Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • TPA team TPA team
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 174
    • Issues 174
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • TPA
  • TPA teamTPA team
  • Issues
  • #40202
Closed
Open
Created Mar 29, 2021 by anarcat@anarcatOwner1 of 4 tasks completed1/4 tasks

can't send email to state.gov

writing to USER@state.gov gives us this error:

<REDACTED@state.gov>: TLSA lookup error for christopher-ew.state.gov:25

it's actually from multiple endpoints, my home server and riseup also see this, so this is actually an error with state.gov, i would argue... still worth taking a look.

/cc @gaba

battle plan:

  • confirm with state.gov folks that emails are failing because they check the eugeni TLS cert state.gov is unwilling to provide more information, but we'll just go with that assertion, as it seems fair that our MX should provide publicly verifiable certificates in the standard CA infrastructure (on top of DNSSEC checks)
  • if so, establish a plan to rebuild a MX with "real" TLS certificates, which is now documented in the roadmap
  • bypass DNSSEC checks for state.gov so we can send mail there
  • bring up their misconfiguration on DNSSEC forums (optional)
Edited May 18, 2021 by anarcat
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking