Re: [exim] Next Exim release

Página Inicial
Delete this message
Reply to this message
Autor: Viktor Dukhovni
Data:  
Para: exim-users
Assunto: Re: [exim] Next Exim release
On Wed, Dec 23, 2015 at 06:43:12PM +0000, Jeremy Harris wrote:

> > pain if it's not a private-CA. I need to work up a decent method
> > for generating a TA-mode TLSA for a random site using a public-CA.
>
> One hacking incident later:
>
> openssl s_client -connect <SERVER-HOST>:25 -starttls smtp -showcerts 2>/dev/null \
> | awk '/-----BEGIN CERTIFICATE-----/ { c=""; p=1 } /-----END CERTIFICATE-----/ {c = c $0 "\n"; p=0 } { if (p>0) c = c $0 "\n"; } END { print c }' \
> | openssl x509 -fingerprint -sha256 -noout \
> | awk -F= '{print $2}' \
> | tr -d : | tr '[A-F]' '[a-f]'


With the chaingen script I posted:

    $ domain=example.com
    $ host=$(dig +short -t mx "$domain" | sort -k1n | awk '{sub(/\.$/, "", $NF); print $NF; exit}')
    $ openssl s_client -connect "$host:25" -starttls smtp -showcerts 2>&1 | chaingen


-- 
    Viktor.