19 Jan
2015
19 Jan
'15
12:15 p.m.
Hi!
I'm testing the new exim 4.85 DANE support and it took only some days to get in trouble...
One of our users tried to send mail to the domain education.lu.
Their domain and MX hosts are DNSSEC enabled and have TLSA RRs.
The DANE validator https://dane.sys4.de/smtp/education.lu says: "Unusable TLSA Records". Most likely because it is type 1 not allowed for DANE-SMTP?
I've set hosts_try_dane = * in my SMTP transport.
Exim refuses to talk to those hosts at all with "failure while setting up TLS session". Is this expected behavior in terms of DANE-SMTP? What's postfix doing in this case?
Greetings, Wolfgang
--
Wolfgang Breyha wbreyha@gmx.net | http://www.blafasel.at/
Vienna University Computer Center | Austria