Hi Victor Thanks for your answer. There is no possibility to proof if dane is working correctly for incoming mails except I have access to the server logfiles from the sending server?
Nicola > Am 25.04.2017 um 04:52 schrieb Viktor Dukhovni <[email protected]>: > > >> On Apr 24, 2017, at 9:23 PM, Nicola Tiling <[email protected]> wrote: >> >> >> The log shows only „CV=dane“ for >> outgoing mails: >> >> <= [email protected] … P=esmtpsa X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 >> CV=no … from <[email protected]> for [email protected] >> … => [email protected] F=<[email protected]> P=<[email protected]> >> R=dnslookup T=remote_smtp S=4354 H=mx1.mailbox.org DS [80.241.60.212]:25 >> I=[98.76.54.32]:42738 X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=dane >> DN="/OU=Domain Validated Only/CN=*.mailbox.org" C="250 2.0.0 from >> MTA(smtp:[80.241.60.212]:10025): 250 2.0.0 Ok: queued as 84E9145C4F" QT=3s >> DT=2s >> >> >> << Incoming mails from mailbox.org have only "CV=no“ > > This is exactly as it should be. DANE authentication is asymmetric, > the client uses DANE to authenticate the server, but the server is > completely unaware of this. Either way the client performs a TLS > handshake after STARTTLS and sends a message. > > Client's don't (yet) have DANE TLSA records for the server to check. > The spec for this took to long to create, and the DANE WG was closed > in the meantime. So there may not ever be such a spec. Or it might > get done once broad server adoption shows a more compelling case for > doing something in the converse direction. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
