On Wed, Apr 08, 2015 at 05:36:03PM +0000, Kevin San Diego wrote:
Does anyone know of an SMTP+DANE email reflector address where you can send test email to in order to validate proper SMTP client DANE behavior?
What do you want the "reflector" to do? The "sink@dane.sys4.de" address will accept email, and your Postfix logs for a probe DSN report will show whether TLS verification for that domain succeeded.
$ sendmail -f postfix-users@dukhovni.org -bv sink@dane.sys4.de Mail Delivery Status Report will be mailed to postfix-users@dukhovni.org.
The attached DSN report shows the message queue-id, and the logs (find my "collate" perl script in the list archives) show.
Apr 8 17:47:22 mournblade postfix/pickup[25416]: 96F7F283034: uid=1034 from=postfix-users@dukhovni.org Apr 8 17:47:22 mournblade postfix/cleanup[24430]: 96F7F283034: message-id=20150408174722.96F7F283034@mournblade.imrryr.org Apr 8 17:47:22 mournblade postfix/qmgr[8720]: 96F7F283034: from=postfix-users@dukhovni.org, size=302, nrcpt=1 (queue active) Apr 8 17:47:25 mournblade postfix/smtp[9856]: Verified TLS connection established to dane.sys4.de[194.126.158.134]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Apr 8 17:47:25 mournblade postfix/smtp[9856]: 96F7F283034: to=sink@dane.sys4.de, relay=dane.sys4.de[194.126.158.134]:25, delay=2.8, delays=0.04/0.02/2.7/0.14, dsn=2.1.5, status=deliverable (250 2.1.5 Ok) Apr 8 17:47:25 mournblade postfix/bounce[26846]: 96F7F283034: sender delivery status notification: 84EBC283035 Apr 8 17:47:25 mournblade postfix/qmgr[8720]: 96F7F283034: removed
This was "Verified" so DANE worked as expected. Don't know of any SMTP domains with deliberately broken TLSA records for test purposes that should fail.
I don't think I should publish any of the (short) list of domains that are broken through negligence as appropriate targets of public tests.