Package: swaks
Version: 20240103.0-1
Severity: normal
eg. connecting to an SSMTPA on port 465:
swaks -a -tlsc --server submission.example.com --to mich...@example.com
Successfully connects on port 465, negotiates SSL, but then bombs out
complaining that STARTTLS is not advertised (names changed to protect the
innocent):
=== Trying submission.example.com:465...
=== Connected to submission.example.com.
=== TLS started with cipher TLSv1.3:TLS_AES_256_GCM_SHA384:256
=== TLS client certificate not requested and not sent
=== TLS no client certificate set
=== TLS peer[0] subject=[/CN=*.example.com]
=== commonName=[*.example.com],
subjectAltName=[DNS:*.example.com, DNS:example.com]
notAfter=[2024-11-12T02:14:49Z]
=== TLS peer[1] subject=[/C=US/O=Let's Encrypt/CN=R10]
=== commonName=[R10], subjectAltName=[]
notAfter=[2027-03-12T23:59:59Z]
=== TLS peer certificate passed CA verification, passed host verification
(using host submission.example.com to verify)
<~ 220 mailfish.example.com ESMTP
~> EHLO joyola
<~ 250-mailfish.example.com
<~ 250-PIPELINING
<~ 250-SIZE 50720000
<~ 250-ETRN
<~ 250-AUTH LOGIN PLAIN
<~ 250-AUTH=LOGIN PLAIN
<~ 250-ENHANCEDSTATUSCODES
<~ 250-8BITMIME
<~ 250-DSN
<~ 250-SMTPUTF8
<~ 250 CHUNKING
*** Host did not advertise STARTTLS
~> QUIT
<~ 221 2.0.0 Bye
=== Connection closed with remote host.
I think --tls-on-connect should imply something similar to --tls-optional (I
would argue that advertising STARTTLS here would actually be a configuration
error).
Versions of packages swaks depends on:
ii perl 5.38.2-5
Versions of packages swaks recommends:
ii libio-socket-inet6-perl 2.73-1
pn libnet-dns-perl <none>
ii libnet-ssleay-perl 1.94-1+b1
Versions of packages swaks suggests:
pn libauthen-ntlm-perl <none>
ii libauthen-sasl-perl 2.1600-3
ii perl-doc 5.38.2-5
-- debconf-show failed
-MD
--
-----------------------------------------------------------------------------
Michael Deegan Hugaholic https://www.deegan.id.au/
------------------------ Jung, zr jbeel? ----------------------------------
