Folks,
If you have Golang 1.8 (or newer) installed, my "smtpdane" tool might be of interest.
mkdir ~/go go get go.pennock.tech/smtpdane
There's a README.md with invoking hints, etc. Current git hosting has this visible at:
https://github.com/PennockTech/smtpdane
I'll repeat the warning at the top of the README.md:
} EARLY ALPHA SOFTWARE } } THIS HAS NOT YET BEEN TESTED TO CONFIRM IT FAILS WHEN IT SHOULD, } AGAINST BAD CERTIFICATES OR DNS
So yes, I need to create a test suite still, instead of relying upon ad-hoc testing against various servers. That said, while I wouldn't yet rely upon the tool for monitoring or assurance, it's useful for taking a look.
Also: Go 1.8 is a very recent release; please do check version. This is not a frivolous requirement on my part: Go 1.8 introduced the hooks into the TLS certificate verification logic which I need to splice DANE logic in there. The code should "cleanly" fail to build with an obvious error message if an older toolchain is used.
At present, smtpdane still relies upon a validating DNS resolver, instead of validating DNSSEC itself. For use as a monitoring component, I'd like to remove that dependency.
smtpdane -help smtpdane -mx spodhuis.org
Every MX host, every IP, connected to in parallel and success reported.
Feedback welcome. There's a TODO of things I know still need to be done.
Thanks, -Phil
Teilnehmer (1)
-
Phil Pennock