mirror of
https://github.com/mjl-/mox.git
synced 2024-12-26 00:13:47 +03:00
more logging around smtp and mtasts tls connections
i wondered why self-signed mtasts certs didn't result in delivery failure. it's because it was a first-time request of the mtasts policy (clean test container). and for that case it means mtasts should be ignored.
This commit is contained in:
parent
5a4f35ad5f
commit
c9a846d019
2 changed files with 3 additions and 2 deletions
|
@ -233,6 +233,7 @@ func Get(ctx context.Context, resolver dns.Resolver, domain dns.Domain) (policy
|
|||
switch {
|
||||
case errors.Is(err, mtasts.ErrNoRecord) || errors.Is(err, mtasts.ErrMultipleRecords) || errors.Is(err, mtasts.ErrRecordSyntax) || errors.Is(err, mtasts.ErrNoPolicy) || errors.Is(err, mtasts.ErrPolicyFetch) || errors.Is(err, mtasts.ErrPolicySyntax):
|
||||
// Remote is not doing MTA-STS, continue below. ../rfc/8461:333 ../rfc/8461:574
|
||||
log.Debugx("interpreting mtasts error to mean remote is not doing mta-sts", err)
|
||||
default:
|
||||
// Interpret as temporary error, e.g. mtasts.ErrDNS, try again later.
|
||||
return nil, false, fmt.Errorf("lookup up mta-sts policy: %w", err)
|
||||
|
|
|
@ -509,7 +509,7 @@ func (c *Client) hello(ctx context.Context, tlsMode TLSMode, remoteHostname, aut
|
|||
|
||||
// Attempt TLS if remote understands STARTTLS or if caller requires it.
|
||||
if c.extStartTLS && tlsMode != TLSSkip || tlsMode == TLSStrict {
|
||||
c.log.Debug("starting tls client")
|
||||
c.log.Debug("starting tls client", mlog.Field("tlsmode", tlsMode), mlog.Field("servername", remoteHostname))
|
||||
c.cmds[0] = "starttls"
|
||||
c.cmdStart = time.Now()
|
||||
c.xwritelinef("STARTTLS")
|
||||
|
@ -556,7 +556,7 @@ func (c *Client) hello(ctx context.Context, tlsMode TLSMode, remoteHostname, aut
|
|||
c.w = bufio.NewWriter(c.tw)
|
||||
|
||||
tlsversion, ciphersuite := mox.TLSInfo(nconn)
|
||||
c.log.Debug("tls client handshake done", mlog.Field("tls", tlsversion), mlog.Field("ciphersuite", ciphersuite))
|
||||
c.log.Debug("tls client handshake done", mlog.Field("tls", tlsversion), mlog.Field("ciphersuite", ciphersuite), mlog.Field("servername", remoteHostname), mlog.Field("insecureskipverify", tlsConfig.InsecureSkipVerify))
|
||||
|
||||
hello(false)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue