Closed
Bug 1232819
Opened 9 years ago
Closed 9 years ago
Add dartic.fr in the ISPDB ?
Categories
(Webtools :: ISPDB Database Entries, defect)
Webtools
ISPDB Database Entries
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: mathieu, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0 Build ID: 20151214004008 Steps to reproduce: I try to connect with 'auto' setup in Firefox OS to my mail server. (dartic.fr) Actual results: When I watch on Firefox WebIDE / Firefox OS 2.2 Emulator, I can see the 'email app' is making three connections : - https://autoconfig.dartic.fr/mail/config-v1.1.xml?emailaddress=mathieu@dartic.fr - https://dartic.fr/.well-known/autoconfig/mail/config-v1.1.xml?emailaddress=mathieu@dartic.fr - https://autoconfig.thunderbird.net/v1.1/dartic.fr The last one is a 404 page. Then, I can't connect to my mx server. (even if I enter manual settings, that works on other devices) Expected results: Well, two possibilities : - answer a 200 page for URL https://autoconfig.thunderbird.net/v1.1/dartic.fr, but my config file needs to be imported in ISPDB ? - authorize me to connect to my imap/smtp server ? Maybe there is also a bug in the email client on Firefox OS.
Comment 1•9 years ago
|
||
Your appear to have a few configuration errors: - Your config is specifying a hostname of "dartic.fr" to use to connect for IMAP and SMTP but the IMAP certificates are not valid for "dartic.fr", only "smtp.dartic.fr" and "imap.dartic.fr". - Your IMAP chain is valid and looks like this: Certificate chain 0 s:/CN=smtp.dartic.fr i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 but your SMTP chain lacks the cross-signature: CONNECTED(00000003) depth=0 CN = smtp.dartic.fr verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = smtp.dartic.fr verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/CN=smtp.dartic.fr i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1 --- I would suggest: - Updating your autoconfig file to use the correct domain names - Double-checking your SMTP server's configuration. I'm going to mark this invalid because I don't think there's anything that needs to be done in the ISPDB, but I definitely appreciate your effort to self-host and use valid TLS certificates for everything!
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
Reporter | ||
Comment 2•9 years ago
|
||
Really thanks for your fast answer ! Well, you help me a lot to understand. Would you tell me how you do to obtain these results ? I'm trying to see if I'm right when I'm configuring my server, but it's a bit complicated for me. Thanks again ! And, by your explanations I understand your classification.
Comment 3•9 years ago
|
||
Sure! I've done most of this using the little bash helper scripts I've uploaded here and that work for me on Ubuntu linux: https://gist.github.com/asutherland/9b1516a0ddf2c94d0aa7 They're not perfect, but they can be helpful! I run them like so: $ validate-imaps-cert dartic.fr $ validate-smtp-587-stls-cert dartic.fr When I say they're not perfect, I mean things can be a bit confusing. Like when I run "validate-imaps-cert dartic.fr", the last line is: " Verify return code: 0 (ok)". It seems like that should be failing because of a subject mismatch, but I haven't dumped the full certificate, so there could be an alt name in there for "dartic.fr". I also have a tool that I wrote based on some whiteout.io email client logic that I've made available at https://github.com/asutherland/mail-config-dig to try and help me do these things. It dumps the alt names, but it may simply not be smart enough. (Ignore the dumb error I need to fix!) Ex: $ node src/index.js validate dartic.fr imaps - connecting to dartic.fr port 993 - socket connected - in tlsDataReady - passing data through - in verify - in tlsDataReady error?! { [TypeError: socket.close is not a function] send: true, alert: { level: 2, description: 42 }, origin: 'client' } - in tlsDataReady - closed?! result: { status: 'invalid-for-this-domain', extendedStatus: 'meh', validForDomains: [ 'smtp.dartic.fr', 'imap.dartic.fr' ] } - socket ended
You need to log in
before you can comment on or make changes to this bug.
Description
•