James Cloos cloos at
Mon Jan 19 17:33:36 CET 2015

>>>>> "WB" == Wolfgang Breyha <wbreyha at> writes:

WB> The DANE validator
WB> says: "Unusable TLSA Records". Most likely because it is type 1 not allowed

There is little reason not to accept the distribution-provided /etc/ssl/certs
certificates when sending mail.

If you add those to your exim config then mail will send.

The postfix config string to do that is:

  smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

For exim it looks like the config is named:


If you set that to /etc/ssl/certs/ca-certificates.crt exim will verify
and accept tls for destinations like's mx servers.

James Cloos <cloos at>         OpenPGP: 0x997A9F17ED7DAEA6

More information about the dane-users mailing list