From helst_listen at aol.de Wed Nov 21 18:27:31 2018 From: helst_listen at aol.de (Stefan Helmert) Date: Wed, 21 Nov 2018 18:27:31 +0100 Subject: automatically manage Certificates, TLSA, DKIM Message-ID: <7c949143-2500-5fbc-2824-498f7c24f4f7@aol.de> Hello, currently I am working on a project enabling interleaved renew of certificates, updating TLSA and DKIM records and reload of services: main project????? - https://github.com/TheTesla/cryptdomainmgr pypi package????? - https://github.com/TheTesla/cryptdomainmgrpypi on pypi???? ? ??? - https://pypi.org/project/cryptdomainmgr/ test vm??? ? ???? - https://github.com/TheTesla/cdm-test-vm There are dependencies: interface to dns? - https://github.com/TheTesla/dnsuptools pypi package????? - https://github.com/TheTesla/dnsuptoolspypi on pypi???????? ? - https://pypi.org/project/dnsuptools/ dehydrated??????? - https://github.com/lukas2511/dehydrated -> included in cryptdomainmgr logging (package) - https://github.com/TheTesla/simpleloggerplus on pypi?????????? - https://pypi.org/project/simpleloggerplus/ I also created a demo application using it: mailserver w. crm - https://github.com/TheTesla/ansible-tine (sorry, exchange autodiscover is not implemented yet) Feel free to clone, fork, test, use, watch, star and contribute on github Best regards Stefan Helmert From ms at sys4.de Wed Nov 21 20:49:05 2018 From: ms at sys4.de (Michael Schwartzkopff) Date: Wed, 21 Nov 2018 20:49:05 +0100 Subject: automatically manage Certificates, TLSA, DKIM In-Reply-To: <7c949143-2500-5fbc-2824-498f7c24f4f7@aol.de> References: <7c949143-2500-5fbc-2824-498f7c24f4f7@aol.de> Message-ID: <621b253e-0d71-3d24-8058-4375644c8028@sys4.de> Am 21.11.18 um 18:27 schrieb Stefan Helmert: > Hello, > > currently I am working on a project enabling interleaved renew of certificates, updating TLSA and DKIM records and reload of services: > > main project????? - https://github.com/TheTesla/cryptdomainmgr > pypi package????? - https://github.com/TheTesla/cryptdomainmgrpypi > on pypi???? ? ??? - https://pypi.org/project/cryptdomainmgr/ > test vm??? ? ???? - https://github.com/TheTesla/cdm-test-vm > > There are dependencies: > > interface to dns? - https://github.com/TheTesla/dnsuptools > pypi package????? - https://github.com/TheTesla/dnsuptoolspypi > on pypi???????? ? - https://pypi.org/project/dnsuptools/ > dehydrated??????? - https://github.com/lukas2511/dehydrated > -> included in cryptdomainmgr > logging (package) - https://github.com/TheTesla/simpleloggerplus > on pypi?????????? - https://pypi.org/project/simpleloggerplus/ > > I also created a demo application using it: > > mailserver w. crm - https://github.com/TheTesla/ansible-tine > (sorry, exchange autodiscover is not implemented yet) > > Feel free to clone, fork, test, use, watch, star and contribute on github > > > Best regards > > Stefan Helmert Hi, before reinvent the wheel: https://github.com/lukas2511/dehydrated together with any resonable config management system like puppet, salt, or ansible. Mit freundlichen Gr??en, -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schlei?heimer Stra?e 26/MG,80333 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief Aufsichtsratsvorsitzender: Florian Kirstein -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 213 bytes Desc: OpenPGP digital signature URL: From ietf-dane at dukhovni.org Sun Nov 25 06:51:43 2018 From: ietf-dane at dukhovni.org (Viktor Dukhovni) Date: Sun, 25 Nov 2018 00:51:43 -0500 Subject: DANE SMTP adoption milestone (one.com enables DANE SMTP for ~400k domains) Message-ID: <4DCD725F-1D89-40D5-AB09-247060A73F79@dukhovni.org> Perhaps old news to some/many of you who got the news earlier via Twitter: https://twitter.com/VDukhovni/status/1066050163356127232 but for anyone who missed it, yesterday saw an ~120% jump in the number/fraction of DNSSEC signed domains that have DANE TLSA records for their MX hosts: http://stats.dnssec-tools.org/#graphs As of today, ~739 thousand or ~8.4% out of the ~8.76 million domains covered in my DANE/DNSSEC survey have DANE TLSA records for all their MX primary hosts. Indeed all but ~1900 have DANE TLSA records for all their MX hosts, primary or otherwise. This is a result of DNSSEC and DANE TLSA deployment at one.com, where ~400k DNSSEC-signed customer domains that are MX-hosted by one.com now have MX hosts with signed TLSA records. Thanks and congratulations to one.com for helping to move DANE adoption to this new level. I hope that more providers will do likewise soon, and that DANE will before too long become the norm for DNSSEC-signed domains. -- Viktor. -- Viktor. From bart.knubben at forumstandaardisatie.nl Tue Nov 27 17:03:54 2018 From: bart.knubben at forumstandaardisatie.nl (Knubben, B.S.J. (Bart) - Forum Standaardisatie) Date: Tue, 27 Nov 2018 16:03:54 +0000 Subject: Overview of outbound DANE for SMTP support In-Reply-To: <360d1eb0ae254e25ae5e79f499186ad6@SV1601472.frd.shsdir.nl> References: <20180820200129.GL28851@straasha.imrryr.org> <360d1eb0ae254e25ae5e79f499186ad6@SV1601472.frd.shsdir.nl> Message-ID: <9be9de5e1e114f50be6403972416af98@SV1601472.frd.shsdir.nl> Cisco added support for outbound DANE verification to their Email Security Appliance (AsyncOS v12.0): * https://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa12-0/ESA_12-0_Release_Notes.pdf * https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_011000.html#id_85605 > > Are you keeping this list on a website somewhere? I put the list with software that supports DANE verification and some other pointers to DANE materials/resources on https://github.com/baknu/DANE-for-SMTP/wiki Feel free to reuse. Suggestions/remarks are welcome. -- Best regards, Bart Knubben Dutch Standardisation Forum https://www.forumstandaardisatie.nl/content/english Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.