@Texan123 En rekommendation: Uppdatera din SPF med "include:bredband.net" (eller "?include:bredband.net") istället för att specificera många IP-nät. Du slipper då hålla koll på SPF-informationen hos bredband.net och manuellt uppdatera din SPF-record. (Just nu saknar du t.ex. dessa två: "ip4:195.54.99.192/27 ip4:213.150.131.0/27".)
Jag lyckas inte alls ansluta till submission-porten 587 just nu.
root@mail:~ # telnet smtp.bredband.net 587
Trying 91.136.8.208...
Connected to smtp.bredband.net.
Escape character is '^]'.
Connection closed by foreign host.
root@mail:~ # openssl s_client -starttls smtp -connect smtp.bredband.net:587
CONNECTED(00000003)
didn't found starttls in server response, try anyway...
write:errno=32
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1525856164
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
Port 465 med implicit SSL fungerar hur som helst fortfarande.
root@mail:~ # openssl s_client -connect smtp.bredband.net:465
CONNECTED(00000003)
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2
verify return:1
depth=0 C = SE, ST = Stockholms lan, L = Stockholm, OU = Internet, O = Telenor Sverige AB, CN = *.bredband.net
verify return:1
---
Certificate chain
0 s:/C=SE/ST=Stockholms lan/L=Stockholm/OU=Internet/O=Telenor Sverige AB/CN=*.bredband.net
i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIMYp+OBECJTMM2RsB8MA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcwNjE2MDcyMTAyWhcNMjAwNjE2MDcyMTAyWjCBgzELMAkGA1UEBhMC
U0UxFzAVBgNVBAgTDlN0b2NraG9sbXMgbGFuMRIwEAYDVQQHEwlTdG9ja2hvbG0x
ETAPBgNVBAsTCEludGVybmV0MRswGQYDVQQKExJUZWxlbm9yIFN2ZXJpZ2UgQUIx
FzAVBgNVBAMMDiouYnJlZGJhbmQubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAsAY7rFwV0H9gChoCtCzDs1BXZRJXAxtr1RyBoWHilAo6HEX1jF3A
VrUv6QzFrKyeAU+QOgh8dNgkuLxfjse0oHH62iFk8eqtvSFlQQ1kqnRMk2G4xfl9
QGj90eQ28YPH+0+aUiaMhihFpPKO+CaKIOXl/NEHyaWOk0YW0gYWYWt8OHWRpShS
wIixnQn7hqU/nYfitp2/beljQqE29XHE1sA7ozntYl2k6BU4uuObNNC2x7/i8ixo
A4zhZoEIbQD697EKDEnGGXcic8kKy42VJaBuTiFzG6eZnWWbs+vwOX/wKsoZ396s
fvIvY5ZT8dxD+IpVcyreqqeQmUw9GP6qEQIDAQABo4IB7TCCAekwDgYDVR0PAQH/
BAQDAgWgMIGgBggrBgEFBQcBAQSBkzCBkDBNBggrBgEFBQcwAoZBaHR0cDovL3Nl
Y3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3Nvcmdhbml6YXRpb252YWxzaGEy
ZzJyMS5jcnQwPwYIKwYBBQUHMAGGM2h0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNv
bS9nc29yZ2FuaXphdGlvbnZhbHNoYTJnMjBWBgNVHSAETzBNMEEGCSsGAQQBoDIB
FDA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBv
c2l0b3J5LzAIBgZngQwBAgIwCQYDVR0TBAIwADBJBgNVHR8EQjBAMD6gPKA6hjho
dHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2dzL2dzb3JnYW5pemF0aW9udmFsc2hh
MmcyLmNybDAnBgNVHREEIDAegg4qLmJyZWRiYW5kLm5ldIIMYnJlZGJhbmQubmV0
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUjCQH7wsa
6JfHiXf8TDoafW59EzkwHwYDVR0jBBgwFoAUlt5h8b0cFilTHMDMfTuDAEDmGnww
DQYJKoZIhvcNAQELBQADggEBAI4yeJrc+J3rLAgqvaufZEn5iexneCKqgvRshxBK
nyyA+yxr2dy0bBjh0ePrDi7mN6PEbzT6JfRqP42Za53zjY3HvMbqm3+kGr97hr+e
Agkrb+t4qjYux/+CaywNql4UpR6GzwJnu8xrvLPSo73vILFv4CxMiRYTg24xke8I
93oMcRGMSpI7Fs6zfUPL+CG7iMU6y0AzrpwcyPcRUVetR9jYHnFK4V5xcNsgrqV6
0k97L+W87M2CpW113hgxr9fRfaJnKqz66E5NM6+EJihd8RC6izOCynO/ZKO51G2n
hBjD2ixBI0sd8gsKjJtcDRvHumXvk+xkxSnQUKpgShbfLRs=
-----END CERTIFICATE-----
subject=/C=SE/ST=Stockholms lan/L=Stockholm/OU=Internet/O=Telenor Sverige AB/CN=*.bredband.net
issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3020 bytes and written 433 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 73361CD957CAA18D7A9F449BDFB269B63A5EA268ADAC329C01AA078AEF82F904
Session-ID-ctx:
Master-Key: 3C3C102560C6AC95DBE54A2249AA94971657262CA1A570B7EB7F8C09B065716673C3FFED975AAC7EF3AB50BDCD45DA41
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1525855866
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
220 mail36c50.megamailservers.eu ESMTP Sendmail 8.14.9/8.13.1; Wed, 9 May 2018 08:51:06 +0000
EHLO test
250-mail36c50.megamailservers.eu Hello c-XXX.XXXX.cust.bredbandsbolaget.se [X.X.X.X], pleased to meet you
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-SIZE 52428800
250-DSN
250-AUTH LOGIN
250-STARTTLS
250-DELIVERBY
250 HELP
quit
221 2.0.0 mail36c50.megamailservers.eu closing connection
read:errno=0
Speldator: Fractal Design Meshify C, Core i7-8700k @ 5,0 GHz (AVX -3) luftkyld med Cryorig R1 Universal, Asrock Z370 Fatal1ty Professional Gaming i7, 64 GB Corsair Dominator Platinum @ 3466 MHz CL16 (XMP), ASUS ROG Strix GeForce GTX 1080 Ti Gaming, Win10 Pro, Acer XB271HU (gamla bilder med GTX 970)
i7-8700k 5.0 GHz OC: CPU 50x, Vcore 1,310V, LLC 2 (1=max, 5=min), BCLK 100.0, AVX offset -3, Cache 45x
Server: Xeon E3-1226v3 3,3 GHz, 32 GB ECC DDR3, VMware ESXi 6, 10 Gbps fiber