diff --git a/mtastsdb/db.go b/mtastsdb/db.go index d649b60..efd9835 100644 --- a/mtastsdb/db.go +++ b/mtastsdb/db.go @@ -233,6 +233,7 @@ func Get(ctx context.Context, resolver dns.Resolver, domain dns.Domain) (policy switch { case errors.Is(err, mtasts.ErrNoRecord) || errors.Is(err, mtasts.ErrMultipleRecords) || errors.Is(err, mtasts.ErrRecordSyntax) || errors.Is(err, mtasts.ErrNoPolicy) || errors.Is(err, mtasts.ErrPolicyFetch) || errors.Is(err, mtasts.ErrPolicySyntax): // Remote is not doing MTA-STS, continue below. ../rfc/8461:333 ../rfc/8461:574 + log.Debugx("interpreting mtasts error to mean remote is not doing mta-sts", err) default: // Interpret as temporary error, e.g. mtasts.ErrDNS, try again later. return nil, false, fmt.Errorf("lookup up mta-sts policy: %w", err) diff --git a/smtpclient/client.go b/smtpclient/client.go index 271c713..acbab04 100644 --- a/smtpclient/client.go +++ b/smtpclient/client.go @@ -509,7 +509,7 @@ func (c *Client) hello(ctx context.Context, tlsMode TLSMode, remoteHostname, aut // Attempt TLS if remote understands STARTTLS or if caller requires it. if c.extStartTLS && tlsMode != TLSSkip || tlsMode == TLSStrict { - c.log.Debug("starting tls client") + c.log.Debug("starting tls client", mlog.Field("tlsmode", tlsMode), mlog.Field("servername", remoteHostname)) c.cmds[0] = "starttls" c.cmdStart = time.Now() c.xwritelinef("STARTTLS") @@ -556,7 +556,7 @@ func (c *Client) hello(ctx context.Context, tlsMode TLSMode, remoteHostname, aut c.w = bufio.NewWriter(c.tw) tlsversion, ciphersuite := mox.TLSInfo(nconn) - c.log.Debug("tls client handshake done", mlog.Field("tls", tlsversion), mlog.Field("ciphersuite", ciphersuite)) + c.log.Debug("tls client handshake done", mlog.Field("tls", tlsversion), mlog.Field("ciphersuite", ciphersuite), mlog.Field("servername", remoteHostname), mlog.Field("insecureskipverify", tlsConfig.InsecureSkipVerify)) hello(false) }