mail sni domain = 1 but then with test on x509 error on FQDN TEST European Commission

I

ikkeben

Verified User
Joined
May 22, 2014
Messages
1,557
Location
Netherlands Germany
Is important to have more info about this official test!
  • TEST European Commission
  • My Email Communications Security Assessment (MECSA)

x509 Certificate

FQDN error

mx record to mail.domain.com in dns
mailsni=1
Click to expand...
Did all rebuild rewrite and updates! latest DA exim, dovecot, custombuild gui . plugins and centos8
test to reproduce if you not use hostename in mx record but domainname here


My Email Communications Security Assessment (MECSA)

A tool that allows citizens to assess the security and privacy of their email providers
mecsa.jrc.ec.europa.eu
Click to expand...

My Email Communications Security Assessment (MECSA)

A tool that allows citizens to assess the security and privacy of their email providers
mecsa.jrc.ec.europa.eu

cONFIDENTIAL DELIVERY

orange.png
orange.png
orange.png
orange_empty.png
orange_empty.png
(3.0/5)​



Your e-mail provider provides you with a minimum level of confidentiality, using encryption when delivering and receiving messages. Although it cannot assure the identity of the parties with which interacts
Click to expand...

Letsencrypt on :
domain, mail.domain, www.domain

banner is:
Banner
220 b'myhostname.nl ESMTP Exim 4.94.2 Thu, 15 Jul 2021 12:57:21 +0200'
 
Last edited:
BUMP while can't find i doing something wrong here.

Important while this test is one governments in EU USE yes no spambox ..

If using server/ hostname itself in MX record then this is ok, but the main thing mailsni is to use domainname itself in MXrecord
So mx is mail.thedomain.nl and not hostname.nl

Is it because of the banner?
Banner
220 b'myhostname.nl ESMTP Exim 4.94.2 Thu, 15 Jul 2021 12:57:21 +0200'


For LE on hostname is used this https://help.directadmin.com/item.php?id=645

DID not put in there the mail.thedomain.nl but mail.hostname.nl the domain itself is not the same as uri in hostname.

HOWTO? While manual putting al domains in this script if needed is ??
The domains itself has al LE certs with mail.thedomain.nl in it no wildcart while external dns provider!

I want a multi-domain certificate for my hostname/mailserver using LetsEncrypt
Last Modified: Dec 21, 2016, 2:31 am​
Exim and Dovecot do support multi-IP ssl certificates, but their setup can be a little bit tricky to try and maintain.

With LetsEncrypt, we can setup multi-domain certificates for the hostname, and mail domains, all in one value, to make managing SSL for mail a little simpler.

To do this, we use the letsencrypt.sh script normally, but we manually create the ca.san_config file, loaded with the values we want to use.

With LetsEncrypt 1.0.4+, we can specify all values on the command line, like this:
cd /usr/local/directadmin/scripts
./letsencrypt.sh request `hostname`,mail.domain.com,smtp.domain.com,www.domain.com,domain.com 4096
 

Attachments

  • mailtest1.jpg
    mailtest1.jpg
    94.9 KB · Views: 104
  • mailtest2.jpg
    mailtest2.jpg
    158.8 KB · Views: 106
  • mailtest3.jpg
    mailtest3.jpg
    157.3 KB · Views: 111
Last edited:
Here example where i did put in MX record the hostname.

Same mailadress / domain only change mx record from mail.domain.nl to hostname. ( on hostname itself there is no dnssec , so this is why important here)

Then the X509 error is ofcourse gone.
 

Attachments

  • mailtest4.jpg
    mailtest4.jpg
    74.7 KB · Views: 103
Just out of curiosity, the major thing I see happening is the X509 getting an exclamation mark, rest is fine.
What is the big thing about X509? Because there is also SPF, DKIM, DMARC and StartTLS.

I was just wondering because I've had a look at the competition at cPanel and they are even doing worse, getting a 2.5/5.0 and have the same X509 exclamation mark.
So it seems DA is not the only panel and I'm wondering if it's even a panel thing and curious about why the x509 is so important.
 
You must log in or register to reply here.
Back
Top