-----Original Message----- From: dane-users-bounces@sys4.de [mailto:dane-users-bounces@sys4.de] On Behalf Of Viktor Dukhovni Sent: Wednesday, April 08, 2015 11:02 AM To: dane-users@sys4.de Subject: Re: DANE-enabled SMTP test destination?
On Wed, Apr 08, 2015 at 05:36:03PM +0000, Kevin San Diego wrote:
Does anyone know of an SMTP+DANE email reflector address where you can send test email to in order to validate proper SMTP client DANE behavior?
What do you want the "reflector" to do?
Ideally, the reflector would enable SMTP+DANE client and server validation tests. I could foresee the following functionality: - Have the several reflector sub-domains configured with various types of TLSA records on the domain MX records (PKIX-EE, DANE-TA, and DANE-EE) - Have an email address that maps to the various test domains to enable inbound testing using the various DANE validation types. - Upon successfully receiving a test message, the reflector MTA would respond to the original "From" address on the incoming mail, and provide the SMTP client cert data (if provided by the SMTP client). - When the email response is attempted, a DANE TLSA lookup for the recipient domain should be attempted. - If the "From" domain TLSA record doesn't exist for the recipient domain, or the TLSA validation fails, a message would be sent stating what the failure was. - If the "From" TLSA record exists and validation succeeds, a success message is sent to the client.
Sincerely,
Kevin San Diego