Wolfgang Breyha wbreyha at
Mon Jan 19 12:49:27 CET 2015

On 19/01/15 12:26, Felix Eckhofer wrote:
> Hey.
> Am 19.01.2015 12:15, schrieb Wolfgang Breyha:
>> One of our users tried to send mail to the domain
>> [...]
>> Exim refuses to talk to those hosts at all with "failure while setting up
>> TLS session". Is this expected behavior in terms of DANE-SMTP? What's
>> postfix doing in this case?
> Postfix (2.11.2) seems to be able to talk to just fine:

Postfix doesn't honor 3.1.3 of the latest DANE-SMTP draft then?

"...SMTP client treatment of TLSA RRs with certificate usages PKIX-TA(0)
   or PKIX-EE(1) is undefined.  SMTP clients should generally treat such
   TLSA records as unusable."

Greetings, Wolfgang
Wolfgang Breyha <wbreyha at> |
Vienna University Computer Center | Austria

More information about the dane-users mailing list