Hello, I've tried to setup DANE.
It works fine. Tested: date | exim -v [email protected] 2015-03-20 22:56:05 [15276] 1YZ4th-0003yO-AI <= [email protected] U=root P=local S=369 M8S=0 from <[email protected]> for [email protected] 2015-03-20 22:56:05 [15278] cwd=/var/spool/exim4 4 args: /usr/local/exim/bin/exim -v -Mc 1YZ4th-0003yO-AI 2015-03-20 22:56:08 [15278] 1YZ4th-0003yO-AI => [email protected] I=[84.19.194.10] F=<[email protected]> P=<[email protected]> R=dnslookup T=remote_smtp S=381 H=ssl.schlittermann.de [212.80.235.130]:25 X=TLSv1.2:DHE-RSA-AES256-SHA256:256 CV=dane DN="/description=D1kmXl5Dw4CO0vGH/C=DE/CN=ssl.schlittermann.de/[email protected]" C="250 OK id=1YZ4tk-0005Wv-Ej" QT=3s DT=3s 2015-03-20 22:56:08 [15278] 1YZ4th-0003yO-AI Completed QT=3s But, now I've setup "verify = recipient/callout", doesn't work anymore... I'm testing it using swaks: swaks -f [email protected] -t [email protected] --pipe 'exim -bhc 84.19.194.10' -q rcpt ... >>> SMTP>> QUIT >>> interface=NULL port=25 >>> 212.80.225.206 in hosts_require_dane? yes (matched "*") LOG: [15308] DANE error: TLSA lookup failed In my Bind querylog I see lookups for _-1._tcp.<mx>. @jgh: didn't we have some similiar problem already, when some part of the transport options black wasn't proper set up for callout verification? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
signature.asc
Description: Digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
