
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN =
verify error:num=21:unable to verify the first certificate
verify return:1
Certificate chain
 0 s:/
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1

I would suggest:
- Updating your autoconfig file to use the correct domain names
- Double-checking your SMTP server's configuration.

I'm going to mark this invalid because I don't think there's anything that needs to be done in the ISPDB, but I definitely appreciate your effort to self-host and use valid TLS certificates for everything!
Last Resolved: 3 years ago
Resolution: --- → INVALID

Comment 2

3 years ago
Really thanks for your fast answer !

Well, you help me a lot to understand.

Would you tell me how you do to obtain these results ?

I'm trying to see if I'm right when I'm configuring my server, but it's a bit complicated for me.

Thanks again !

And, by your explanations I understand your classification.
Sure!  I've done most of this using the little bash helper scripts I've uploaded here and that work for me on Ubuntu linux:

They're not perfect, but they can be helpful!  I run them like so:
$ validate-imaps-cert
$ validate-smtp-587-stls-cert

When I say they're not perfect, I mean things can be a bit confusing.  Like when I run "validate-imaps-cert", the last line is: "    Verify return code: 0 (ok)".  It seems like that should be failing because of a subject mismatch, but I haven't dumped the full certificate, so there could be an alt name in there for "".

I also have a tool that I wrote based on some email client logic that I've made available at to try and help me do these things.  It dumps the alt names, but it may simply not be smart enough.  (Ignore the dumb error I need to fix!)

$ node src/index.js validate imaps
- connecting to port 993
  - socket connected
  - in tlsDataReady
  - passing data through
  - in verify
  - in tlsDataReady
error?! { [TypeError: socket.close is not a function]
  send: true,
  alert: { level: 2, description: 42 },
  origin: 'client' }
  - in tlsDataReady
  - closed?!
result: { status: 'invalid-for-this-domain',
  extendedStatus: 'meh',
  validForDomains: [ '', '' ] }
  - socket ended
You need to log in before you can comment on or make changes to this bug.