ANN: DANE testing (sink at

Benny Pedersen me at
Thu Apr 9 01:14:19 CEST 2015

Patrick Ben Koetter skrev den 2015-04-08 19:57:
> If you need a DNSSEC-enabled destination to test your DANE setup, send 
> a
> message to sink at It will accept your message and discard 
> it.


> Check your log for a line "to". If it reads "Verified TLS
> connection" (Postfix) your DANE setup works properly.


where here is the dane test domain, much more simple test

if postfix already is configured as a dane client

> Here's a log example:
> Apr  8 19:52:31 mail postfix/smtp[28741]: Verified TLS connection
> established to[2001:1578:400:111::3:1]:25: TLSv1.2 with
> cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)


dnssec-enable yes;
dnssec-validation auto;
dnssec-lookaside auto;
smtp_dns_support_level = dnssec
smtp_tls_security_level = dane

from then on just use posttls-finger without any options


More information about the dane-users mailing list