felix at tribut.de
Thu Jan 15 17:53:06 CET 2015
Am 15.01.2015 17:39, schrieb Frank fiene:
> All well administrated mail system have reverse DNS configured, if
> that would be DNSSEC secured, perfect!
> So reverse DNS, then TLSA/DNSSEC plus Certificate validation and
> everything would be fine for both sides!
You can enable smtpd_tls_ask_ccert which will result in meaningful log
entries for incoming connections.
Authenticating senders is unfortunately a bit more complicated than
looking at DNSSEC secured reverse DNS (you have to match the From-header
from the actual mail to have any meaningful authentication, see DKIM).
More information about the dane-users