On 19/01/15 12:26, Felix Eckhofer wrote:
Hey.
Am 19.01.2015 12:15, schrieb Wolfgang Breyha:
One of our users tried to send mail to the domain education.lu. [...] Exim refuses to talk to those hosts at all with "failure while setting up TLS session". Is this expected behavior in terms of DANE-SMTP? What's postfix doing in this case?
Postfix (2.11.2) seems to be able to talk to education.lu just fine:
Postfix doesn't honor 3.1.3 of the latest DANE-SMTP draft then?
"...SMTP client treatment of TLSA RRs with certificate usages PKIX-TA(0)
or PKIX-EE(1) is undefined. SMTP clients should generally treat such
TLSA records as unusable."
Greetings, Wolfgang
--
Wolfgang Breyha