Closed Bug 1232819 Opened 9 years ago Closed 9 years ago

Add dartic.fr in the ISPDB ?

Categories

(Webtools :: ISPDB Database Entries, defect)

Product:
Webtools
Component:
ISPDB Database Entries
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: mathieu, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0
Build ID: 20151214004008

Steps to reproduce:

I try to connect with 'auto' setup in Firefox OS to my mail server. (dartic.fr)


Actual results:

When I watch on Firefox WebIDE / Firefox OS 2.2 Emulator, I can see the 'email app' is making three connections : 
- https://autoconfig.dartic.fr/mail/config-v1.1.xml?emailaddress=mathieu@dartic.fr
- https://dartic.fr/.well-known/autoconfig/mail/config-v1.1.xml?emailaddress=mathieu@dartic.fr
- https://autoconfig.thunderbird.net/v1.1/dartic.fr

The last one is a 404 page.

Then, I can't connect to my mx server. (even if I enter manual settings, that works on other devices)


Expected results:

Well, two possibilities :

- answer a 200 page for URL https://autoconfig.thunderbird.net/v1.1/dartic.fr, but my config file needs to be imported in ISPDB ?
- authorize me to connect to my imap/smtp server ?

Maybe there is also a bug in the email client on Firefox OS.
Your appear to have a few configuration errors:
- Your config is specifying a hostname of "dartic.fr" to use to connect for IMAP and SMTP but the IMAP certificates are not valid for "dartic.fr", only "smtp.dartic.fr" and "imap.dartic.fr".
- Your IMAP chain is valid and looks like this:

Certificate chain
 0 s:/CN=smtp.dartic.fr
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3

but your SMTP chain lacks the cross-signature:

CONNECTED(00000003)
depth=0 CN = smtp.dartic.fr
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = smtp.dartic.fr
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/CN=smtp.dartic.fr
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1
---


I would suggest:
- Updating your autoconfig file to use the correct domain names
- Double-checking your SMTP server's configuration.

I'm going to mark this invalid because I don't think there's anything that needs to be done in the ISPDB, but I definitely appreciate your effort to self-host and use valid TLS certificates for everything!
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
Really thanks for your fast answer !

Well, you help me a lot to understand.

Would you tell me how you do to obtain these results ?

I'm trying to see if I'm right when I'm configuring my server, but it's a bit complicated for me.

Thanks again !

And, by your explanations I understand your classification.
Sure!  I've done most of this using the little bash helper scripts I've uploaded here and that work for me on Ubuntu linux:
https://gist.github.com/asutherland/9b1516a0ddf2c94d0aa7

They're not perfect, but they can be helpful!  I run them like so:
$ validate-imaps-cert dartic.fr
$ validate-smtp-587-stls-cert dartic.fr

When I say they're not perfect, I mean things can be a bit confusing.  Like when I run "validate-imaps-cert dartic.fr", the last line is: "    Verify return code: 0 (ok)".  It seems like that should be failing because of a subject mismatch, but I haven't dumped the full certificate, so there could be an alt name in there for "dartic.fr".

I also have a tool that I wrote based on some whiteout.io email client logic that I've made available at https://github.com/asutherland/mail-config-dig to try and help me do these things.  It dumps the alt names, but it may simply not be smart enough.  (Ignore the dumb error I need to fix!)

Ex:
$ node src/index.js validate dartic.fr imaps
- connecting to dartic.fr port 993
  - socket connected
  - in tlsDataReady
  - passing data through
  - in verify
  - in tlsDataReady
error?! { [TypeError: socket.close is not a function]
  send: true,
  alert: { level: 2, description: 42 },
  origin: 'client' }
  - in tlsDataReady
  - closed?!
result: { status: 'invalid-for-this-domain',
  extendedStatus: 'meh',
  validForDomains: [ 'smtp.dartic.fr', 'imap.dartic.fr' ] }
  - socket ended
You need to log in before you can comment on or make changes to this bug.