But is there any reason that prevents google to use DNSSEC other than the
arrogance of power? Imho it is obvious that mta-sts is only useful for big
players that prefer to ignore destinations not in their cache. For the rest of
us, mta-sts is inferior to smtp-dane.
Joachim
-----Ursprüngliche Nachricht-----
Von: Viktor Dukhovni via Postfix-users <postfix-users@postfix.org>
Gesendet: Freitag, 8. März 2024 22:44
An: postfix-users@postfix.org
Betreff: [pfx] Re: mta-sts and smtp_tls_security_level
On Fri, Mar 08, 2024 at 10:01:29PM +0100, Joachim Lindenberg via Postfix-users
wrote:
> Imho you get pretty close to mta-sts if you use verify together with a
> DNSSEC-validating resolver. You just validate the "authorized" MTAs by
> different means.
Yes, but google.com and yahoo.com (the domains mentioned by the OP), are not
presently DNSSEC-signed. :-(
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an
email to postfix-users-le...@postfix.org
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
