Postfix-Frage
Patrick Ben Koetter
p at sys4.de
Thu Jan 15 13:06:03 CET 2015
* Frank Fiene <ffiene at veka.com>:
> Something else:
>
> Beside my own actually not working DANE configuration,
>
> if i setup Postfix with
>
> smtpd_use_tls = yes
> smtp_tls_security_level = dane
> smtp_dns_support_level = dnssec
>
> i should see „Verified“ and „Untrusted“ TLS connections, right?
Is your DNS resolver DNSSEC capable?
Try this to test and watch out for the 'ad' flag:
p:~$ dig +dnssec dane.sys4.de
; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> +dnssec dane.sys4.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37718
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 3
^^ This means sys4.de is an (DNSSEC) authenticated domain
If you don't see this, Postfix won't be able to DANE identify destinations.
p at rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the dane-users
mailing list