15 Jan
2015
15 Jan
'15
1:06 p.m.
* Frank Fiene ffiene@veka.com:
Something else:
Beside my own actually not working DANE configuration,
if i setup Postfix with
smtpd_use_tls = yes smtp_tls_security_level = dane smtp_dns_support_level = dnssec
i should see „Verified“ and „Untrusted“ TLS connections, right?
Is your DNS resolver DNSSEC capable?
Try this to test and watch out for the 'ad' flag:
p:~$ dig +dnssec dane.sys4.de
; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> +dnssec dane.sys4.de ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37718 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 3
^^ This means sys4.de is an (DNSSEC) authenticated domain
If you don't see this, Postfix won't be able to DANE identify destinations.
p@rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein