serv/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2024-12-27 08:53:48 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

more logging around smtp and mtasts tls connections

Browse source 
i wondered why self-signed mtasts certs didn't result in delivery failure. it's
because it was a first-time request of the mtasts policy (clean test
container). and for that case it means mtasts should be ignored.
This commit is contained in:
Mechiel Lukkien 2023-06-04 17:55:55 +02:00
parent 5a4f35ad5f
commit c9a846d019
No known key found for this signature in database
2 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
mtastsdb/db.go
View file

@ -233,6 +233,7 @@ func Get(ctx context.Context, resolver dns.Resolver, domain dns.Domain) (policy
switch { switch {
case errors.Is(err, mtasts.ErrNoRecord) || errors.Is(err, mtasts.ErrMultipleRecords) || errors.Is(err, mtasts.ErrRecordSyntax) || errors.Is(err, mtasts.ErrNoPolicy) || errors.Is(err, mtasts.ErrPolicyFetch) || errors.Is(err, mtasts.ErrPolicySyntax): case errors.Is(err, mtasts.ErrNoRecord) || errors.Is(err, mtasts.ErrMultipleRecords) || errors.Is(err, mtasts.ErrRecordSyntax) || errors.Is(err, mtasts.ErrNoPolicy) || errors.Is(err, mtasts.ErrPolicyFetch) || errors.Is(err, mtasts.ErrPolicySyntax):
// Remote is not doing MTA-STS, continue below. ../rfc/8461:333 ../rfc/8461:574 // Remote is not doing MTA-STS, continue below. ../rfc/8461:333 ../rfc/8461:574
log.Debugx("interpreting mtasts error to mean remote is not doing mta-sts", err)
default: default:
// Interpret as temporary error, e.g. mtasts.ErrDNS, try again later. // Interpret as temporary error, e.g. mtasts.ErrDNS, try again later.
return nil, false, fmt.Errorf("lookup up mta-sts policy: %w", err) return nil, false, fmt.Errorf("lookup up mta-sts policy: %w", err)

4
smtpclient/client.go
View file

@ -509,7 +509,7 @@ func (c *Client) hello(ctx context.Context, tlsMode TLSMode, remoteHostname, aut
// Attempt TLS if remote understands STARTTLS or if caller requires it. // Attempt TLS if remote understands STARTTLS or if caller requires it.
if c.extStartTLS && tlsMode != TLSSkip || tlsMode == TLSStrict { if c.extStartTLS && tlsMode != TLSSkip || tlsMode == TLSStrict {
c.log.Debug("starting tls client") c.log.Debug("starting tls client", mlog.Field("tlsmode", tlsMode), mlog.Field("servername", remoteHostname))
c.cmds[0] = "starttls" c.cmds[0] = "starttls"
c.cmdStart = time.Now() c.cmdStart = time.Now()
c.xwritelinef("STARTTLS") c.xwritelinef("STARTTLS")
@ -556,7 +556,7 @@ func (c *Client) hello(ctx context.Context, tlsMode TLSMode, remoteHostname, aut
c.w = bufio.NewWriter(c.tw) c.w = bufio.NewWriter(c.tw)
tlsversion, ciphersuite := mox.TLSInfo(nconn) tlsversion, ciphersuite := mox.TLSInfo(nconn)
c.log.Debug("tls client handshake done", mlog.Field("tls", tlsversion), mlog.Field("ciphersuite", ciphersuite)) c.log.Debug("tls client handshake done", mlog.Field("tls", tlsversion), mlog.Field("ciphersuite", ciphersuite), mlog.Field("servername", remoteHostname), mlog.Field("insecureskipverify", tlsConfig.InsecureSkipVerify))
hello(false) hello(false)
} }