>> The validator [1] says TLSA is ok, so is this even be a DNS issue? If I >> have to guess, Postfix encounters the following situation: >> >> >> When TLSA records are found, but are all unusable the effective security >> level is "encrypt" >> >> The documentation does not state that self-signed certificates are >> invalid with the "encrypt" security level, they are with "verify". >> >> [1] https://dane.sys4.de/smtp/wrong.havedane.net >> > I am not sure what you are saying.
As Viktor pointed out, it does not matter what I'm saying. I seem to have misinterpreted the Postfix documentation.
