Hacker News new | ask | show | jobs
by chrismorgan 2917 days ago
This doesn’t seem to be working properly. Domains that I try are saying “couldn’t connect”, e.g. https://starttls-everywhere.org/results/?fastmail.com
2 comments
marcbradshaw 2917 days ago
The starttls-everywhere IP connects, tries a bunch of commands which don't look at all like a regular mail connection. It cycles through a bunch of tls settings and never sends an email. In short, it got itself blocked by anti-spam measures.
link
mailr 2917 days ago
I think there is an error in their SPF configuration. "v=spf1 ip4:67.212.170.242 -all" But verification connections come from a different address.
link
chrismorgan 2917 days ago
I’m confused. This is nothing to do with SPF (it’s failing to connect in the first place), and what domain is that SPF record for anyway?
link
mailr 2917 days ago
dig txt starttls-everywhere.org ;; ANSWER SECTION: starttls-everywhere.org. 599 IN TXT "v=spf1 ip4:67.212.170.242 -all"

My server was dropping the connection after EHLO because they were connecting from a different IP address and specified -all in the SPF record. Maybe you are seeing a different issue.

link
jlgaddis 2917 days ago
Yeah, he is having a different issue.

He's entering "fastmail.com" into the form on the web site then the EFF's server is trying to connect to (at least one of) FastMail's MX hosts but is unable to establish a connection.

As OP said, what he is seeing has nothing to do with SPF.

(Side note: I'm a mail admin and I'm pretty strict, but even I don't drop anyone after HELO/EHLO. I'm not surprised you're having issues.)

link