Добро пожаловать, Гость. Пожалуйста авторизуйтесь здесь.
FGHIGate на GaNJa NeTWoRK ST@Ti0N - Просмотр сообщения в эхоконференции ENET.SYSOP
Введите FGHI ссылку:


Присутствуют сообщения из эхоконференции ENET.SYSOP с датами от 10 Jul 13 21:42:12 до 13 Sep 24 12:11:54, всего сообщений: 12549
Ответить на сообщение К списку сообщений Предыдущее сообщение Следующее сообщение
= Сообщение: 1935 из 12549 ====================================== ENET.SYSOP =
От   : Benny Pedersen                   2:230/0            13 Jan 15 13:34:00
Кому : All                                                 13 Jan 15 13:34:00
Тема : geeks :)
FGHI : area://ENET.SYSOP?msgid=2:230/0+54b52088
= Кодировка сообщения определена как: LATIN-1 ================================
==============================================================================
Hello All!

posttls-finger: using DANE RR: _25._tcp.fido.dk IN TLSA 3 1 1 36:EA:BC:53:3D:D8:03:9C:5A:DB:92:F8:6E:39:6B:55:4F:F9:30:5C:F5:C4:5D:8C:18:AC:81:57:6F:94:24:08
posttls-finger: Connected to fido.dk[80.162.68.54]:25
posttls-finger: < 220 duggi.junc.org ESMTP Postfix
posttls-finger: > EHLO duggi.junc.org
posttls-finger: < 250-duggi.junc.org
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-SIZE 10240000
posttls-finger: < 250-VRFY
posttls-finger: < 250-ETRN
posttls-finger: < 250-STARTTLS
posttls-finger: < 250-ENHANCEDSTATUSCODES
posttls-finger: < 250-8BITMIME
posttls-finger: < 250 DSN
posttls-finger: > STARTTLS
posttls-finger: < 220 2.0.0 Ready to start TLS
posttls-finger: fido.dk[80.162.68.54]:25: depth=0 matched end entity public-key sha256 digest=36:EA:BC:53:3D:D8:03:9C:5A:DB:92:F8:6E:39:6B:55:4F:F9:30:5C:F5:C4:5D:8C:18:AC:81:57:6F:94:24:08
posttls-finger: fido.dk[80.162.68.54]:25: subjectAltName: *.junc.org
posttls-finger: fido.dk[80.162.68.54]:25: subjectAltName: junc.org
posttls-finger: fido.dk[80.162.68.54]:25 CommonName *.junc.org
posttls-finger: fido.dk[80.162.68.54]:25: subject_CN=*.junc.org, issuer_CN=RapidSSL CA, fingerprint=16:E3:A1:F1:8B:97:23:5A:C2:3E:6B:AB:3E:19:8B:FE:DD:44:58:28, pkey_fingerprint=37:AF:C4:8D:32:86:E6:DB:A9:B9:64:F5:77:27:F8:1B:3F:C9:F8:83
posttls-finger: Verified TLS connection established to fido.dk[80.162.68.54]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
posttls-finger: > EHLO duggi.junc.org
posttls-finger: < 250-duggi.junc.org
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-SIZE 10240000
posttls-finger: < 250-VRFY
posttls-finger: < 250-ETRN
posttls-finger: < 250-ENHANCEDSTATUSCODES
posttls-finger: < 250-8BITMIME
posttls-finger: < 250 DSN
posttls-finger: > QUIT
posttls-finger: < 221 2.0.0 Bye

fido.dk is running DNSSEC with DANE, viola

save the following bash script, cert.pem is the signed pem file

   ----- make_tlsa_from_cert_pem.sh begins -----
#!/bin/sh

printf '_25._tcp.%s. IN TLSA 3 1 1 %s\n' $(uname -n) $(openssl x509 -in cert.pem -noout -pubkey | openssl pkey -pubin -outform DER | openssl dgst -sha256 -binary | hexdump -ve '/1 "%02x"')
   ----- make_tlsa_from_cert_pem.sh ends -----

make this script a one liner

add output from this script to dns

note, mx record must with dane NOT go to other domains, so the mail server ips must stay in same dns zone, else it will break dnssec

hopefully its usefull for other geeks


 Regards Benny

... there can only be one way of life, and it works :)

--- Msged/LNX 6.2.0 (Linux/3.17.7-gentoo (i686))
* Origin: duggi.junc.org where qico is waiting (2:230/0)

К главной странице гейта
Powered by NoSFeRaTU`s FGHIGate
Открытие страницы: 0.082767 секунды