Hello,
I recently did a misconfiguration of an internal mail server for a test
system and as a result broke the TLSA record. Postfix still delivered
mail to the system now with Trusted instead of Verified (BTW I find
these two outputs texts misleading, each time I check the logs I look
for a reference server to know which of the two is which, couldn't you
find something more explicit?). That was a really unexpected behavior
for me so I looked in the documentation for "smtp_tls_security_level =
dane" in https://www.postfix.org/TLS_README.html#client_tls_dane and
really there it says "If TLSA records are published for a given remote
SMTP server (implying TLS support), but are all "unusable" due to
unsupported parameters or malformed data, the Postfix SMTP client will
use mandatory unauthenticated TLS."
Now I understand the rationale behind this. You want to prevent mail
breaking because of too many bad configurations, but in this case I
think a more strict DANE setting is missing:
* I agree that at the moment it can be a good idea not to enforce DANE
for "unsupported parameters" or "malformed data" (even though I think
there should be a way to make this an error).
* But I would expect that DANE is enforced when data is well-formed and
with supported parameters but simply wrong, like in my case old.
Would it be possible to add a "dane-strict" setting which enforces
correct DANE always, when there are TLSA records or at least acceptable
but not matching TLSA records (I assume changing "dane" option is out of
the question)?
For Freedom In Peace
--
http://www.dstoecker.eu/ (PGP key available)
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
