Closed
Bug 1439915
Opened 7 years ago
Closed 7 years ago
Configure a client certificate (e.g. for mx2.scl3.mozilla.com (bugmail))
Categories
(bugzilla.mozilla.org :: Email Notifications, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: jan, Unassigned)
References
Details
(Keywords: nightly-community)
> Received: from smtp.mozilla.org (mx2.scl3.mozilla.com [63.245.214.156])
> (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
> (Client did not present a certificate)
> by mx.h.terrax.net (Postfix) with ESMTPS id 3zmf4s6JgYzBYT7
* A Let's Encrypt server certificate can be used as client cert.
http://www.postfix.org/postconf.5.html#smtp_tls_cert_file (e.g. fullchain.cer) + smtp_tls_key_file
* missing IPv6
* missing DKIM (can be done with Amavis)
That's how it should look like:
> Received: from mail-wr0-x248.google.com (mail-wr0-x248.google.com [IPv6:2a00:1450:400c:c0c::248])
> (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits))
> (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK))
> by modern-mx.h.terrax.net (Postfix) with ESMTPS id 3zmK0v4q5rzBWcx
My server: https://www.hardenize.com/report/ikenmeyer.eu#email
OT: Question: Are you checking TLSA/DANE records?
http://www.postfix.org/postconf.5.html#smtp_tls_security_level
|
Reporter | |
Comment 1•7 years ago
|
||
(In reply to Jan Andre Ikenmeyer [:darkspirit] from comment #0)
> mx2.scl3.mozilla.com [63.245.214.156]
An MDN doc says the scl3 datacenter closes this year. This bug report seems to have become obsolete after the AWS migration.
Assignee: infra → nobody
Status: NEW → RESOLVED
Closed: 7 years ago
Component: Infrastructure: Mail → Email Notifications
Product: Infrastructure & Operations → bugzilla.mozilla.org
QA Contact: limed
Resolution: --- → INCOMPLETE
Version: unspecified → Production
You need to log in
before you can comment on or make changes to this bug.
Description
•