svn/view/CHANGES.md

## shot3

- stage 1 iprev - wait 3 seconds instead of the default 5 (udp) or 10 (tcp) seconds

## shot2

_second shot for Feb 2020_

- stage 1 iprev - better ip address splitting with ip??? instead of x?? x???? files
- stage 2 smtp gets done against ALL PTRs, not only IPREV hosts
- stage 2 smtp - timeout 1m+5s, yes that is slow bug some nasty mxen like to play that way and we wouldn't like to discard them (see Postfix Postscreen Howto)

The order is as follows

- stage 1 iprev - look for PTR vs IPREV resolving hosts
- stage 2 smtp - 

## shot1

_initial version, for Jan 2020_

The order was as follows

- mass seek of 25/tcp & raw split into x?? x???? (no uniq nor ip field)
- checkiprev - ptr/iprev check into separate .ptr files
- checksan - san check into .nossl .nocert .validcn .wrongcn
- checkvalid - verify check into .validcn.return
- (then came the problem of dealing with DANE/TLSA records, we needed to lookup true MX records to start with, hence the need for domains to start with)
- checkdomains - domains/ - deferencing domain names
- checkmx - domains/mx/ - got mx record?
- checkssl - domains/mx/dane/ - valid cert?  looking for 'Cipher is|Verify return code' against mx records
        * .ssl
        * .ssl.issuer
        * .ssl.cipher
- checkdane - valid dane?
        * .dane $NF notlsa // timeout // ...
        * .dane.results
        * .dane.weird
- checksmtp - starttls enforced?
        * stdout .starttls full session
        * stderr .starttls.enforce $NF connect-bad-dns // ...
- count.ksh - parsing results and producing stats
