Felix Eckhofer felix at
Thu Jan 15 17:53:06 CET 2015


Am 15.01.2015 17:39, schrieb Frank fiene:
> All well administrated mail system have reverse DNS configured, if
> that would be DNSSEC secured, perfect!
> So reverse DNS, then TLSA/DNSSEC plus Certificate validation and
> everything would be fine for both sides!

You can enable smtpd_tls_ask_ccert which will result in meaningful log 
entries for incoming connections.
Authenticating senders is unfortunately a bit more complicated than 
looking at DNSSEC secured reverse DNS (you have to match the From-header 
from the actual mail to have any meaningful authentication, see DKIM).


More information about the dane-users mailing list