19 Jan
2015
19 Jan
'15
5:33 p.m.
"WB" == Wolfgang Breyha wbreyha@gmx.net writes:
WB> The DANE validator WB> https://dane.sys4.de/smtp/education.lu WB> says: "Unusable TLSA Records". Most likely because it is type 1 not allowed WB> for DANE-SMTP?
There is little reason not to accept the distribution-provided /etc/ssl/certs certificates when sending mail.
If you add those to your exim config then mail will send.
The postfix config string to do that is:
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
For exim it looks like the config is named:
tls_verify_certificates
If you set that to /etc/ssl/certs/ca-certificates.crt exim will verify and accept tls for destinations like education.lu's mx servers.
-JimC
--
James Cloos cloos@jhcloos.com OpenPGP: 0x997A9F17ED7DAEA6