Skip to Content.
Sympa Menu

cacert-de - Re: SMTP on test.cacert.org

Subject: Deutschsprachige CAcert Support Liste

List archive

Re: SMTP on test.cacert.org


Chronological Thread 
  • From: Bernhard Fröhlich <bernhard AT cacert.org>
  • To: cacert-de AT lists.cacert.org, Wytze van der Raay <wytze AT cacert.org>, dirk astrath <dastrath AT gmx.de>
  • Cc: dirk astrath <dirk AT cacert.org>, "critical-admin AT cacert.org" <critical-admin AT cacert.org>
  • Subject: Re: SMTP on test.cacert.org
  • Date: Thu, 24 Jan 2019 20:11:42 +0100

Hi Wytze,

it looks like we are both somewhat wrong...

I made a test and noticed that on test.cacert.org the command "netcat mail.convey.de 25" returns "220 test.cacert.org ESMTP Postfix (Debian/GNU)", which is a bit strange, because I'd expect "220 mailsrv.convey.de ESMTP". At least that's what I get when I try it at home...

So you are right that the firewall does not block SMTP, but it seems do redirect the connection to the local mailserver. Alas I'm right that this poses a problem when testing the bugfix. :-)

For the secure ports (587 and 465) the connection times out, so I guess that they indeed are blocked.

Or do I overlook something else?

Kind regards
Ted
;)

P.S.: I already found out the really clever setup of postfix, but I did not know that it was Mario's doing...

Am 24.01.2019 um 12:05 schrieb Wytze van der Raay:

Hi Ted,

On 1/24/19 10:17 AM, Bernhard Fröhlich wrote:
...
The second problem is that it looks like test.cacert.org is not allowed to
open SMTP connections into the internet by the firewall. While I consider this
very sensible under normal circumstances, it obviously prevents testing of
this bugfix.

Jan, I guess you could change the firewall. Is there an option to temporarily
allow SMTP connections? Something like a web interface where you can allow the
"pass" rule for 4 hours or so?
Or am I wrong, and is this not a firewall problem at all?
You are wrong indeed. The firewall does allow outgoing SMTP connections
from test.cacert.org, so the email address verification procedure in the
CAcert application is fully testable with this server. You are probably
misled by the fact that the test server is configured to not actually send
out e-mail into the live internet, but instead collects all such e-mail
in a local mailnbox /var/mail/cacertmail, which can be inspected via the
test manager. This is a clever design (thanks to Mario Lipinski I think)
that gives us the best of two worlds.

Regards,
-- wytze

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature




Archive powered by MHonArc 2.6.18.

Top of Page