On Tue, Jul 11, 2023 at 07:01:07PM +0200, Paul Menzel wrote: > Am 11.07.23 um 18:48 schrieb Benny Pedersen: > > Paul Menzel skrev den 2023-07-11 13:35: > > >> Validating the SMTP DANE setup of, it results in success but the > >> details show two untrusted certificates: > >> > >> mx2.molgen.mpg.de (141.14.17.10) [1]: > >> > >> 3, 1, 2 7aad43a0fdff3445[...]49cd4a23db83374c - certificate not > >> trusted: (27) > >> > >> molgen.mpg.de (a1241.mx.srv.dfn.de, 194.95.232.62) > >> > >> 3, 0, 1 c613b846076b5503[...]539e7ac79a3f13e9 - certificate not > >> trusted: (27) > >> > >> It’d be great if you pointed me into the direction, how to get more > >> details for these issues. > > > > # posttls-finger dane.sys4.de > > ... > > https://dane.sys4.de is the Web SMTP DANE validator.
Feel free to ignore distracting/irrelevant follow up comments. The code behind https://dane.sys4.de is *a* SMTP DANE validator, but and though still useful, is no longer necessarily deserving of being called *the* SMTP DANE validator. It is not actively maintained, and is now a bit dated. If you're willing to settle for data that is up to ~24 hours old, and your domain is covered by the DANE survey at https://stats.dnssec-tools.org/ look there first. Then if you think you've fixed the reported issues, and want a real-time sanity check (don't want to wait for the next run), look at dane.sys4.de. Presently survey runs start shortly after 16:00 UTC and complete shortly after 20:00 UTC (each survey run performs ~100 million DNS queries, and makes around 20k SMTP connections. -- Viktor.
