Hey all (with my Debian Developer hat on), I have created an Ubuntu PPA repository with Postfix 2.11-development snapshot with DANE support in case you are running Ubuntu and you are too lazy to compile from the source:
https://launchpad.net/~ondrej/+archive/postfix+dane I'll probably do the same for Debian in near future, but I don't have a sensible infrastructure at this moment (since Debian doesn't have something similar to PPA yet). And if you are even lazier and don't want to read the docs, just drop: smtp_dns_support_level = dnssec smtp_tls_security_level = dane smtp_tls_loglevel = 1 to your main.cf and restart postfix. Then the log would should this: Aug 2 10:35:49 jedi postfix/smtp[24161]: Verified TLS connection established to mail.nic.cz[217.31.204.67]:25: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Aug 2 10:38:06 jedi postfix/smtp[24161]: Verified TLS connection established to mailly.debian.org[2001:41b8:202:deb:6564:a62:52c3:4b72]:25: TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits) for DANE verified TLS. or this: Aug 2 10:46:54 jedi postfix/smtp[24300]: Untrusted TLS connection established to aspmx.l.google.com[2a00:1450:4001:c02::1b]:25: TLSv1.2 with cipher ECDHE-RSA-RC4-SHA (128/128 bits) for no TLSA. Ondrej -- Ondřej Surý -- Chief Science Officer ------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Americka 23, 120 00 Praha 2, Czech Republic mailto:[email protected] http://nic.cz/ tel:+420.222745110 fax:+420.222745112 -------------------------------------------
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
