Dan Mahoney wrote
>> Here's an SMTP DANE validator that I use when I make changes to my server.
>> https://dane.sys4.de/
>>
>> I'm not sure if it is just what you're looking for, though.
>
> No, I am looking for a server to which I can send mail to make sure DANE is
> being looked up and used
On Mon, Jan 03, 2022 at 09:47:44AM -0800, Dan Mahoney wrote:
> Also...the server I'm sending to has a legit signed cert that matches
> its hostname, so the message I get is:
>
> Trusted TLS connection established to prime.gushi.org[149.20.68.142]:25:
> TLSv1.2 with cipher ECDHE-RSA-AES256-G
On 2022-01-03 23:02, Dan Mahoney wrote:
On Jan 3, 2022, at 1:46 PM, Mike wrote:
On 1/3/2022 2:38 PM, Dan Mahoney (Gushi) wrote:
[snip]
One more question: Does anyone know of a "reflector" like service
that one
can use to test DANE validation, i.e. a site that one is allowed to
send
test me
> On Jan 3, 2022, at 1:46 PM, Mike wrote:
>
> On 1/3/2022 2:38 PM, Dan Mahoney (Gushi) wrote:
>> [snip]
>>
>> One more question: Does anyone know of a "reflector" like service that one
>> can use to test DANE validation, i.e. a site that one is allowed to send
>> test messages to, that *onl
On 1/3/2022 2:38 PM, Dan Mahoney (Gushi) wrote:
>[snip]
>
> One more question: Does anyone know of a "reflector" like service that one
> can use to test DANE validation, i.e. a site that one is allowed to send
> test messages to, that *only* has DANE as the trust mech (so, say, a
> self-signed
On Mon, 3 Jan 2022, Dan Mahoney wrote:
This is a problem when your local resolver is slaving the root zone, as a standard root
zone "type slave" will hand . NS out with the AA bit set, but will not set the
AD bit.
There's a feature in more recent versions of BIND (mirror zones) that may fix
Dan Mahoney:
> > If you enable DNSSEC lookups, Postfix will log a warning when the root
> > zone appears unsigned. See:
> >
> >http://www.postfix.org/postconf.5.html#dnssec_probe
> >
> >This feature is available in Postfix 3.6 and later. It was
> >backported to Postfix versions 3.5.9
> On Jan 3, 2022, at 6:22 AM, Viktor Dukhovni
> wrote:
>
> On Mon, Jan 03, 2022 at 05:49:05AM -0800, Dan Mahoney (Gushi) wrote:
>
>> We run validating resolvers at the day job, but by default not on the box
>> where postfix runs. (I.e. we rely on the AD bit).
>
> "Relying in the AD bit" i
On Mon, Jan 03, 2022 at 05:49:05AM -0800, Dan Mahoney (Gushi) wrote:
> We run validating resolvers at the day job, but by default not on the box
> where postfix runs. (I.e. we rely on the AD bit).
"Relying in the AD bit" is independent of whether the validating
resolver is local or remote. How
Hey there,
We run validating resolvers at the day job, but by default not on the box
where postfix runs. (I.e. we rely on the AD bit).
In reading over what's required to enable DANE support in postfix, I see
that there's a compile-time requirement for the DNS lib in the OS to
support it, wh
10 matches
Mail list logo