Empty Message-ID in SMTP Test email?
-
@GPz1100 hey that's cool, nice work! Nope I haven't changed anything, still Gmail-ing it directly.
But I'd like to try out your patch so I can relay it locally
-
@Gertjan said in Empty Message-ID in SMTP Test email?:
Rotated "3 1 1" TLSA records based upon actual, and upcoming, certificates would be better.
As mentioned above, right now I publish (the hashes) of all the 4 current LE signing certificates, so I don't need to do anything, as long as LE doesn't change its certs it uses to create mine. Every x years or so, I have to change them, as LE certs aren't eternal.
So, I check ones in a while with the LE support pages for upcoming big changes, and do what is needed when time arrives.I decided to go a similar route, but more so based on the actual LE cert generated. I have as part of my LE update script, to also create the new tlsa record based on the new cert. Until I figure out how to parse json content, the old tlsa record will remain. Periodically (once a year?), I'll log in to CF and delete the older records.
As I understand it, so long as there's at least one valid tlsa record, then it's all good?
-
@GPz1100 said in Empty Message-ID in SMTP Test email?:
As I understand it, so long as there's at least one valid tlsa record, then it's all good?
That's what I do, I publish the four (5 ?) "2.1.1" hashes that could be used by LE to sign my certificate. As long as one of them matches, the TLSA validation will work out : example :
