It's a residential IP behind nat, that wouldn't surprise me too much. But my server in Iceland doesn't share, and we've seen it can send emails to your servers without issue.
Also found a problem, when using the X2 root certificate, the chrome browser of the Android mobile phone cannot be used to access quic
if use x1-x2-e1 chain, then quic websit can work.
Maybe I solved the google mailing problem, use the x1 certificate to cross link.
https://aykevl.nl/apps/mta-sts/
MTA-STS validator does not recognize certificate
Summary
Result for: xiaoyu.net
MTA-STS
Error: make sure the MTA-STS DNS record, the policy file and the mail servers are all set up correctly.
SMTP-TLSRPT
Everything is set up correctly! You should receive reports on noc@xiaoyu.net, as soon as mail senders start sending them.
Details
MTA-STS TXT record
Policy: v=STSv1; id=20220428232300;
SMTP-TLSRPT TXT record
Policy: v=TLSRPTv1; rua=mailto:noc@xiaoyu.net
Policy file
Policy: https://mta-sts.xiaoyu.net/.well-known/mta-sts.txt
Error: SSL error while connecting to the HTTPS server: CERTIFICATE_VERIFY_FAILED.
Certificate check
Note: No valid policy found so can't test MX servers.
mx1.xiaoyu.net (10)
Error: Certificate validation has failed. Check whether you're using a correct CA-issued certificate in the mail server.
mx2.xiaoyu.net (10)
Error: Certificate validation has failed. Check whether you're using a correct CA-issued certificate in the mail server.
us.xiaoyu.net (10)
Error: Certificate validation has failed. Check whether you're using a correct CA-issued certificate in the mail server.
mx.xiaoyu.net (20)
Error: Certificate validation has failed. Check whether you're using a correct CA-issued certificate in the mail server.
DANE [experimental]
Domain: xiaoyu.net
MTA: mx1.xiaoyu.net
3 1 1 e53da907eccb[...]aeb0d41a17c5
Could not verify certificate: connection to the SMTP server failed.
MTA: mx2.xiaoyu.net
3 1 1 e53da907eccb[...]aeb0d41a17c5
Could not verify certificate: connection to the SMTP server failed.
MTA: us.xiaoyu.net
3 1 1 e53da907eccb[...]aeb0d41a17c5
Could not verify certificate: connection to the SMTP server failed.
MTA: mx.xiaoyu.net
3 1 1 e53da907eccb[...]aeb0d41a17c5
Could not verify certificate: connection to the SMTP server failed.
Is this a valid entry:
mx: *.xiaoyu.net
1 Like
I'm not sure I understand Rudy: as a value for a MX record or do you mean to have a wildcard RR to have a MX record with a specific value?
If it's the latter: that seems to be valid: RFC 1912 - Common DNS Operational and Configuration Errors
1 Like
https://mta-sts.xiaoyu.net/.well-known/mta-sts.txt
shows:
version: STSv1
mode: testing
mx: mx1.xiaoyu.net
mx: mx2.xiaoyu.net
mx: mx.xiaoyu.net
mx: us.xiaoyu.net
mx: *.xiaoyu.net
max_age: 86400
I'm not too familiar with that, thus my question.
That said, I do see how curl complains when trying to connect to that URL:
[even with latest Ubuntu curl]
curl https://mta-sts.xiaoyu.net/.well-known/mta-sts.txt
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
1 Like
I don't think that's the issue.
I can't even see that file.
https://mta-sts.xiaoyu.net/.well-known/mta-sts.txt is a timeout for me.
1 Like
maybe your ip block in my firewall system, need tell me and unblock it.
Too many ip attempts to hack my server every day
I only had the problem after using the x2 certificate.
i have check gmail have using *.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.