15 Jan
2015
15 Jan
'15
5:53 p.m.
Hey.
Am 15.01.2015 17:39, schrieb Frank fiene:
All well administrated mail system have reverse DNS configured, if that would be DNSSEC secured, perfect! So reverse DNS, then TLSA/DNSSEC plus Certificate validation and everything would be fine for both sides!
You can enable smtpd_tls_ask_ccert which will result in meaningful log entries for incoming connections. Authenticating senders is unfortunately a bit more complicated than looking at DNSSEC secured reverse DNS (you have to match the From-header from the actual mail to have any meaningful authentication, see DKIM).
felix