On 12/05, Gilles Chehade wrote:
On Mon, May 11, 2015 at 10:43:23PM +0200, Johannes L??thberg wrote:There is one server which has a feature to automatically save domains to a whitelist to always force TLS on, though I don't remember which one. It seems like it could be nice to implement if it wouldn't be too hard.table validcrt file:/etc/mail/hosts-with-valid-certs accept for domain <validcrt> relay tls verify
That requires checking for them manually though, instead of having OpenSMTPD cache them itself.
That's cool, do you have it public somewhere? And do you know how much work it would be to support DNSSEC in libasr?Nope, it's nowhere public, it is a proof of concept I wrote last weekend to see how much effort would be required in OpenSMTPD to support it. The code relies on a hack because the lka.c code needs a huge refactor if we want it to fit in. I have started working on it, but right now the focus is on the upcoming major release.
Ah, I see. So, do you think it would require a lot of effort to support it properly? No rush of course, I'm just interested.
As for DNSSEC support in libasr, I have not had a very deep look into it so from a quick sight I'd say it's not that much work, I could be wrong.
Cool, thonks. -- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/
signature.asc
Description: PGP signature
