Overview of outbound DANE for SMTP support

Knubben, B.S.J. (Bart) - Forum Standaardisatie bart.knubben at forumstandaardisatie.nl
Tue Jul 17 22:20:58 CEST 2018


We made the following overview of products/services with outbound DANE support (i.e. DANE verification). Any remarks/additions are welcome.

I. Supported:

- Postfix (since version 2.11.0, January 2014): http://www.postfix.org/TLS_README.html#client_tls_dane 
- Halon (since version 3.4-r2, November 2015): https://halon.io/dane and https://wiki.halon.io/DANE 
- OpenSSL (since version 1.1.0, August 2016): https://www.openssl.org/docs/manmaster/man3/SSL_CTX_dane_enable.html and https://www.openssl.org/docs/manmaster/man1/openssl-s_client.html 
- Cloudmark (since version 5.2, March 2017): https://blog.cloudmark.com/2017/03/27/dane-and-email-security/ 
- Exim (since version 4.91, April 2018): https://www.exim.org/exim-html-current/doc/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html 
- Mail-in-a-Box (uses Postfix): https://github.com/mail-in-a-box/mailinabox/blob/master/security.md 
- ldns (uses OpenSSL): https://www.nlnetlabs.nl/documentation/ldns/dane_8h.html 

II. Requested:

- Cisco: Bug ID: CSCuo87918 - [ Feature Request] TLS DANE Support for Email Security Appliance, https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuo87918/  
- MS O365: https://office365.uservoice.com/forums/273493-office-365-admin/suggestions/13415532-dnssec-support-in-office-365/ and https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/32360299-dnssec-support-in-office-365 
- Fortinet: https://fortinet.uservoice.com/forums/23797-fortipartner-feature-requests/suggestions/7029885-fortimail-dnssec-support 
- Protonmail: https://protonmail.uservoice.com/forums/284483-feedback/suggestions/34338826-implement-dane-for-added-security-and-privacy  and  https://protonmail.uservoice.com/forums/284483-feedback/suggestions/16593601-support-dane 

BTW a simple outbound DANE test can be found on https://havedane.net. 

Best regards,

Bart Knubben
Dutch Standardisation Forum

Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.

More information about the dane-users mailing list